Hi,

almost everytime i shutdown my computer i get bsod as follow:

032615-10654-01.dmp 25/03/2015 19:21:22 SYSTEM_THREAD_EXCEPTION_NOT_HANDLED 0x1000007e ffffffffc0000005 fffff88001077402 fffff880084f7788 fffff880084f6fe0 aswMonFlt.sys aswMonFlt.sys+3873 avast! File System Minifilter for Windows 2003/Vista Avast Antivirus Avast Software s.r.o. 10.2.2215.880 x64 fltmgr.sys+d402 C:\Windows\Minidump\032615-10654-01.dmp 8 15 7601 292.440 26/03/2015 08:51:42

any ideas?

thanks

I have a similar problem, but I’ve pinned it down so I can reproduce it about 80% of the time. Windows 8.1 gives a BSOD consistently when I dismount a TrueCrypt file container. Also happens much more infrequent when I remove a USB flashdrive. Started having this problem after the latest Avast update, never had it with previous versions. Debug follows:

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff802ca74d596, The address that the exception occurred at
Arg3: ffffd00194f36978, Exception Record Address
Arg4: ffffd00194f36180, Context Record Address

Debugging Details:
------------------


DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!ExfReleaseRundownProtection+6
fffff802`ca74d596 488b09          mov     rcx,qword ptr [rcx]

EXCEPTION_RECORD:  ffffd00194f36978 -- (.exr 0xffffd00194f36978)
ExceptionAddress: fffff802ca74d596 (nt!ExfReleaseRundownProtection+0x0000000000000006)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008

CONTEXT:  ffffd00194f36180 -- (.cxr 0xffffd00194f36180;r)
rax=00000000c0000022 rbx=0000000000000007 rcx=0000000000000008
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000001
rip=fffff802ca74d596 rsp=ffffd00194f36bb8 rbp=ffffc00160db2be0
 r8=0000000000000008  r9=ffffd00194f36a40 r10=fffff802ca95ae80
r11=ffffd00194f36b00 r12=ffffe0012069c000 r13=0000000000000000
r14=ffffc0015290cbe0 r15=ffffe0012062dcf0
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0000  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
nt!ExfReleaseRundownProtection+0x6:
fffff802`ca74d596 488b09          mov     rcx,qword ptr [rcx] ds:002b:00000000`00000008=????????????????
Last set context:
rax=00000000c0000022 rbx=0000000000000007 rcx=0000000000000008
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000001
rip=fffff802ca74d596 rsp=ffffd00194f36bb8 rbp=ffffc00160db2be0
 r8=0000000000000008  r9=ffffd00194f36a40 r10=fffff802ca95ae80
r11=ffffd00194f36b00 r12=ffffe0012069c000 r13=0000000000000000
r14=ffffc0015290cbe0 r15=ffffe0012062dcf0
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0000  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
nt!ExfReleaseRundownProtection+0x6:
fffff802`ca74d596 488b09          mov     rcx,qword ptr [rcx] ds:002b:00000000`00000008=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000008

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff802ca9d5138
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 0000000000000008 

FOLLOWUP_IP: 
aswMonFlt+60e6
fffff801`00ba60e6 ??              ???

BUGCHECK_STR:  AV

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80100ba60e6 to fffff802ca74d596

STACK_TEXT:  
ffffd001`94f36bb8 fffff801`00ba60e6 : 00000000`00000001 fffff801`00bac830 00000000`a8d683c3 00000000`00001b8d : nt!ExfReleaseRundownProtection+0x6
ffffd001`94f36bc0 00000000`00000001 : fffff801`00bac830 00000000`a8d683c3 00000000`00001b8d ffffd001`94f36c68 : aswMonFlt+0x60e6
ffffd001`94f36bc8 fffff801`00bac830 : 00000000`a8d683c3 00000000`00001b8d ffffd001`94f36c68 ffffd001`94f36ca0 : 0x1
ffffd001`94f36bd0 00000000`a8d683c3 : 00000000`00001b8d ffffd001`94f36c68 ffffd001`94f36ca0 00000000`00000000 : aswMonFlt+0xc830
ffffd001`94f36bd8 00000000`00001b8d : ffffd001`94f36c68 ffffd001`94f36ca0 00000000`00000000 00000000`00000000 : 0xa8d683c3
ffffd001`94f36be0 ffffd001`94f36c68 : ffffd001`94f36ca0 00000000`00000000 00000000`00000000 ffffe001`00000007 : 0x1b8d
ffffd001`94f36be8 ffffd001`94f36ca0 : 00000000`00000000 00000000`00000000 ffffe001`00000007 ffffd001`00000001 : 0xffffd001`94f36c68
ffffd001`94f36bf0 00000000`00000000 : 00000000`00000000 ffffe001`00000007 ffffd001`00000001 ffffe001`00000020 : 0xffffd001`94f36ca0


SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  aswMonFlt+60e6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswMonFlt

IMAGE_NAME:  aswMonFlt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  54f45429

STACK_COMMAND:  .cxr 0xffffd00194f36180 ; kb

FAILURE_BUCKET_ID:  AV_aswMonFlt+60e6

BUCKET_ID:  AV_aswMonFlt+60e6

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_aswmonflt+60e6

FAILURE_ID_HASH:  {b2b6d12b-9d74-103e-1256-3bd74dcb76c3}

Followup: MachineOwner
---------

0: kd> lmvm aswMonFlt
start             end                 module name
fffff801`00ba0000 fffff801`00bc3000   aswMonFlt T (no symbols)           
    Loaded symbol image file: aswMonFlt.sys
    Image path: aswMonFlt.sys
    Image name: aswMonFlt.sys
    Timestamp:        Mon Mar 02 06:14:33 2015 (54F45429)
    CheckSum:         0001FE48
    ImageSize:        00023000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Hi guys

Can you please follow this procedure : https://www.avast.com/en-eu/faq.php?article=AVKB33#idt_01

• In step 5 select “Full dumps”,.
• Don’t make a ticket, but post the Support Package File ID in your next reply.

Greetz, Red.

EDIT : Modified procedure.

There are several issues know after upgrading to the latest version.
Many are solved when you do a clean installation.

Reinstall was no help.

I submitted a ticket and a “full dump” as suggested to Avast. I’ll update when I get a response.

Hello and greetings!

I have the same problems: Bluescreens / BSOD on shutdown, SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
With WinDbg it can be traced down to aswMonFlt.sys. I also use TrueCrypt.

Also same as with CSEngineer: nt!ExfReleaseRundownProtection+0x7 ???

Are there any news to this topic?

See: Reply #2

Hello CSEngineer,

We got your support package and we will have a closer look on your issue.

Thanks,
B.

Hi all,

thanks for the report. The problem with Truecrypt and generally with aswMonFlt.sys is issued now, we should be able to fix it in next SP the latest.

Cheers,
B.

Any expected release date for that next Service Pack ???

I also uploaded a “full dump”. Hope this helps.

But as every shutdown has a chance of loosing data from disk ( I already lost some files - dont know what damage is done without notice… )
I have the same question as bob3160:

When is the Service Pack scheduled?

Hello and thanks,

next time, you don’t have to make a ticket at support but post the package id here (you have to tick the option to send it to avast), also in your package is MEMOMRY.dmp missing (it’s logical when it has only 14MB - maybe your windows are not configured to create full dumps). And the last thing, if it’s about the same issue it isn’t necessary to upload GBs of data

Again thanks for your report,
B.

Hello,

so the “full dump” was just a dump. Let me know if it helps to create and send a MEMOMRY.dmp.
Regarding the size, it might be a bit tricky to upload - and take lots of time and traffic here…

Have a nice day.

Having the same problem…any due date for the next service pack available/estimated? :-\

Hi JoergO, welcome to the forum

You are using TrueCript ? I that case you have nothing to do.
If you are not using TrueCript, follow the procedure from Reply #2, and start a new topic.

We don’t know anything about the next service pack yet.

Greetz, Red.

Hello,

Since two weeks passed since the last message - are there any updates on this topic for us?

Have a nice weekend,
Florian

The beta is being tested now

Thanks for the quick answer!

https://forum.avast.com/index.php?topic=169573.0

Avast client just updated to 2015.10.2.2218. I’ll update in a few days on whether that corrects the problem.