BSOD on Windows 10

Glasswire (1.2.109) is causing BSODs on my computer. This a fresh install of Windows. Started having BSODs. I enabled the driver verifier. Minidump points to gwdrv.sys as the culprit. Memory test was clean. I saw people having this problem on a Surface. This is a custom built desktop, not a Surface.

WinBg output:

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\072617-2843-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 15063 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 15063.0.amd64fre.rs2_release.170317-1834
Machine Name:
Kernel base = 0xfffff803`1400d000 PsLoadedModuleList = 0xfffff803`143595a0
Debug session time: Wed Jul 26 11:45:32.327 2017 (UTC - 5:00)
System Uptime: 0 days 0:00:02.026
Loading Kernel Symbols
...............................................................
..................
Loading User Symbols
Loading unloaded module list
..
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {2000, fffff80e3dea1d25, 0, 44435747}

*** WARNING: Unable to verify timestamp for gwdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for gwdrv.sys
Probably caused by : gwdrv.sys ( gwdrv+1d25 )

Followup:     MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff80e3dea1d25, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 0000000044435747, Pool Tag (if provided).

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  15063.0.amd64fre.rs2_release.170317-1834

DUMP_TYPE:  2

BUGCHECK_P1: 2000

BUGCHECK_P2: fffff80e3dea1d25

BUGCHECK_P3: 0

BUGCHECK_P4: 44435747

BUGCHECK_STR:  0xc4_2000

CPU_COUNT: 8

CPU_MHZ: e10

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  SYS-216

ANALYSIS_SESSION_TIME:  07-26-2017 11:54:48.0152

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8031477903f to fffff803141793f0

STACK_TEXT:  
ffff9580`c5bce5a8 fffff803`1477903f : 00000000`000000c4 00000000`00002000 fffff80e`3dea1d25 00000000`00000000 : nt!KeBugCheckEx
ffff9580`c5bce5b0 fffff803`1425ad1f : 00000000`00000000 fffff803`147709ca fffff803`142c4210 00000000`00000003 : nt!VerifierBugCheckIfAppropriate+0x6b
ffff9580`c5bce5f0 fffff803`147708b0 : 00000000`44435747 fffff803`1434b3a0 fffff80e`3dea1d25 ffff800c`01385e60 : nt!VfReportIssueWithOptions+0x103
ffff9580`c5bce640 fffff803`1476e701 : 00000000`44435747 ffff9580`c5bce7f9 00000000`00000000 00000000`00000000 : nt!VfCheckPoolType+0x90
ffff9580`c5bce680 fffff80e`3dea1d25 : 00000000`00000000 ffff800c`01399a00 ffff9580`c5bce7f9 fffff80e`3dea7290 : nt!VerifierExAllocatePoolEx+0x21
ffff9580`c5bce6d0 00000000`00000000 : ffff800c`01399a00 ffff9580`c5bce7f9 fffff80e`3dea7290 fffff80e`3dea7280 : gwdrv+0x1d25


STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  50001d3215dcc7aba00a74dc720565b4a20d4e8b

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  db8ce7fb508357675548dde3122e88e5015fddb8

THREAD_SHA1_HASH_MOD:  3b2ceb278d84fc2b117de5ea2854c0f86bf256f0

FOLLOWUP_IP: 
gwdrv+1d25
fffff80e`3dea1d25 488bd0          mov     rdx,rax

FAULT_INSTR_CODE:  48d08b48

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  gwdrv+1d25

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: gwdrv

IMAGE_NAME:  gwdrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5567e7ec

BUCKET_ID_FUNC_OFFSET:  1d25

FAILURE_BUCKET_ID:  0xc4_2000_VRF_gwdrv!Unknown_Function

BUCKET_ID:  0xc4_2000_VRF_gwdrv!Unknown_Function

PRIMARY_PROBLEM_CLASS:  0xc4_2000_VRF_gwdrv!Unknown_Function

TARGET_TIME:  2017-07-26T16:45:32.000Z

OSBUILD:  15063

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2017-06-03 03:53:36

BUILDDATESTAMP_STR:  170317-1834

BUILDLAB_STR:  rs2_release

BUILDOSVER_STR:  10.0.15063.0.amd64fre.rs2_release.170317-1834

ANALYSIS_SESSION_ELAPSED_TIME: 10e0

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc4_2000_vrf_gwdrv!unknown_function

FAILURE_ID_HASH:  {f59aab69-8684-0a5b-3a7e-4f5c5fc7f7af}

Followup:     MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff80e3dea1d25, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 0000000044435747, Pool Tag (if provided).

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  15063.0.amd64fre.rs2_release.170317-1834

DUMP_TYPE:  2

BUGCHECK_P1: 2000

BUGCHECK_P2: fffff80e3dea1d25

BUGCHECK_P3: 0

BUGCHECK_P4: 44435747

BUGCHECK_STR:  0xc4_2000

CPU_COUNT: 8

CPU_MHZ: e10

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  SYS-216

ANALYSIS_SESSION_TIME:  07-26-2017 11:54:52.0477

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8031477903f to fffff803141793f0

STACK_TEXT:  
ffff9580`c5bce5a8 fffff803`1477903f : 00000000`000000c4 00000000`00002000 fffff80e`3dea1d25 00000000`00000000 : nt!KeBugCheckEx
ffff9580`c5bce5b0 fffff803`1425ad1f : 00000000`00000000 fffff803`147709ca fffff803`142c4210 00000000`00000003 : nt!VerifierBugCheckIfAppropriate+0x6b
ffff9580`c5bce5f0 fffff803`147708b0 : 00000000`44435747 fffff803`1434b3a0 fffff80e`3dea1d25 ffff800c`01385e60 : nt!VfReportIssueWithOptions+0x103
ffff9580`c5bce640 fffff803`1476e701 : 00000000`44435747 ffff9580`c5bce7f9 00000000`00000000 00000000`00000000 : nt!VfCheckPoolType+0x90
ffff9580`c5bce680 fffff80e`3dea1d25 : 00000000`00000000 ffff800c`01399a00 ffff9580`c5bce7f9 fffff80e`3dea7290 : nt!VerifierExAllocatePoolEx+0x21
ffff9580`c5bce6d0 00000000`00000000 : ffff800c`01399a00 ffff9580`c5bce7f9 fffff80e`3dea7290 fffff80e`3dea7280 : gwdrv+0x1d25


STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  50001d3215dcc7aba00a74dc720565b4a20d4e8b

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  db8ce7fb508357675548dde3122e88e5015fddb8

THREAD_SHA1_HASH_MOD:  3b2ceb278d84fc2b117de5ea2854c0f86bf256f0

FOLLOWUP_IP: 
gwdrv+1d25
fffff80e`3dea1d25 488bd0          mov     rdx,rax

FAULT_INSTR_CODE:  48d08b48

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  gwdrv+1d25

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: gwdrv

IMAGE_NAME:  gwdrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5567e7ec

BUCKET_ID_FUNC_OFFSET:  1d25

FAILURE_BUCKET_ID:  0xc4_2000_VRF_gwdrv!Unknown_Function

BUCKET_ID:  0xc4_2000_VRF_gwdrv!Unknown_Function

PRIMARY_PROBLEM_CLASS:  0xc4_2000_VRF_gwdrv!Unknown_Function

TARGET_TIME:  2017-07-26T16:45:32.000Z

OSBUILD:  15063

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2017-06-03 03:53:36

BUILDDATESTAMP_STR:  170317-1834

BUILDLAB_STR:  rs2_release

BUILDOSVER_STR:  10.0.15063.0.amd64fre.rs2_release.170317-1834

ANALYSIS_SESSION_ELAPSED_TIME: b74

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc4_2000_vrf_gwdrv!unknown_function

FAILURE_ID_HASH:  {f59aab69-8684-0a5b-3a7e-4f5c5fc7f7af}

Followup:     MachineOwner
---------

@Ben_Page Are you getting a dmp file on your desktop? If so please email it to our “Bugs” email address using a cloud upload if you have the time. It will help us solve the problem.

https://www.glasswire.com/contact/

I would try two things.

  1. Assure your windows is up to date.
  2. Assure all your drivers are up to date. You can easily find and update all your drivers for free using iobits “driver booster”.

I have read some problems have been caused by outdated network drivers.

Although my first memory test passed, they are failing now. I think my motherboard may be bad. Regardless, I think it’s a hardware problem and the gwdrv crashdump was a red herring.

Thanks for your responses. This can be closed.

2 Likes

I am facing this problem too}

@Jack01

This is probably due to a third party audio driver. We will have a (hopefully permanent) fix out shortly.

Are you facing a Blue Screen of Death in Windows? Well, this can be due to many reasons. In order to fix that error follow the methods given below to fix the BSOD error;
1: Rollback driver
You can go back to the previous version of driver if available, using the given steps you can rollback to previous driver:
• Click on Start
• Search Device Manager, click on the result to open experience
• Expand the category with problem
• Right-click on it and select properties option
• Click on Driver Tab
• Click on Rollback Driver (available)
• Select the option to answer
• Click on Yes button
After the completion of this step. The recent driver will get replaced by the older one which may fix the issue of BSOD on your drive

2: Delete faulty Windows update
Sometimes during Windows update, the installation break in between and this can cause a blue screen. To fix this Windows 10 blue screen error, try uninstalling the faulty update. Follow the instruction to uninstall windows update:
Go to settings > Update and Recovery > Windows Update > Update history > uninstall updates.

3: Reconfigure BCD
If the (BCD) Boot Configuration Data has been damaged, rebuild it by following the below-given steps:
•Boot from the original install disk
•Click on Repair your computer
•Choose Troubleshoot, and Command Prompt
•Type the following commands:
bootrec /fixmbr
bootrec /fixboot
bootrec /scanos
bootrec /rebuildbcd
•Type exit and remove the installation disk, press Enter
•Restart the computer

Perform the above methods to get rid of BSOD error permanently.