Regular Visitor
owlyns
Posts: 9
Registered: ‎08-03-2011
Accepted Solution
XP BSOD Possible Reason/Solution

Using XP SP3, NIS 2011. On 8/1/2011, (1:51 PM EDT according to the dmp file), I suddenly started getting BSODs. I noticed that this only happened when the machine was idle. I'll skip everything I tried and get right to what I thought was wrong and what worked.

 

I found that my NIS idle time delay was set to 10 minutes. So was my screen saver delay. this may have been a coincidence, as changing the screen saver delay didn't fix the problem, but changing the NIS idle time out to 30  minutes seems to have worked.

 

Note that the 10 minute configuration has been in place since NIS 2009 with no problems.Perhaps there is something else that comes along every 10 minutes- I don't know.

 

Examining the first dump file pointed to SYMEVENT.SYS ( SYMEVENT+143d9 ). Subsequent dump files pointed to all kinds of different things, all kernel related, and I ruled them out figuring that symevent interacts with the kernel, and Windows is famous for giving wrong error messages.

 

Anyway, it's been about 24 hours now, and no further BSODs.

Regular Visitor
owlyns
Posts: 9
Registered: ‎08-03-2011
Re: XP BSOD Possible Reason/Solution

BSODs are back. Don't know what to do next. Any suggestions?

Symantec Employee
sam_kim_ave
Posts: 12
Registered: ‎12-09-2010
Re: XP BSOD Possible Reason/Solution

Hi owlyns, would you be able to send us the dumps that you have?

Symantec Employee
sam_kim_ave
Posts: 12
Registered: ‎12-09-2010
Re: XP BSOD Possible Reason/Solution

Also, if you have any kernel or complete memory dumps that would be extra helpful (verses mini or small dumps).  

Regular Visitor
owlyns
Posts: 9
Registered: ‎08-03-2011
Re: XP BSOD Possible Reason/Solution

So far, all I have are the small dumps, but I may have found the problem (hate to say that as I may jinx it). I am now suspecting Trusteer Rapport as being the problem. The latest dump I had pointed to it. I would not be surprised if that was the problem, as I know many people have been having all kinds of issues with it. I suppose it is possible the an NIS update (or some other automatic update) just happened to interfere with Rapport, but at this point, I think I'll wait and see.

 

I uninstalled Rapport, deleted any extra files and directories, and cleaned up the few remaining items in the registry. I then tried the procedure that I used to intentionally cause a crash, and I had no crash. The procedure had worked every time I tried it previously. I am now just going to wait with the computer idling, as this is when the most crashes occurred. If the problem comes back, I'll send the crash dumps.

 

How do I create the detailed dump file?

 

Thanks!

Symantec Employee
sam_kim_ave
Posts: 12
Registered: ‎12-09-2010
Re: XP BSOD Possible Reason/Solution

To get a more detailed dump, go to system properties (you can right click 'My Computer' and click on 'properties'.  

From "System properties" -> "Advanced" tab -> "Startup and Recovery" "Settings" -> Change the "Write debugging information" drop down menu to "Complete memory dump" -> "OK".

 

Hopefully the issue is resolved now.  Let me know!

Regular Visitor
owlyns
Posts: 9
Registered: ‎08-03-2011
Re: XP BSOD Possible Reason/Solution
[ Edited ]

Okay, the problem has not returned. I am declaring this fixed. The solution was to uninsatll Trusteer Rapport. I also cleaned up leftover entries in the registry and leftover folders.

Super Contributor
donziehm
Posts: 391
Registered: ‎12-29-2010
Re: XP BSOD Possible Reason/Solution

For what it is worth, I too installed Trusteer Rapport a couple of weeks ago on my WIN XP SP3 installation that is running NIS 2011.

 

Aside from slowing down my boot time by 10 secs, I have not had any major problems with it. I did download from a link on my participating bank web site. Yesterday it did trap a browser alteration attempt after I had clicked on a bad link on an e-commerce site.

Super Contributor
donziehm
Posts: 391
Registered: ‎12-29-2010
Re: XP BSOD Possible Reason/Solution

I just stopped Rapport via it's Start -> Programs -> Trusteer Rapport -> Stop facility and rebooted. Went out and downloaded XP SP3 monthly updates. All installed fine and system rebooted without issue.

 

A couple of comments here.

 

1. When using multiple realtime security products especially these new class of browser malware protection products, one has to understand that these products install "hooks" deep into the OS to accomplish self-protection and the like.

 

2. With software of this class, OS updates and other security products possibly are bound to conflict.

 

3. Only way to assure no conflicts is to stop i.e. disable the most intrusive security software. For example, many IT pros will not install any WIN OS updates with any secuirty software running. Of course before doing this they disable their Internent connection and the like.

 

My advice with Rapport is if you are running it with it's default security settings, stop it and only start it before doing e-commerce activities like banking, shopping, etc. Also make sure you check Rapport has been updated after it has been started and prior to starting your browser. Keeping Rapport in a stopped status will also make your PC overall more response.The prior assumes you have other adequate security protection such as NIS 2011, etc.

 

Note: MRG June test of online banking protection software only certified three vendors products for protection on both clean and infected PCs. These were Trusteer Rapport, Quessero's On Protect, and Zeemana's Anti-keylogger.  

Symantec Employee
Posts: 5
Registered: ‎04-09-2008
Re: XP BSOD Possible Reason/Solution

Hi owlyns,

 

I'm glad to hear that the problem hasn't returned. You mentioned that you had crash dumps associated with the BSOD's that you saw. Do you still have them and would you be willing to send them to us?

 

I know that you uninstalled the Trusteer Rapport software but we'd still like to know how it caused SymEvent to crash so that we can build better resiliency to our components. Thanks!

 

Danny

SymEvent Team