This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EmbargoM.sys (USB Port Security) causing BSOD, Windows 10, random

We've had a few random Windows 10 machines BSOD and so far using WinDbg its pointed to a file called EmbargoM.sys which has to do with USB Port Security.  The file is in the C:\Windows\system32\DRIVERS and is file version 4.1.0.887 by Quest software, it is 108 KB in size.  We do have Desktop Authority USB/Port security installed version 3.2.0.256, and DA  version 10.20.256.  Are there any workarounds to this issue?  Here is a snippit of Windbg output from one of the machines memory.dmp files:

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804

SYSTEM_MANUFACTURER: Dell Inc.

SYSTEM_PRODUCT_NAME: OptiPlex 5050

SYSTEM_SKU: 07A2

BIOS_VENDOR: Dell Inc.

BIOS_VERSION: 1.7.9

BIOS_DATE: 01/30/2018

BASEBOARD_MANUFACTURER: Dell Inc.

BASEBOARD_PRODUCT: 0FDY5C

BASEBOARD_VERSION: A00

DUMP_TYPE: 1

BUGCHECK_P1: ffff9c0de3fe3000

BUGCHECK_P2: 0

BUGCHECK_P3: fffff80181ec9025

BUGCHECK_P4: c

READ_ADDRESS: ffff9c0de3fe3000 Nonpaged pool

FAULTING_IP:
nt!RtlInitUnicodeString+15
fffff801`81ec9025 66833c4200 cmp word ptr [rdx+rax*2],0

MM_INTERNAL_CODE: c

CPU_COUNT: 4

CPU_MHZ: c78

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: C2'00000000 (cache) C2'00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: WINWORD.EXE

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: DCU00690

ANALYSIS_SESSION_TIME: 02-15-2019 16:53:44.0641

ANALYSIS_VERSION: 10.0.15063.137 amd64fre

TRAP_FRAME: fffff685a83cc370 -- (.trap 0xfffff685a83cc370)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000018 rbx=0000000000000000 rcx=fffff685a83cc590
rdx=ffff9c0de3fe2fd0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80181ec9025 rsp=fffff685a83cc508 rbp=0000000000000001
r8=0000000000000000 r9=ffff9c0de3fa3b84 r10=fffff80180540180
r11=fffff80c739a0468 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!RtlInitUnicodeString+0x15:
fffff801`81ec9025 66833c4200 cmp word ptr [rdx+rax*2],0 ds:ffff9c0d`e3fe3000=????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80181eef659 to fffff801820370a0

STACK_TEXT:
fffff685`a83cc0b8 fffff801`81eef659 : 00000000`00000050 ffff9c0d`e3fe3000 00000000`00000000 fffff685`a83cc370 : nt!KeBugCheckEx
fffff685`a83cc0c0 fffff801`81ee7228 : ffffe50a`80a8c280 00000000`00000000 ffff8000`00000000 ffffcae5`72b95ca8 : nt!MiSystemFault+0xcf9
fffff685`a83cc200 fffff801`820447da : 00000000`00000010 ffff9c0d`e2e98180 ffff9c0d`e7140b58 00000000`00000020 : nt!MmAccessFault+0x1f8
fffff685`a83cc370 fffff801`81ec9025 : fffff80c`73998d04 ffff9c0d`ddc004b8 00000000`00000000 ffff9c0d`00000000 : nt!KiPageFault+0x31a
fffff685`a83cc508 fffff80c`73998d04 : ffff9c0d`ddc004b8 00000000`00000000 ffff9c0d`00000000 00000000`00000000 : nt!RtlInitUnicodeString+0x15
fffff685`a83cc510 fffff80c`7399d457 : fffff685`00000000 00000000`00000001 ffff9c0d`e3fa3a30 fffff685`a83cc720 : EmbargoM+0x8d04
fffff685`a83cc620 fffff80c`73992962 : fffff685`a83cc740 ffff9c0d`e7140bb0 fffff685`a83cc720 ffff9c0d`e7140b58 : EmbargoM+0xd457
fffff685`a83cc670 fffff80c`6dc066fc : ffff9c0d`e7140bf8 fffff685`a83cc769 ffff9c0d`e7140a70 ffff9c0d`e4a00240 : EmbargoM+0x2962
fffff685`a83cc6b0 fffff80c`6dc0629c : fffff685`a83cc840 fffff685`a83cc800 ffff9c0d`e2f40000 00000000`00000000 : FLTMGR!FltpPerformPreCallbacks+0x2dc
fffff685`a83cc7d0 fffff80c`6dc3bbb9 : ffff9c0d`e2f46430 00000000`00000000 ffff9c0d`d26d6930 ffff9c0d`d26d6880 : FLTMGR!FltpPassThroughInternal+0x8c
fffff685`a83cc800 fffff801`81f25e69 : ffff9c0d`e69a8b00 00000000`000000a4 ffff9c0d`e6e28248 ffff9c0d`e6e28010 : FLTMGR!FltpCreate+0x2c9
fffff685`a83cc8b0 fffff801`82352ba3 : 00000000`000000a4 fffff685`a83ccbc0 ffff9c0d`e65abd80 00000000`05d50001 : nt!IofCallDriver+0x59
fffff685`a83cc8f0 fffff801`8238282b : fffff801`82352430 fffff801`82352430 fffff685`00000000 ffff9c0d`d47ec030 : nt!IopParseDevice+0x773
fffff685`a83ccac0 fffff801`82350cdf : ffff9c0d`e2e98101 fffff685`a83ccd38 00000000`00000240 ffff9c0d`d12ccc60 : nt!ObpLookupObjectName+0x73b
fffff685`a83ccca0 fffff801`8234d045 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000028 : nt!ObOpenObjectByNameEx+0x1df
fffff685`a83ccde0 fffff801`8239e908 : fffff685`a83cd170 30ffe50a`6a0268c8 fffff685`a83cd198 fffff685`a83cd188 : nt!IopCreateFile+0x3f5
fffff685`a83cce80 fffff801`82047743 : fffff685`a83ccf50 00000000`00000000 000000f0`00000000 ffff9c0d`000040ec : nt!NtOpenFile+0x58
fffff685`a83ccf10 fffff801`8203aaa0 : fffff801`82673edc ffffe50a`6e534af0 fffff801`00000042 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff685`a83cd118 fffff801`82673edc : ffffe50a`6e534af0 fffff801`00000042 00000000`00000000 fffff801`81fb3710 : nt!KiServiceLinkage
fffff685`a83cd120 fffff801`826742c3 : ffffe50a`795a71a0 00000000`00000000 fffff801`824ed970 ffffe50a`795a92a6 : nt!SiIssueSynchronousIoctl+0x74
fffff685`a83cd1e0 fffff801`8253bba2 : 00000000`c0000022 00000000`00000002 00000000`0000ffff fffff685`a83cd390 : nt!SiGetEfiSystemDevice+0x1eb
fffff685`a83cd2f0 fffff801`82426ccd : fffff685`a83cd390 fffff685`a83cddf0 00000000`00000001 fffff801`82426c90 : nt!SiGetFirmwareSystemPartition+0x114ec2
fffff685`a83cd330 fffff801`82426bf5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SiGetSystemPartition+0x3d
fffff685`a83cd370 fffff801`82426b79 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SiGetSystemDeviceName+0x71
fffff685`a83cd400 fffff801`82426afd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SyspartDirectGetSystemPartition+0x19
fffff685`a83cd430 fffff801`82426a03 : fffff801`82426b60 00000000`00000000 00000000`00000000 fffff685`a83cd504 : nt!IopRetrieveSystemDeviceName+0xbd
fffff685`a83cd490 fffff801`8234e980 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IoQuerySystemDeviceName+0x27
fffff685`a83cd4d0 fffff801`8234daab : 00000000`00000000 00000000`00000000 00000000`00000000 fffff801`820f1d17 : nt!ExpQuerySystemInformation+0xdc0
fffff685`a83cdd30 fffff801`82047743 : 00000000`00000000 fffff801`820f1cd1 00000000`00000000 00000000`00000000 : nt!NtQuerySystemInformation+0x2b
fffff685`a83cdd70 fffff801`8203aaa0 : fffff80c`6dde0e72 ffff9c0d`e2991381 fffff801`81fc178f ffffcafb`42d41de0 : nt!KiSystemServiceCopyEnd+0x13
fffff685`a83cdf08 fffff80c`6dde0e72 : ffff9c0d`e2991381 fffff801`81fc178f ffffcafb`42d41de0 ffffcafb`42d41de0 : nt!KiServiceLinkage
fffff685`a83cdf10 fffff80c`6dde1019 : fffff685`a76bdc40 00000000`00000002 ffff9c0d`e2991380 00000000`00000000 : CI!CipGetSupplementalPolicyPathOnExpandedStack+0x3a
fffff685`a83cdf50 fffff801`8203a597 : fffff685`a83cdfd1 00000000`00000002 8a000000`12d42863 ffff9c0d`e2991380 : CI!CipGetSupplementalPolicyPathOnExpandedStackCallout+0x19
fffff685`a83cdf80 fffff801`8203a55d : 00000000`00011803 ffff9c0d`e2991380 00000000`00000001 fffff801`81f4c42a : nt!KxSwitchKernelStackCallout+0x27
fffff685`a76bda50 fffff801`81f4c42a : fffff685`00000013 00000000`00000003 00000000`c0017f11 00000000`00000000 : nt!KiSwitchKernelStackContinue
fffff685`a76bda70 fffff801`81f4c26e : fffff80c`6dde1000 00000000`00011800 00000000`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x12a
fffff685`a76bdaf0 fffff801`81f4c125 : fffff685`a76bdc60 fffff685`a76bdc40 00020019`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutSwitchStack+0x9e
fffff685`a76bdb60 fffff801`81f4c0dd : fffff80c`6dde1000 fffff685`a76bdc40 00000000`00000000 fffff685`a76be7c8 : nt!KeExpandKernelStackAndCalloutInternal+0x35
fffff685`a76bdbc0 fffff80c`6dde157b : ffffe50a`6a0f5138 fffff801`8257d161 00000000`00000000 00000000`00000040 : nt!KeExpandKernelStackAndCalloutEx+0x1d
fffff685`a76bdc00 fffff80c`6dde1499 : 00000000`00000024 00000000`00000000 00000000`00000000 fffff685`a76be7c8 : CI!CipIsUnlockTokenPresentAndValid+0x57
fffff685`a76bdc70 fffff80c`6ddc9ef3 : ffffe50a`6a9b8e00 fffff685`a76be7c8 00000000`00000000 fffff685`a76bdea0 : CI!CiGetUnlockInformation+0xa9
fffff685`a76bdd20 fffff801`8234e5f9 : 00000000`00000000 00000000`00000000 ffffe50a`739fb170 fffff685`a76bdf50 : CI!CipQueryPolicyInformation+0x43
fffff685`a76bdd50 fffff801`8234daab : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ExpQuerySystemInformation+0xa39
fffff685`a76be5b0 fffff801`82047743 : fffff685`a76be5f0 fffff685`a76be5f0 00000000`00000000 ffffae09`65fd9400 : nt!NtQuerySystemInformation+0x2b
fffff685`a76be5f0 fffff801`8203aaa0 : fffff801`8243c9d4 fffff685`a76beac0 ffffe50a`6a432c70 00000000`00000004 : nt!KiSystemServiceCopyEnd+0x13
fffff685`a76be788 fffff801`8243c9d4 : fffff685`a76beac0 ffffe50a`6a432c70 00000000`00000004 00000000`00000000 : nt!KiServiceLinkage
fffff685`a76be790 fffff801`8235a8bf : ffff9c0d`00000000 00000000`c0000200 fffff685`a76beac0 ffff9c0d`e05e8420 : nt!ExpCloudbookHardwareLockedProvider+0x94
fffff685`a76be830 fffff801`823595c8 : 00000000`00000f32 fffff685`a76bee40 ffffd481`20534c53 ffff9c0d`00000000 : nt!ExQueryLicenseValueInternal+0x3cf
fffff685`a76bea90 fffff801`82358408 : ffffe50a`867af160 00000000`00000001 00000000`00000008 ffff9c0d`00000000 : nt!SPCallServerHandleQueryPolicy+0x460
fffff685`a76bec10 fffff801`82435475 : ffffd481`36d1c148 fffff685`a76bf090 00000000`0000020c 00000000`16f84060 : nt!SPCall2ServerInternal+0xbc8
fffff685`a76bef80 fffff801`81f4c17a : fffff685`a76bfa80 fffff685`a76bf090 ffffd481`00000000 ffffd481`00000000 : nt!CmAddLogForAction+0x519
fffff685`a76befc0 fffff801`81f4c0dd : fffff801`82435450 fffff685`a76bf090 fffff685`a76bf170 ffffe50a`7f094010 : nt!KeExpandKernelStackAndCalloutInternal+0x8a
fffff685`a76bf020 fffff801`824259b0 : ffffd481`37113700 fffff801`82177543 ffffe50a`739fb100 00000000`0000020c : nt!KeExpandKernelStackAndCalloutEx+0x1d
fffff685`a76bf060 fffff801`824258bb : 00000000`00000f32 00000000`00001000 ffff9c0d`20534c53 00000000`00000000 : nt!ExHandleSPCall2+0x27c
fffff685`a76bf0c0 fffff801`8234e39e : ffff9c0d`00000000 00000000`00d5dae0 00000000`00000000 00000000`00000000 : nt!ExHandleSPCall2+0x187
fffff685`a76bf160 fffff801`8234daab : 00000001`00060001 fffff685`a76bf9c8 00000000`00d5e720 00000000`00000001 : nt!ExpQuerySystemInformation+0x7de
fffff685`a76bf9c0 fffff801`82047743 : ffff9c0d`e2991380 00000000`00e82000 00000000`00d5fda0 00000000`776f4620 : nt!NtQuerySystemInformation+0x2b
fffff685`a76bfa00 00007ff9`2225b064 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00d5da68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`2225b064


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: 5d2394d548dc4c6a5b0d80c294f50221f8ef6b8b

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 14927eb1eaf665f115f851ee54a86c76d900c6d6

THREAD_SHA1_HASH_MOD: b2bc8362503d4845a857c58bd5fad0a185d2d08c

FOLLOWUP_IP:
EmbargoM+8d04
fffff80c`73998d04 0fb79c2480000000 movzx ebx,word ptr [rsp+80h]

FAULT_INSTR_CODE: 249cb70f

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: EmbargoM+8d04

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: EmbargoM

IMAGE_NAME: EmbargoM.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 59392051

BUCKET_ID_FUNC_OFFSET: 8d04

FAILURE_BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function

BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function

PRIMARY_PROBLEM_CLASS: AV_R_INVALID_EmbargoM!unknown_function

TARGET_TIME: 2019-02-04T14:51:38.000Z

OSBUILD: 17134

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2019-01-01 01:44:13

BUILDDATESTAMP_STR: 180410-1804

BUILDLAB_STR: rs4_release

BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804

ANALYSIS_SESSION_ELAPSED_TIME: f10

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_r_invalid_embargom!unknown_function

FAILURE_ID_HASH: {6682c669-9d02-309c-64da-82152baf14f9}

Followup: MachineOwner
---------

0: kd> lmvm EmbargoM
Browse full module list
start end module name
fffff80c`73990000 fffff80c`739aa000 EmbargoM (no symbols)
Loaded symbol image file: EmbargoM.sys
Image path: \SystemRoot\system32\DRIVERS\EmbargoM.sys
Image name: EmbargoM.sys
Browse all global symbols functions data
Timestamp: Thu Jun 8 06:00:49 2017 (59392051)
CheckSum: 000271D0
ImageSize: 0001A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4