Glasswire (1.2.109) is causing BSODs on my computer. This a fresh install of Windows. Started having BSODs. I enabled the driver verifier. Minidump points to gwdrv.sys as the culprit. Memory test was clean. I saw people having this problem on a Surface. This is a custom built desktop, not a Surface.
WinBg output:
Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\072617-2843-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 15063 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 15063.0.amd64fre.rs2_release.170317-1834
Machine Name:
Kernel base = 0xfffff803`1400d000 PsLoadedModuleList = 0xfffff803`143595a0
Debug session time: Wed Jul 26 11:45:32.327 2017 (UTC - 5:00)
System Uptime: 0 days 0:00:02.026
Loading Kernel Symbols
...............................................................
..................
Loading User Symbols
Loading unloaded module list
..
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {2000, fffff80e3dea1d25, 0, 44435747}
*** WARNING: Unable to verify timestamp for gwdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for gwdrv.sys
Probably caused by : gwdrv.sys ( gwdrv+1d25 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff80e3dea1d25, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 0000000044435747, Pool Tag (if provided).
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 15063.0.amd64fre.rs2_release.170317-1834
DUMP_TYPE: 2
BUGCHECK_P1: 2000
BUGCHECK_P2: fffff80e3dea1d25
BUGCHECK_P3: 0
BUGCHECK_P4: 44435747
BUGCHECK_STR: 0xc4_2000
CPU_COUNT: 8
CPU_MHZ: e10
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: SYS-216
ANALYSIS_SESSION_TIME: 07-26-2017 11:54:48.0152
ANALYSIS_VERSION: 10.0.10586.567 amd64fre
LAST_CONTROL_TRANSFER: from fffff8031477903f to fffff803141793f0
STACK_TEXT:
ffff9580`c5bce5a8 fffff803`1477903f : 00000000`000000c4 00000000`00002000 fffff80e`3dea1d25 00000000`00000000 : nt!KeBugCheckEx
ffff9580`c5bce5b0 fffff803`1425ad1f : 00000000`00000000 fffff803`147709ca fffff803`142c4210 00000000`00000003 : nt!VerifierBugCheckIfAppropriate+0x6b
ffff9580`c5bce5f0 fffff803`147708b0 : 00000000`44435747 fffff803`1434b3a0 fffff80e`3dea1d25 ffff800c`01385e60 : nt!VfReportIssueWithOptions+0x103
ffff9580`c5bce640 fffff803`1476e701 : 00000000`44435747 ffff9580`c5bce7f9 00000000`00000000 00000000`00000000 : nt!VfCheckPoolType+0x90
ffff9580`c5bce680 fffff80e`3dea1d25 : 00000000`00000000 ffff800c`01399a00 ffff9580`c5bce7f9 fffff80e`3dea7290 : nt!VerifierExAllocatePoolEx+0x21
ffff9580`c5bce6d0 00000000`00000000 : ffff800c`01399a00 ffff9580`c5bce7f9 fffff80e`3dea7290 fffff80e`3dea7280 : gwdrv+0x1d25
STACK_COMMAND: kb
THREAD_SHA1_HASH_MOD_FUNC: 50001d3215dcc7aba00a74dc720565b4a20d4e8b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: db8ce7fb508357675548dde3122e88e5015fddb8
THREAD_SHA1_HASH_MOD: 3b2ceb278d84fc2b117de5ea2854c0f86bf256f0
FOLLOWUP_IP:
gwdrv+1d25
fffff80e`3dea1d25 488bd0 mov rdx,rax
FAULT_INSTR_CODE: 48d08b48
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: gwdrv+1d25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: gwdrv
IMAGE_NAME: gwdrv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5567e7ec
BUCKET_ID_FUNC_OFFSET: 1d25
FAILURE_BUCKET_ID: 0xc4_2000_VRF_gwdrv!Unknown_Function
BUCKET_ID: 0xc4_2000_VRF_gwdrv!Unknown_Function
PRIMARY_PROBLEM_CLASS: 0xc4_2000_VRF_gwdrv!Unknown_Function
TARGET_TIME: 2017-07-26T16:45:32.000Z
OSBUILD: 15063
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2017-06-03 03:53:36
BUILDDATESTAMP_STR: 170317-1834
BUILDLAB_STR: rs2_release
BUILDOSVER_STR: 10.0.15063.0.amd64fre.rs2_release.170317-1834
ANALYSIS_SESSION_ELAPSED_TIME: 10e0
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc4_2000_vrf_gwdrv!unknown_function
FAILURE_ID_HASH: {f59aab69-8684-0a5b-3a7e-4f5c5fc7f7af}
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff80e3dea1d25, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 0000000044435747, Pool Tag (if provided).
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 15063.0.amd64fre.rs2_release.170317-1834
DUMP_TYPE: 2
BUGCHECK_P1: 2000
BUGCHECK_P2: fffff80e3dea1d25
BUGCHECK_P3: 0
BUGCHECK_P4: 44435747
BUGCHECK_STR: 0xc4_2000
CPU_COUNT: 8
CPU_MHZ: e10
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: SYS-216
ANALYSIS_SESSION_TIME: 07-26-2017 11:54:52.0477
ANALYSIS_VERSION: 10.0.10586.567 amd64fre
LAST_CONTROL_TRANSFER: from fffff8031477903f to fffff803141793f0
STACK_TEXT:
ffff9580`c5bce5a8 fffff803`1477903f : 00000000`000000c4 00000000`00002000 fffff80e`3dea1d25 00000000`00000000 : nt!KeBugCheckEx
ffff9580`c5bce5b0 fffff803`1425ad1f : 00000000`00000000 fffff803`147709ca fffff803`142c4210 00000000`00000003 : nt!VerifierBugCheckIfAppropriate+0x6b
ffff9580`c5bce5f0 fffff803`147708b0 : 00000000`44435747 fffff803`1434b3a0 fffff80e`3dea1d25 ffff800c`01385e60 : nt!VfReportIssueWithOptions+0x103
ffff9580`c5bce640 fffff803`1476e701 : 00000000`44435747 ffff9580`c5bce7f9 00000000`00000000 00000000`00000000 : nt!VfCheckPoolType+0x90
ffff9580`c5bce680 fffff80e`3dea1d25 : 00000000`00000000 ffff800c`01399a00 ffff9580`c5bce7f9 fffff80e`3dea7290 : nt!VerifierExAllocatePoolEx+0x21
ffff9580`c5bce6d0 00000000`00000000 : ffff800c`01399a00 ffff9580`c5bce7f9 fffff80e`3dea7290 fffff80e`3dea7280 : gwdrv+0x1d25
STACK_COMMAND: kb
THREAD_SHA1_HASH_MOD_FUNC: 50001d3215dcc7aba00a74dc720565b4a20d4e8b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: db8ce7fb508357675548dde3122e88e5015fddb8
THREAD_SHA1_HASH_MOD: 3b2ceb278d84fc2b117de5ea2854c0f86bf256f0
FOLLOWUP_IP:
gwdrv+1d25
fffff80e`3dea1d25 488bd0 mov rdx,rax
FAULT_INSTR_CODE: 48d08b48
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: gwdrv+1d25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: gwdrv
IMAGE_NAME: gwdrv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5567e7ec
BUCKET_ID_FUNC_OFFSET: 1d25
FAILURE_BUCKET_ID: 0xc4_2000_VRF_gwdrv!Unknown_Function
BUCKET_ID: 0xc4_2000_VRF_gwdrv!Unknown_Function
PRIMARY_PROBLEM_CLASS: 0xc4_2000_VRF_gwdrv!Unknown_Function
TARGET_TIME: 2017-07-26T16:45:32.000Z
OSBUILD: 15063
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2017-06-03 03:53:36
BUILDDATESTAMP_STR: 170317-1834
BUILDLAB_STR: rs2_release
BUILDOSVER_STR: 10.0.15063.0.amd64fre.rs2_release.170317-1834
ANALYSIS_SESSION_ELAPSED_TIME: b74
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc4_2000_vrf_gwdrv!unknown_function
FAILURE_ID_HASH: {f59aab69-8684-0a5b-3a7e-4f5c5fc7f7af}
Followup: MachineOwner
---------