Vasily Burov
-
Posts
89 -
Joined
-
Last visited
Posts posted by Vasily Burov
-
-
Hi Vasily/Kaspersky Team
It’s been several days with no official response from Kaspersky.
Can you please give us an update?
Steve
Hi, Steve!
Sorry for delay, in Russia we have small holidays :-) We still can’t reproduce this issue :-( Thank you for submitting the playback algorithm. I suggest the following way:
- Restore the Macrium Image
- Enable product logging on maximum level.
- Restart the product
- Restore the CatRoot and DriverStore files
- Restart the computer and get the BSOD
- After memory dump is created - restart computer again in safe mode
- Save product logs (please see “Log application events” chapter in online help) and memory dump to another location.
Please write here the message if you succeed. I will consult with our legal department about the method of transferring traces to us.
Thanks!
-
3 Manually recursively delete C:\Kaspersky Lab
Did you installed the product in non-default path?
-
Hi Vasily
It is confirmed. Windows Update Blocker v1.5 was used and Windows updates is disabled. In my situation the BSOD issue was independent of KB500802/KB500808. I’ve included the KB that were installed and the Windows Version as 1909
Hi, Steve
Thanks for very useful info!
KART update was installed and popup asking to restart is displayed - when you restarted the PC after that (immediately or with delay)? Can you write the sequence of your actions?
-
Можно не удалять.
-
Здравствуйте, Александр
Размер папки Catroot некорректный и из-за этого ошибки в системе. Надо проделать следующие действия:
- Удалить KART с компьютера
- Скопировать все файлы “*.cat” из папки “%windir%\servicing\Packages\” в папку “%windir%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\” .
- У параметра реестра UpperFilters расположенного по пути:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}
должно быть в значении только volsnap. Если этого параметра (UpperFilters) нет, то его надо создать (тип Multi-String Value) и добавить только значение volsnap. Если в значениях осталось klbackupdisk то удалить это значение. В общем должно быть так:
- Перезагрузить компьютер. После этого 5038 ошибки в событиях должны пропасть и большинство функций Windows заработать.
- Скачать последнюю версию продукта с сайта:
Free Ransomware Protection | Kaspersky Anti-Ransomware Tool
и установить ее на сервер.
Спасибо.
-
Hi Vasily
You are very welcome. I too want to catch it. It’s a very nasty bug.
Many of us noticed that the BSOD occurred with 3660 a few days after UpperFilters was removed. I am very tempted to restore my test machine to 3660, disable the network interface to prevent an upgrade and see if I can recreate the problem. Do you think this would be helpful?
Steve
Hi, Steve!
It will be very helpful! Please try to reproduce this BSOD with product logs on maximum level.
Can you list here the value of UpperFilters registry parameter on restored machine before product update?
Thanks.
-
Hello, can you please tell us how we can make sure if a computer is affected and will start as soon we restart it ?
We have many Servers (SBS 2011, Windows 2008R2, Windows 2016 Server, Windows 2019 Server) which have never been restarted since the problem arised.
Please do respond soon to this urgent issue !
If somebody else has a definitive answer to this question i am happy to hear about.
Regards,
Mike
Hi, Mike!
I don’t know what computers will be affected by this issue. In our labs we don’t have the same problem :-( We try to reproduce it. At this moment we think that fix of the UpperFilters registry value in last product update will fix the BSOD too.
Can anybody to tell about the sequence of updates install that led to BSOD:
Windows KB500802/KB500808 update was installed, then update for KART and then computer was restarted
or
KART update was installed, then Windows KB500802/KB500808 update and then computer was restarted
or
KART update was installed and then computer was restarted but windows KB500802/KB500808 update installation was still in progress
or
It does not matter?I appreciate you for help.
-
Hi Vasily
I really appreciate an official Kaspersky representative reaching out. I’m sure you would agree the response time has been very slow. I hope that whatever the cause of the slow response has been addressed. I have many customers who are now afraid of Kaspersky software. You may also notice there are others who voiced these same opinions in this forum thread. I ‘d like to work together to gain back their trust.
As you may see from my contributions in this thread, I have a HP ZBook G1 that had experienced the BSOD issue. I reverted to a previous backup and have monitored the machine for many days. I am hoping to assist with catching the BSOD bug. As expected, the machine automatically upgraded to 5.0.0.3886(i). I have enabled Event Logging with Maximum detail. I’ve also created a reboot task for every 30 minutes. It has rebooted without issue for 3 days.
If there are any changes or suggestions to my test environment, I would appreciate your input
Take care
Steve Quinn
Hi, Steve!
Thanks for you reply. I agree that response time was long and hope that this situation will not repeats again.
In our lab we can not reproduce this BSOD at the moment. I need some time to think about how we can reproduce this on your configuration, I will be discuss that with colleagues tomorrow.
I really want to catch this BSOD. 😡Thanks.
-
Здравствуйте, Александр!
Не нужно было на учебном компьютере добавлять klbackupdisk в этот параметр. Поведение ожидаемое. Начиная с версии 5.0.0.3660 этого значения не должно там быть.
Посмотреть версию продукта можно здесь (Menu → Get Support):
У вас на сервере, вероятно, установлена версия 5.0.0.3409 (или меньше) и поэтому значение klbackupdisk у параметра UpperFilters есть.
Дополнительно хотел бы попросить вас посмотреть и написать размер папки “%windir%\System32\CatRoot” и кол-во файлов в ней на сервере с ошибками.
Спасибо.
-
Здравствуйте, Александр.
Предлагаю сделать следующее:
- В приведенный ключик реестра добавить значение volsnap:
В UpperFilters будет два значения klbackupdisk и volsnap - Перезагрузить компьютер и посмотреть уйдут ли ошибки
Спасибо.
- В приведенный ключик реестра добавить значение volsnap:
-
Здравствуйте, Александр.
Прошу прощения за поздний ответ. В предыдущем обновлении продукта была проблема со значением реестра UpperFilters и она была устранена в текущей версии. Попробуйте создать ключ в реестре:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}]"UpperFilters"=REG_MULTI_SZ:“volsnap”
И после этого перезагрузите компьютер.
Спасибо.
-
Hi, All!
Sorry for late response. Thank you for your patience and for reporting about these issues. The problem with UpperFilters registry value was fixed in last product update. We continue investigation of BSOD problem but we think that this may be due to the first problem with the registry.P.S. The actual version of the product can be found here:
Menu -> Get Support
Thanks.
Any connection between KART 5 (3660) and BSOD Critical Service Failed
in Kaspersky Anti-Ransomware Tool
Posted
Hi, Steve.
Your algorithm is good, hope it works.
Thanks!