Any connection between KART 5 (3660) and BSOD Critical Service Failed

[Vasily Burov]

 

Hi Folks

Thanks for the update.  I hope you had a nice holiday.

I only have a Macrium image of the machine AFTER a BSOD. 

I will need to adjust the process slightly.  I will try this tomorrow, it was a long day.

 

1 Restore the BSOD Macrium Image

2 Restore the CatRoot and DriverStore files

3 Rename the Kaspersky Lab files so they do not delete CatRoot and DriveStore on the next reboot

4 Restart the machine

5 Somehow enable product logging on maximum level.  I hope I can.

6 Rename the Kaspersky Lab files back to their original names

7 Reboot, hope for a BSOD and get you the logs

 

Any adjustments or suggestions?

 

 

 

Hi, Steve.

Your algorithm is good, hope it works.

Thanks!

[steve_paul_quinn]

Hi Vasily/Folks

I've had to adjust the procedure slightly but was able to recreate and hope fully capture something helpful.  I was able to get one reboot without a BSOD and the next reboot with a BSOD.  Hopefully yay.

The timestamps to look for are from May 05 2021 at 7:33 AM EST and are hopefully in AntiRansom.3.0.1.3660_05.05_07.33_4084.SRV.log
Along with the logs, I've included a copy of the files in C:\Program Files (x86)\Kaspersky Lab in case they are helpful.

I've used 7z with ultra compression to get the files down from 783 MB to 208 MB
The files are password protected and shared below, PM me for the password
https://drive.google.com/file/d/1WErYxo9mJR19OT8tD9KAHcOjM1_c01bY/view?usp=sharing

Here is the procedure I used

1 Boot with Macrium Reflect PE Rescue Environment

2 Restore the BSOD Macrium Image

3 Restore the CatRoot and DriverStore files

4 Rename C:\Program Files (x86)\Kaspersky Lab to C:\Program Files (x86)\Kaspersky Lab Old

5 Restart the machine

6 Rename C:\Program Files (x86)\Kaspersky Lab Old to C:\Program Files (x86)\Kaspersky Lab

7 Enable product logging on maximum level

8 Reboot and witness BSOD

9 Boot with Macrium Reflect PE Rescue Environment

10 Restore the CatRoot and DriverStore files

11 Reboot and witness no issues

12 Reboot and witness BSOD

13 Boot with Macrium Reflect PE Rescue Environment

14 Copy AllUsersProfile Kaspersky Lab\Logs and files from From C:\Program Files (x86)\Kaspersky Lab

15 Compress with 7z

16 Upload with Google Drive

17 Drink Vodka and Pray

Take care

Steve

[Vasily Burov]

Hi, All!

The BSOD problem was identified and solved. The fix will be available in upcoming product update. Also the issue occurrence has been minimized in the currently available product update.

This result could not be achieved without your help. Thanks you very much and hope that you continue reports about product problems. Together we will make the product better!

[Marc5]

Too little way too late.  Will never use your products again after this fiasco.

[Intrepid]

Too little way too late.  Will never use your products again after this fiasco.

And it’s STILL not fixed by Kaspersky.  Ridiculous.  This free product was designed to market Kaspersky products and convince small businesses to buy the full solution.  That’s a laugh.

[Vasily Burov]

Too little way too late.  Will never use your products again after this fiasco.

And it’s STILL not fixed by Kaspersky.  Ridiculous.  This free product was designed to market Kaspersky products and convince small businesses to buy the full solution.  That’s a laugh.

Hi!

Sorry again for that failure. It will be completely fixed in upcoming update. We need additional time to implement the fix and test it thoroughly.

Did you get the BSOD on last product update to 3886(i) version?

Thanks.

[CF93]

Too little way too late.  Will never use your products again after this fiasco.

And it’s STILL not fixed by Kaspersky.  Ridiculous.  This free product was designed to market Kaspersky products and convince small businesses to buy the full solution.  That’s a laugh.

Hi!

Sorry again for that failure. It will be completely fixed in upcoming update. We need additional time to implement the fix and test it thoroughly.

Did you get the BSOD on last product update to 3886(i) version?

Thanks.

 

Hello,

I’m happy to read that the problem is solved at last.

Can you tell us what are all the causes and consequences of this problem when it strikes a computer ? Are the consequences identical on all Windows OS and serser version ?

It would be good to know this in order to restore a computer correctly.

Thank you for your help

[lnet]

Hi, All!

The BSOD problem was identified and solved. The fix will be available in upcoming product update. Also the issue occurrence has been minimized in the currently available product update.

This result could not be achieved without your help. Thanks you very much and hope that you continue reports about product problems. Together we will make the product better!

Hello Vasily,

 

can you please tell us how we can find out if one of our systems is affected and how we can make sure it will start correctly after a shutdown ?

 

we have still many servers up since the problems arised since some did not start anymore.

 

we need an urgent advice of how we can identify affected systems and how to solve if they are.

 

Regards,

 

Mike

[lnet]

Hi, All!

The BSOD problem was identified and solved. The fix will be available in upcoming product update. Also the issue occurrence has been minimized in the currently available product update.

This result could not be achieved without your help. Thanks you very much and hope that you continue reports about product problems. Together we will make the product better!

Hello Vasily,

 

can you please tell us how we can find out if one of our systems is affected and how we can make sure it will start correctly after a shutdown ?

 

we have still many servers up since the problems arised since some did not start anymore.

 

we need an urgent advice of how we can identify affected systems and how to solve if they are.

 

Regards,

 

Mike

still no help for us from Kaspersky :-)

this is so painful unsatisfying.

[Vasily Burov]

still no help for us from Kaspersky :-)

this is so painful unsatisfying.

Hi, all

Sorry for late response. I do not know the accurate way how to check whether the system with KART is affected or not 😞 You can check the size and contents of the CatRoot folder… But I think that current product patch (I) is not vulnerable by this issue in most cases.

 

Thanks.