Piyi Zu

@harlan4096 @Berny @nexon I am now FULLY SURE that Microsoft Defender platform update (KB4052623 version 4.18.24010.12) released in February is the cause of the bsod problem. I reproduced the bsod by the following steps: 1. Reset Windows (deleting all files) 2. Turn Boot-Start Driver Initialisation policy on and set the policy to allow "only good" drivers to be initialised. 3. Restart Windows: nothing happened. 4. Install Kaspersky Free 21.3. Restart Windows: nothing happened. 5. Restart Windows again: nothing happened. 6. Download the update from Windows Update Catalog website (see the picture), install it and restart Windows: BSOD appeared with code Inaccessible_Boot_Device. PS: There was nothing in C:\Windows\System32\drivers\wd before installing the platform update. But after installation, the four .sys files I showed in the last post appeared (see the picture). There are only two ways to solve this bsod: 1. Do not change the Boot-Start Driver Initialisation Policy ( leave it unconfigured). Or downgrade this policy from "only good" to "good and unknown". 2. Do not install the Microsoft Defender platform update (KB4052623 version 4.18.24010.12). Thank you all for focusing on this uncommon problem. Contacting Microsoft is beyond my time. I hope the reproduction of the bsod would do some help if you want to further invesigate the problem.

@Berny Nothing on bluescreenview and no failed boot was recorded in the event viewer as if the computer never started then. @harlan4096 Updating to 21.16 didn't work. The bluescreen came as expected. I tried to change the pagefile size and dumpfile options, but no dump file was generated. However, I have some findings. I found that if I replaced all .sys files in C:\Windows\System32\drivers\wd with older versions in C:\Windows\System32\drivers\, the system would boot with ELAM "only good" drivers initialised and Kaspersky Standard 21.16 started. These .sys files are WdBoot.sys, WdDevFlt.sys, WdFilter.sys and WdNisDrv.sys. What's more, the boot log said successful boots all didn't load these drivers: \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\bindflt.sys \SystemRoot\System32\drivers\wd\WdFilter.sys One failed boot happened to have a single line of boot log in ntbtlog.txt which said only \SystemRoot\System32\drivers\MSKSSRV.sys was loaded. To replace the drivers was not a solution bacause the system would update those files automatically and even those not updated, the system failed to boot after a second restart. I thought the bsod would be related to a Microsoft Defender platform update on 28 Feb. (KB4052623 version 4.18.24010.12). This update seemed to change the four .sys files in ...drivers\wd folder and after that update I did not restart my computer until Sunday(3 Mar.) --- the day the bsod occured. There was no way to remove this update. I wonder if Kasperaky's drivers started earlier than Windows Defender drivers. I also wonder if Windows Defender blocked Kaspersky. These are all I can do for this problem. I will reinstall my OS soon for it now runs very slowly and becomes messy. @nexon The cause of the problem is still a mystery: unpopular configurations of ELAM, sudden bsod with no dump files, bad design of Windows making details of boot hard to get. But I think Microsoft Defender's silent update was to blame.

I tried to figure out why. But I found nothing in the "Event Viewer", "Security and Maintenance" and minidump folder. I checked the digital signatures for every driver before installing. The driver installation packages were scanned by Microsoft Defender before KIS was installed. All drivers, including the firmware are up-to-date. I thought it were a hardware problem, but that couldn't explain why I can still start Windows after shutting down ELAM. I thought it were caused by corrupted system file, but after executing dism /online /cleanup-image /scanhealth dism /online /cleanup-image /restorehealth sfc /scannow no integrity variation was found. I thought it were caused by virus, but I ran a quick scan just before the failed reboot. Those are what I did and saw before updating KIS. ELAM stage is a very early boot stage. It's like when a baby having just learnt to say mummy. To debug the OS may find the cause, but it's beyond my time, energy and ability. If the bsod were caused by KIS, the most possible "solution" would still be to update it. If it were caused by some damn driver, then updating KIS would have no help.

Thanks. I'll contact the tech support if updating KIS to Kaspersky Standard cannot solve the problem. I just updated KIS to Kaspersky Standard 21.16 by directly running the online installer from My Kaspersky, but unfortunately my key has reached its activation limit... I am waiting for the reply from the tech support. That's OK. 21.3 is too old. Maybe the problem was caused by incompatibility. However, there're still some regions in the world where the newest easy-to-get version is 21.3. This problem happened too suddenly, with no sign and little information on "google"s, so I posted it here to share my workaround and to see if anyone has a solution.

My computer is running Windows 11 23H2 22631.3155 Professional (x64) and has Kaspersky Internet Security 21.3.10.391 (patch k) installed. After a quick scan of kaspersky, I restarted my computer but failed with a bluescreen. It said the OS ran into some problem and the error code was INACCESSIBLE_BOOT_DEVICE. After a forced reboot, the same bluescreen appeared again. I tried Windows boot repaire but it didn't work. I couldn't start the computer until I disabled the Early-Launch-AntiMalware on the boot option menu, which resulted in KIS not loaded. I thought the bluescreen must have something to do with KIS. To prevent rootkits and other unknown drivers from being loaded when the system boots, just after I had installed my OS, I turned on the Boot-Start Driver Initialisation Policy in Group Policy and set the policy to only allow "good" drivers to be initialised. I changed the policy to allow "good and unknown" drivers and restarted the computer, there was no bluescreen and KIS started normally like before. I changed the policy back to only allow "good" drivers and restarted the computer, the bluescreen came again. Just before this bluescreen accident happened, I updated database of KIS, and I ran a quick scan (NOTHING detected). I installed Qt 6.5.3 several days ago, but nothing went wrong these days. Even earlier, I installed a driver for Lenovo Hotkey on Lenovo System Update, which is an official driver updater and the installation was fully monitored by Kaspersky Internet Security. I think the problem may be due to KIS incorrectly classifying some important driver to be unknown during the ELAM stage. But I could not find anything about it: no related event logged, no KIS report and even no dump file for the bluescreen. The compromise in ELAM policy is just a workaround. Could anyone give more help?