Whenever starting a program stored in a Dev Drive in Avast, if the program triggers CyberCapture automatic sandboxing then the computer will crash with code APC_INDEX_MISMATCH.
Strangely right-clicking the program - Run in sandbox does nothing.
Disabling hardware-assisted virtualization in troubleshooting settings had no effect.
Disabling Dev Drive completely fixes the issue.
Crash stack trace:
Arguments:
Arg1: 00007ffe109f0374, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 000000000000fffe, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: ffffce041b27eaa0, Call type (0 - system call, 1 - worker routine)
[...]
STACK_TEXT:
ffffce04`1b27e8d8 fffff805`1e22bf29 : 00000000`00000001 00007ffe`109f0374 00000000`00000000 00000000`0000fffe : nt!KeBugCheckEx
ffffce04`1b27e8e0 fffff805`1e22bde9 : ffffe70f`155ac080 00000000`00000000 00000000`0000003f ffffe70f`00000000 : nt!KiBugCheckDispatch+0x69
ffffce04`1b27ea20 00007ffe`109f0374 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x3ad
0000008c`13cfeed8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`109f0374
SYMBOL_NAME: nt!KiSystemServiceExitPico+3ad
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.22621.4169
Windows 11 version: 10.0.22631.4169
Avast version: 24.9.6130 (build 24.9.9452.875)
Signature version: 240926-2