• State Not Answered
  • Replies 3 replies
  • Subscribers 15 subscribers
  • Views 2459 views
  • Users 0 members are here
Options
Related

Embargom.sys causing random BSOD in Windows 10 20H2

sauerk
over 2 years ago

Hello,

We have a user who has gotten 4 random BSOD's from the EmbargoM.sys USB Port Security driver.  Is there any update to this, or do you know how to resolve it?

Here's the output from Windgb.

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffe708a4ded000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8001f098ea3, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------


KEY_VALUES_STRING: 1


STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 19041.1.amd64fre.vb_release.191206-1406

SYSTEM_MANUFACTURER: Dell Inc.

SYSTEM_PRODUCT_NAME: OptiPlex 5040

SYSTEM_SKU: 06BA

BIOS_VENDOR: Dell Inc.

BIOS_VERSION: 1.14.5

BIOS_DATE: 07/19/2019

BASEBOARD_MANUFACTURER: Dell Inc.

BASEBOARD_PRODUCT: 0T7D40

BASEBOARD_VERSION: A01

DUMP_TYPE: 1

BUGCHECK_P1: ffffe708a4ded000

BUGCHECK_P2: 0

BUGCHECK_P3: fffff8001f098ea3

BUGCHECK_P4: 2

READ_ADDRESS: Unable to get offset of nt!_MI_VISIBLE_STATE.SpecialPool
Unable to get value of nt!_MI_VISIBLE_STATE.SessionSpecialPool
ffffe708a4ded000 Nonpaged pool

FAULTING_IP:
nt!RtlInitUnicodeString+23
fffff800`1f098ea3 66833c4200 cmp word ptr [rdx+rax*2],0

MM_INTERNAL_CODE: 2

CPU_COUNT: 4

CPU_MHZ: c78

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: CC'00000000 (cache) CC'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: SearchApp.exe

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: DCU00690

ANALYSIS_SESSION_TIME: 12-09-2021 12:48:37.0923

ANALYSIS_VERSION: 10.0.17763.1 amd64fre

TRAP_FRAME: ffffa98a67004900 -- (.trap 0xffffa98a67004900)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000030 rbx=0000000000000000 rcx=ffffa98a67004b20
rdx=ffffe708a4decfa0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8001f098ea3 rsp=ffffa98a67004a98 rbp=0000000000000001
r8=0000000000000000 r9=ffffe708a4ddfe44 r10=000000004d444c53
r11=fffff80027ac0468 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po nc
nt!RtlInitUnicodeString+0x23:
fffff800`1f098ea3 66833c4200 cmp word ptr [rdx+rax*2],0 ds:ffffe708`a4ded000=????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff8001f24a56f to fffff8001f1f72a0

STACK_TEXT:
ffffa98a`67004658 fffff800`1f24a56f : 00000000`00000050 ffffe708`a4ded000 00000000`00000000 ffffa98a`67004900 : nt!KeBugCheckEx
ffffa98a`67004660 fffff800`1f09f390 : ffffa98a`00000040 00000000`00000000 ffffa98a`67004980 00000000`00000000 : nt!MiSystemFault+0x18d1bf
ffffa98a`67004760 fffff800`1f20545e : ffff8486`16a00340 ffffa98a`670049ff 00000000`00000301 00000000`00000000 : nt!MmAccessFault+0x400
ffffa98a`67004900 fffff800`1f098ea3 : fffff800`27ab8d04 ffffe708`a4dc34b8 00000000`00000000 ffffe708`00000000 : nt!KiPageFault+0x35e
ffffa98a`67004a98 fffff800`27ab8d04 : ffffe708`a4dc34b8 00000000`00000000 ffffe708`00000000 00000000`00000000 : nt!RtlInitUnicodeString+0x23
ffffa98a`67004aa0 fffff800`27abd457 : ffffe708`00000000 00000000`00000001 ffffa98a`00000000 ffffa98a`67004cb0 : EmbargoM+0x8d04
ffffa98a`67004bb0 fffff800`27ab2962 : ffffa98a`67004cd8 ffffe708`bff78c50 ffffa98a`67004cb0 ffffe708`bff78bf8 : EmbargoM+0xd457
ffffa98a`67004c00 fffff800`1e6d601c : ffffe708`bff78b10 ffffa98a`67004cf9 ffffe708`bff78bf8 ffffe708`bff78c98 : EmbargoM+0x2962
ffffa98a`67004c40 fffff800`1e6d5c55 : 00000000`00000000 fffff800`1e6d7800 00000000`00000000 fffff800`00000000 : FLTMGR!FltpPerformPreCallbacksWorker+0x36c
ffffa98a`67004d60 fffff800`1e70c270 : ffffa98a`67006000 ffffa98a`66ff4000 00000000`00000000 00000000`00000000 : FLTMGR!FltpPassThroughInternal+0x265
ffffa98a`67004db0 fffff800`1f08f6f5 : ffffe708`c5b65500 ffffe708`aa18b060 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x310
ffffa98a`67004e60 fffff800`1f090ce4 : 00000000`00000000 ffffe708`c58c9ae0 ffffe708`aa174e20 fffff800`1f090913 : nt!IofCallDriver+0x55
ffffa98a`67004ea0 fffff800`1f47717d : ffffa98a`67005160 ffffe708`aa18b060 ffffe708`c5b65618 00000000`aa180001 : nt!IoCallDriverWithTracing+0x34
ffffa98a`67004ef0 fffff800`1f3f23ee : ffffe708`aa18b060 00000000`00000000 ffffe708`c58c9ae0 ffffe708`c58c9a00 : nt!IopParseDevice+0x117d
ffffa98a`67005060 fffff800`1f4948aa : ffffe708`c58c9a00 ffffa98a`670052c8 ffff8486`00000240 ffffe708`a52ad400 : nt!ObpLookupObjectName+0x3fe
ffffa98a`67005230 fffff800`1f41608f : ffffe708`00000000 ffffa98a`670056f0 00000000`00000000 00000000`00000000 : nt!ObOpenObjectByNameEx+0x1fa
ffffa98a`67005360 fffff800`1f415bd8 : ffffa98a`670057b0 ffff8486`2d4c9330 ffffa98a`670056f0 ffffa98a`670056e0 : nt!IopCreateFile+0x40f
ffffa98a`67005400 fffff800`1f208cb5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtOpenFile+0x58
ffffa98a`67005490 fffff800`1f1fb100 : fffff800`1f4f32d2 00000000`00000000 00000000`000000c0 00000000`000000c8 : nt!KiSystemServiceCopyEnd+0x25
ffffa98a`67005698 fffff800`1f4f32d2 : 00000000`00000000 00000000`000000c0 00000000`000000c8 00000000`00040082 : nt!KiServiceLinkage
ffffa98a`670056a0 fffff800`1f5687c9 : 00000000`00000000 ffffa98a`67005808 00000000`00000000 fffff800`1f568a29 : nt!SiOpenDevice+0x7e
ffffa98a`67005730 fffff800`1f5686ac : 00000000`00000000 00000000`00000001 00000000`00000000 ffff8486`3310f880 : nt!SiGetDriveLayoutInformation+0x2d
ffffa98a`670057a0 fffff800`1f4f2cd3 : 00000000`c0000022 ffff8486`3310f880 00000000`00000000 00000000`00000000 : nt!SiGetBiosSystemPartition+0x48
ffffa98a`67005800 fffff800`1f4f2c4d : ffffa98a`670058b0 ffffa98a`670058b0 00000000`00000001 00000000`00000000 : nt!SiGetFirmwareSystemPartition+0x73
ffffa98a`67005850 fffff800`1f503a96 : 00000000`00000000 3420216e`0106f46e 39642104`a9612101 5f731901`8d742103 : nt!SiGetSystemPartition+0x3d
ffffa98a`67005890 fffff800`1f503a09 : 64657473`1c026964 64652023`15654163 00000000`00000000 2002013d`6e6f692b : nt!SiGetSystemDeviceName+0x7e
ffffa98a`67005920 fffff800`1f5023b9 : 29200101`3c64652a 65743c5c`0601a764 7065743c`3b256170 7065743c`5b550129 : nt!SyspartDirectGetSystemPartition+0x19
ffffa98a`67005950 fffff800`1f5022b9 : fffff800`1f5039f0 00000000`00000000 85706574`00000000 ffffa98a`67005a20 : nt!IopRetrieveSystemDeviceName+0xc1
ffffa98a`670059b0 fffff800`1f49155c : 00000000`00000000 034a6129`000bf928 28610105`1b612900 01056d61`290003e1 : nt!IoQuerySystemDeviceName+0x2d
ffffa98a`670059f0 fffff800`1f48f1a7 : 7d617265`23106574 4101716d`65722b16 6e0113a0`6d290772 420be028`07626121 : nt!ExpQuerySystemInformation+0x226c
ffffa98a`67005d30 fffff800`1f208cb5 : 2c16f020`72650000 6541037d`20726568 230b6620`726f2315 72612b0b`47206572 : nt!NtQuerySystemInformation+0x37
ffffa98a`67005d70 fffff800`1f1fb100 : fffff800`23e51400 00000000`0000000c fffff800`1f1592a6 ffffe708`c2bec581 : nt!KiSystemServiceCopyEnd+0x25
ffffa98a`67005f08 fffff800`23e51400 : 00000000`0000000c fffff800`1f1592a6 ffffe708`c2bec581 8a000001`1e7f1863 : nt!KiServiceLinkage
ffffa98a`67005f10 fffff800`23e515e9 : ffffa98a`66916650 ffffa98a`66916503 ffffe708`c2bec580 00000000`00000000 : CI!CipGetSupplementalPolicyPathOnExpandedStack+0x40
ffffa98a`67005f50 fffff800`1f1fab7e : ffffa98a`67005fd1 ffffa98a`66916503 290bea63`2162010e ffffe708`c2bec580 : CI!CipGetSupplementalPolicyPathOnExpandedStackCallout+0x19
ffffa98a`67005f80 fffff800`1f1fab3c : ffffa98a`67005fd1 ffffe708`c2bec580 ffffa98a`67006000 fffff800`1f0f87bd : nt!KxSwitchKernelStackCallout+0x2e
ffffa98a`66916440 fffff800`1f0f87bd : ffffa98a`67005fd1 ffffe708`c2bec580 ffffa98a`66916503 00000000`00000000 : nt!KiSwitchKernelStackContinue
ffffa98a`66916460 fffff800`1f0f85b2 : fffff800`23e515d0 ffffa98a`66916650 ffffa98a`00000002 ffffa98a`00000002 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x19d
ffffa98a`66916500 fffff800`1f0f8413 : ffffa98a`66916c00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xf2
ffffa98a`66916570 fffff800`1f0f83cd : fffff800`23e515d0 ffffa98a`66916650 00000000`00000000 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x33
ffffa98a`669165e0 fffff800`23e51645 : 00000000`00000000 00000000`00000000 ffff8486`17399a60 00000000`00000001 : nt!KeExpandKernelStackAndCalloutEx+0x1d
ffffa98a`66916620 fffff800`23e51b94 : 00000000`00000000 00000000`00000000 ffff54e0`71799054 fffff800`1f3f18e1 : CI!CipGetSupplementalPolicyPath+0x49
ffffa98a`66916680 fffff800`23e51ad9 : 00000000`00000000 00000000`00000000 ffffa98a`66916c00 ffffa98a`669167f0 : CI!CipIsUnlockTokenPresentAndValid+0x24
ffffa98a`669166c0 fffff800`23e358cd : 00000000`00000001 ffffa98a`66916d68 00000000`00000000 00000000`00000000 : CI!CiGetUnlockInformation+0x75
ffffa98a`66916770 fffff800`1f4d437d : ffffa98a`66916d68 00000000`00000001 00000000`00000000 00000000`00000000 : CI!CipQueryPolicyInformation+0x9d
ffffa98a`669167b0 fffff800`1f4915da : 00000000`00000000 ffff8486`37831240 00000000`00000000 00000000`00000000 : nt!SeCodeIntegrityQueryPolicyInformation+0x2d
ffffa98a`66916800 fffff800`1f48f1a7 : 00000000`00002ac4 ffffa98a`66916b01 fffff800`2761f2a8 fffff800`1e6e9c91 : nt!ExpQuerySystemInformation+0x22ea
ffffa98a`66916b40 fffff800`1f208cb5 : ffffe708`c1fc0000 fffff800`275574b2 00000000`00000000 ffffa98a`66916bf0 : nt!NtQuerySystemInformation+0x37
ffffa98a`66916b80 fffff800`1f1fb100 : fffff800`23cbad23 fffff800`00000000 fffff800`1fb2fe20 00000000`00000004 : nt!KiSystemServiceCopyEnd+0x25
ffffa98a`66916d18 fffff800`23cbad23 : fffff800`00000000 fffff800`1fb2fe20 00000000`00000004 00000000`000000ff : nt!KiServiceLinkage
ffffa98a`66916d20 fffff800`23cb8f61 : fffff800`1fb2fe20 00000000`00000004 ffffa98a`66917028 fffff800`27526a00 : clipsp+0xbad23
ffffa98a`66916dd0 fffff800`1f458354 : ffffa98a`00000003 00000000`00000000 00000000`20534c53 00000000`00000000 : clipsp+0xb8f61
ffffa98a`66916f80 fffff800`1f46ed65 : 00000000`00000001 ffffa98a`66917089 00000000`00000004 ffffa98a`00000000 : nt!PspValidateJobAssignmentSiloPolicy+0xc8
ffffa98a`66916fd0 fffff800`1f46cb43 : ffff8486`214c2dd0 00000000`c000003e 00000000`00000000 00000000`00000000 : nt!SPCallServerHandleQueryPolicy+0x625
ffffa98a`669170f0 fffff800`1f46ba15 : 00000000`00000000 ffffa98a`669175b0 00000215`1ad24d50 fffff800`1f46b9f0 : nt!SPCall2ServerInternal+0xa8b
ffffa98a`66917490 fffff800`1f0f8458 : ffffa98a`66917a80 00000000`00000000 ffff9900`00000000 00000000`0000020c : nt!EtwpGetProviderGroupFromTraits+0x89
ffffa98a`669174d0 fffff800`1f0f83cd : fffff800`1f46b9f0 ffffa98a`669175b0 ffffa98a`66917690 00000000`20534c53 : nt!KeExpandKernelStackAndCalloutInternal+0x78
ffffa98a`66917540 fffff800`1f4af474 : 00000000`0000020c fffff800`1f7b11c4 00000000`00000003 00000000`00000004 : nt!KeExpandKernelStackAndCalloutEx+0x1d
ffffa98a`66917580 fffff800`1f4af37e : 00000000`00000000 ffffa98a`66917a80 00000000`00000000 00000000`00000000 : nt!ExHandleSPCall2+0x26c
ffffa98a`669175e0 fffff800`1f4918e1 : ffff9900`00000000 00000039`1bbff268 00000000`00000000 00000039`1bbff268 : nt!ExHandleSPCall2+0x176
ffffa98a`66917680 fffff800`1f48f1a7 : 00007ffe`54321180 00000000`00012e71 00007ffe`541d0000 00000039`1bbfedb8 : nt!ExpQuerySystemInformation+0x25f1
ffffa98a`669179c0 fffff800`1f208cb5 : 00007ffe`52750000 00000000`00000000 ffffa98a`66917a80 ffffe708`00000000 : nt!NtQuerySystemInformation+0x37
ffffa98a`66917a00 00007ffe`5426d434 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000039`1bbfef28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`5426d434


THREAD_SHA1_HASH_MOD_FUNC: 14180c25ea8790a89e17e04082985a43b84e4307

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 150383951f7b17254b986775a76a164241d7ec4d

THREAD_SHA1_HASH_MOD: 07a839a85cd58e68ce7831369f08b9bf754b251f

FOLLOWUP_IP:
EmbargoM+8d04
fffff800`27ab8d04 0fb79c2480000000 movzx ebx,word ptr [rsp+80h]

FAULT_INSTR_CODE: 249cb70f

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: EmbargoM+8d04

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: EmbargoM

IMAGE_NAME: EmbargoM.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 59392051

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 8d04

FAILURE_BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function

BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function

PRIMARY_PROBLEM_CLASS: AV_R_INVALID_EmbargoM!unknown_function

TARGET_TIME: 2021-12-09T17:23:17.000Z

OSBUILD: 19041

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: unknown_date

BUILDDATESTAMP_STR: 191206-1406

BUILDLAB_STR: vb_release

BUILDOSVER_STR: 10.0.19041.1.amd64fre.vb_release.191206-1406

ANALYSIS_SESSION_ELAPSED_TIME: 11b7

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_r_invalid_embargom!unknown_function

FAILURE_ID_HASH: {6682c669-9d02-309c-64da-82152baf14f9}

Followup: MachineOwner

  • 0 over 2 years ago

    Hello,

    I see this is happening to one user only and there is a possibility the USB/PS is corrupted. Please try to uninstall the USB Port Security within the Control Panel, once it's uninstalled ask the user to log out and log in to get a fresh USB/PS installation. If the user still getting BSOD please create a service request to review the issue over a remote session. 

    To create the service request please use one of the following:

    support.quest.com/create-service-request

    Or

    You can call these numbers:
    1.800.306.9329  or 949.754.8000
    Monday to Friday from 8:00 am to 8:00 pm EST

    Thank you,

  • 0 over 2 years ago

    I have a different machine BSOD with EmbargoM.sys and the common fault is: INVALID_EmbargoM!unknown_function.  Could the developer of EmbargoM.sys be notified and program proper unknown_function exception handling so it does not BSOD the entire machine?

    2/2/22 first BSOD - PAGE_FAULT_IN_NONPAGED_AREA between EmbargoM (Desktop Authority USB/Port Security driver) and SearchApp.exe
    BugCheck 50, {ffffd4848d768000, 0, fffff8005ba98fe3, 2}
    *** WARNING: Unable to verify timestamp for EmbargoM.sys
    *** ERROR: Module load completed but symbols could not be loaded for EmbargoM.sys
    Could not read faulting driver name
    Probably caused by : EmbargoM.sys ( EmbargoM+8d04 )
    Followup: MachineOwner
    ---------
    1: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced. This cannot be protected by try-except.
    Typically the address is just plain bad or it is pointing at freed memory.
    Arguments:
    Arg1: ffffd4848d768000, memory referenced.
    Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
    Arg3: fffff8005ba98fe3, If non-zero, the instruction address which referenced the bad memory
     address.
    Arg4: 0000000000000002, (reserved)
    Debugging Details:
    ------------------
    Could not read faulting driver name
    KEY_VALUES_STRING: 1
    STACKHASH_ANALYSIS: 1
    TIMELINE_ANALYSIS: 1
    DUMP_CLASS: 1
    DUMP_QUALIFIER: 400
    BUILD_VERSION_STRING: 19041.1.amd64fre.vb_release.191206-1406
    SYSTEM_MANUFACTURER: Dell Inc.
    SYSTEM_PRODUCT_NAME: OptiPlex 5050
    SYSTEM_SKU: 07A2
    BIOS_VENDOR: Dell Inc.
    BIOS_VERSION: 1.19.0
    BIOS_DATE: 12/02/2021
    BASEBOARD_MANUFACTURER: Dell Inc.
    BASEBOARD_PRODUCT: 0FDY5C
    BASEBOARD_VERSION: A00
    DUMP_TYPE: 2
    BUGCHECK_P1: ffffd4848d768000
    BUGCHECK_P2: 0
    BUGCHECK_P3: fffff8005ba98fe3
    BUGCHECK_P4: 2
    READ_ADDRESS: fffff8005c4fb390: Unable to get MiVisibleState
    Unable to get NonPagedPoolStart
    Unable to get NonPagedPoolEnd
    Unable to get PagedPoolStart
    Unable to get PagedPoolEnd
     ffffd4848d768000
    FAULTING_IP:
    nt!RtlInitUnicodeString+23
    fffff800`5ba98fe3 66833c4200 cmp word ptr [rdx+rax*2],0
    MM_INTERNAL_CODE: 2
    CPU_COUNT: 4
    CPU_MHZ: c78
    CPU_VENDOR: GenuineIntel
    CPU_FAMILY: 6
    CPU_MODEL: 5e
    CPU_STEPPING: 3
    CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: EC'00000000 (cache) EC'00000000 (init)
    BLACKBOXBSD: 1 (!blackboxbsd)
    CUSTOMER_CRASH_COUNT: 1
    DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
    BUGCHECK_STR: AV
    PROCESS_NAME: SearchApp.exe
    CURRENT_IRQL: 0
    ANALYSIS_SESSION_HOST: DCU00690
    ANALYSIS_SESSION_TIME: 02-03-2022 09:25:08.0420
    ANALYSIS_VERSION: 10.0.17763.1 amd64fre
    TRAP_FRAME: ffffee027d2d1830 -- (.trap 0xffffee027d2d1830)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000430 rbx=0000000000000000 rcx=ffffee027d2d1a50
    rdx=ffffd4848d7677a0 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8005ba98fe3 rsp=ffffee027d2d19c8 rbp=0000000000000001
     r8=0000000000000000 r9=ffffd4848f6e5164 r10=000000004d444c53
    r11=fffff80068900468 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0 nv up ei pl nz ac po nc
    nt!RtlInitUnicodeString+0x23:
    fffff800`5ba98fe3 66833c4200 cmp word ptr [rdx+rax*2],0 ds:ffffd484`8d768000=????
    Resetting default scope
    LAST_CONTROL_TRANSFER: from fffff8005bc4a56f to fffff8005bbf72e0
    STACK_TEXT:
    ffffee02`7d2d1588 fffff800`5bc4a56f : 00000000`00000050 ffffd484`8d768000 00000000`00000000 ffffee02`7d2d1830 : nt!KeBugCheckEx
    ffffee02`7d2d1590 fffff800`5ba9f4d0 : ffffd484`a94d7080 00000000`00000000 ffffee02`7d2d18b0 00000000`00000000 : nt!MiSystemFault+0x18d07f
    ffffee02`7d2d1690 fffff800`5bc0545e : ffff970d`8dc00340 ffffee02`7d2d18ff 00000000`00000301 00000000`00000000 : nt!MmAccessFault+0x400
    ffffee02`7d2d1830 fffff800`5ba98fe3 : fffff800`688f8d04 ffffd484`8d7744b8 00000000`00000000 ffffd484`00000000 : nt!KiPageFault+0x35e
    ffffee02`7d2d19c8 fffff800`688f8d04 : ffffd484`8d7744b8 00000000`00000000 ffffd484`00000000 00000000`00000000 : nt!RtlInitUnicodeString+0x23
    ffffee02`7d2d19d0 ffffd484`8d7744b8 : 00000000`00000000 ffffd484`00000000 00000000`00000000 ffffd484`8d774cd0 : EmbargoM+0x8d04
    ffffee02`7d2d19d8 00000000`00000000 : ffffd484`00000000 00000000`00000000 ffffd484`8d774cd0 ffffee02`7d2d1ae0 : 0xffffd484`8d7744b8
    THREAD_SHA1_HASH_MOD_FUNC: 4ada2c3435f6084afe75e32950bb01fe7efec5c5
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 9726cbcf0ab30a10198c7067bdd19ef2fecfa122
    THREAD_SHA1_HASH_MOD: 46d0c2ddac1535ec12a908c2ee23f7d1d3ce33c9
    FOLLOWUP_IP:
    EmbargoM+8d04
    fffff800`688f8d04 0fb79c2480000000 movzx ebx,word ptr [rsp+80h]
    FAULT_INSTR_CODE: 249cb70f
    SYMBOL_STACK_INDEX: 5
    SYMBOL_NAME: EmbargoM+8d04
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: EmbargoM
    IMAGE_NAME: EmbargoM.sys
    DEBUG_FLR_IMAGE_TIMESTAMP: 59392051
    STACK_COMMAND: .thread ; .cxr ; kb
    BUCKET_ID_FUNC_OFFSET: 8d04
    FAILURE_BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function
    BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function
    PRIMARY_PROBLEM_CLASS: AV_R_INVALID_EmbargoM!unknown_function
    TARGET_TIME: 2022-02-02T16:01:42.000Z
    OSBUILD: 19041
    OSSERVICEPACK: 1466
    SERVICEPACK_NUMBER: 0
    OS_REVISION: 0
    SUITE_MASK: 272
    PRODUCT_TYPE: 1
    OSPLATFORM_TYPE: x64
    OSNAME: Windows 10
    OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
    OS_LOCALE:
    USER_LCID: 0
    OSBUILD_TIMESTAMP: 1990-10-22 11:52:08
    BUILDDATESTAMP_STR: 191206-1406
    BUILDLAB_STR: vb_release
    BUILDOSVER_STR: 10.0.19041.1.amd64fre.vb_release.191206-1406
    ANALYSIS_SESSION_ELAPSED_TIME: 227a
    ANALYSIS_SOURCE: KM
    FAILURE_ID_HASH_STRING: km:av_r_invalid_embargom!unknown_function
    FAILURE_ID_HASH: {6682c669-9d02-309c-64da-82152baf14f9}
    Followup: MachineOwner
    Crash dump from 1/13/2022 - PAGE_FAULT_IN_NONPAGED_AREA - EmbargoM.sys (Desktop Authority USB/Port Security)
    BugCheck 50, {ffffae8c5b903000, 0, fffff80672e98f83, 2}
    *** WARNING: Unable to verify timestamp for EmbargoM.sys
    *** ERROR: Module load completed but symbols could not be loaded for EmbargoM.sys
    Could not read faulting driver name
    Probably caused by : EmbargoM.sys ( EmbargoM+8d04 )
    Followup: MachineOwner
    ---------
    3: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced. This cannot be protected by try-except.
    Typically the address is just plain bad or it is pointing at freed memory.
    Arguments:
    Arg1: ffffae8c5b903000, memory referenced.
    Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
    Arg3: fffff80672e98f83, If non-zero, the instruction address which referenced the bad memory
     address.
    Arg4: 0000000000000002, (reserved)
    Debugging Details:
    ------------------
    Could not read faulting driver name
    KEY_VALUES_STRING: 1
    STACKHASH_ANALYSIS: 1
    TIMELINE_ANALYSIS: 1
    DUMP_CLASS: 1
    DUMP_QUALIFIER: 400
    BUILD_VERSION_STRING: 19041.1.amd64fre.vb_release.191206-1406
    DUMP_TYPE: 2
    BUGCHECK_P1: ffffae8c5b903000
    BUGCHECK_P2: 0
    BUGCHECK_P3: fffff80672e98f83
    BUGCHECK_P4: 2
    READ_ADDRESS: fffff806738fb390: Unable to get MiVisibleState
    Unable to get NonPagedPoolStart
    Unable to get NonPagedPoolEnd
    Unable to get PagedPoolStart
    Unable to get PagedPoolEnd
     ffffae8c5b903000
    FAULTING_IP:
    nt!RtlInitUnicodeString+23
    fffff806`72e98f83 66833c4200 cmp word ptr [rdx+rax*2],0
    MM_INTERNAL_CODE: 2
    CPU_COUNT: 4
    CPU_MHZ: c78
    CPU_VENDOR: GenuineIntel
    CPU_FAMILY: 6
    CPU_MODEL: 5e
    CPU_STEPPING: 3
    CUSTOMER_CRASH_COUNT: 1
    DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
    BUGCHECK_STR: AV
    PROCESS_NAME: explorer.exe
    CURRENT_IRQL: 0
    ANALYSIS_SESSION_HOST: DCU00690
    ANALYSIS_SESSION_TIME: 02-03-2022 09:30:15.0188
    ANALYSIS_VERSION: 10.0.17763.1 amd64fre
    TRAP_FRAME: ffff8105296c1830 -- (.trap 0xffff8105296c1830)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=00000000000006f0 rbx=0000000000000000 rcx=ffff8105296c1a50
    rdx=ffffae8c5b902220 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80672e98f83 rsp=ffff8105296c19c8 rbp=0000000000000001
     r8=0000000000000000 r9=ffffae8c5b98a4e4 r10=000000004d444c53
    r11=fffff806825d0468 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0 nv up ei pl nz ac po nc
    nt!RtlInitUnicodeString+0x23:
    fffff806`72e98f83 66833c4200 cmp word ptr [rdx+rax*2],0 ds:ffffae8c`5b903000=????
    Resetting default scope
    LAST_CONTROL_TRANSFER: from fffff8067304a36f to fffff80672ff70d0
    STACK_TEXT:
    ffff8105`296c1588 fffff806`7304a36f : 00000000`00000050 ffffae8c`5b903000 00000000`00000000 ffff8105`296c1830 : nt!KeBugCheckEx
    ffff8105`296c1590 fffff806`72e9f470 : ffff8105`000002c7 00000000`00000000 ffff8105`296c18b0 00000000`00000000 : nt!MiSystemFault+0x18cedf
    ffff8105`296c1690 fffff806`7300525e : ffffdf00`31c00340 ffff8105`296c18ff 00000000`00000301 00000000`00000000 : nt!MmAccessFault+0x400
    ffff8105`296c1830 fffff806`72e98f83 : fffff806`825c8d04 ffffae8c`5b9634b8 00000000`00000000 ffffae8c`00000000 : nt!KiPageFault+0x35e
    ffff8105`296c19c8 fffff806`825c8d04 : ffffae8c`5b9634b8 00000000`00000000 ffffae8c`00000000 00000000`00000000 : nt!RtlInitUnicodeString+0x23
    ffff8105`296c19d0 ffffae8c`5b9634b8 : 00000000`00000000 ffffae8c`00000000 00000000`00000000 ffffae8c`5b962d60 : EmbargoM+0x8d04
    ffff8105`296c19d8 00000000`00000000 : ffffae8c`00000000 00000000`00000000 ffffae8c`5b962d60 ffff8105`296c1ae0 : 0xffffae8c`5b9634b8
    THREAD_SHA1_HASH_MOD_FUNC: 4ada2c3435f6084afe75e32950bb01fe7efec5c5
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5afb1b411f858ef0c0100b5f8efc083120353b01
    THREAD_SHA1_HASH_MOD: 46d0c2ddac1535ec12a908c2ee23f7d1d3ce33c9
    FOLLOWUP_IP:
    EmbargoM+8d04
    fffff806`825c8d04 0fb79c2480000000 movzx ebx,word ptr [rsp+80h]
    FAULT_INSTR_CODE: 249cb70f
    SYMBOL_STACK_INDEX: 5
    SYMBOL_NAME: EmbargoM+8d04
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: EmbargoM
    IMAGE_NAME: EmbargoM.sys
    DEBUG_FLR_IMAGE_TIMESTAMP: 59392051
    STACK_COMMAND: .thread ; .cxr ; kb
    BUCKET_ID_FUNC_OFFSET: 8d04
    FAILURE_BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function
    BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function
    PRIMARY_PROBLEM_CLASS: AV_R_INVALID_EmbargoM!unknown_function
    TARGET_TIME: 2022-01-11T22:05:45.000Z
    OSBUILD: 19041
    OSSERVICEPACK: 1415
    SERVICEPACK_NUMBER: 0
    OS_REVISION: 0
    SUITE_MASK: 272
    PRODUCT_TYPE: 1
    OSPLATFORM_TYPE: x64
    OSNAME: Windows 10
    OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
    OS_LOCALE:
    USER_LCID: 0
    OSBUILD_TIMESTAMP: unknown_date
    BUILDDATESTAMP_STR: 191206-1406
    BUILDLAB_STR: vb_release
    BUILDOSVER_STR: 10.0.19041.1.amd64fre.vb_release.191206-1406
    ANALYSIS_SESSION_ELAPSED_TIME: 1d5b
    ANALYSIS_SOURCE: KM
    FAILURE_ID_HASH_STRING: km:av_r_invalid_embargom!unknown_function
    FAILURE_ID_HASH: {6682c669-9d02-309c-64da-82152baf14f9}
    Followup: MachineOwner
    Crash dump from 1/11/2022 - PAGE_FAULT_IN_NONPAGED_AREA - EmbargoM.sys (Desktop Authority USB/Port Security)
    BugCheck 50, {ffffbd05361ba000, 0, fffff8022a098f83, 2}
    *** WARNING: Unable to verify timestamp for EmbargoM.sys
    *** ERROR: Module load completed but symbols could not be loaded for EmbargoM.sys
    Could not read faulting driver name
    Probably caused by : EmbargoM.sys ( EmbargoM+8d04 )
    Followup: MachineOwner
    ---------
    3: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced. This cannot be protected by try-except.
    Typically the address is just plain bad or it is pointing at freed memory.
    Arguments:
    Arg1: ffffbd05361ba000, memory referenced.
    Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
    Arg3: fffff8022a098f83, If non-zero, the instruction address which referenced the bad memory
     address.
    Arg4: 0000000000000002, (reserved)
    Debugging Details:
    ------------------
    Could not read faulting driver name
    KEY_VALUES_STRING: 1
        Key : Dump.Attributes.InsufficientDumpfileSize
        Value: 1
    STACKHASH_ANALYSIS: 1
    TIMELINE_ANALYSIS: 1
    DUMP_CLASS: 1
    DUMP_QUALIFIER: 400
    BUILD_VERSION_STRING: 10.0.19041.1415 (WinBuild.160101.0800)
    DUMP_FILE_ATTRIBUTES: 0xc
      Insufficient Dumpfile Size
      Kernel Generated Triage Dump
    DUMP_TYPE: 2
    BUGCHECK_P1: ffffbd05361ba000
    BUGCHECK_P2: 0
    BUGCHECK_P3: fffff8022a098f83
    BUGCHECK_P4: 2
    READ_ADDRESS: fffff8022aafb390: Unable to get MiVisibleState
    Unable to get NonPagedPoolStart
    Unable to get NonPagedPoolEnd
    Unable to get PagedPoolStart
    Unable to get PagedPoolEnd
     ffffbd05361ba000
    FAULTING_IP:
    nt!RtlInitUnicodeString+23
    fffff802`2a098f83 66833c4200 cmp word ptr [rdx+rax*2],0
    MM_INTERNAL_CODE: 2
    CPU_COUNT: 4
    CPU_MHZ: c78
    CPU_VENDOR: GenuineIntel
    CPU_FAMILY: 6
    CPU_MODEL: 5e
    CPU_STEPPING: 3
    CUSTOMER_CRASH_COUNT: 1
    DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
    BUGCHECK_STR: AV
    PROCESS_NAME: StartMenuExper
    CURRENT_IRQL: 0
    ANALYSIS_SESSION_HOST: DCU00690
    ANALYSIS_SESSION_TIME: 02-03-2022 09:34:00.0407
    ANALYSIS_VERSION: 10.0.17763.1 amd64fre
    TRAP_FRAME: ffffa4067c3e1830 -- (.trap 0xffffa4067c3e1830)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000450 rbx=0000000000000000 rcx=ffffa4067c3e1a50
    rdx=ffffbd05361b9760 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8022a098f83 rsp=ffffa4067c3e19c8 rbp=0000000000000001
     r8=0000000000000000 r9=ffffbd0555dfaa64 r10=000000004d444c53
    r11=fffff8023a130468 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0 nv up ei pl nz ac po nc
    nt!RtlInitUnicodeString+0x23:
    fffff802`2a098f83 66833c4200 cmp word ptr [rdx+rax*2],0 ds:ffffbd05`361ba000=????
    Resetting default scope
    LAST_CONTROL_TRANSFER: from fffff8022a24a36f to fffff8022a1f70d0
    STACK_TEXT:
    ffffa406`7c3e1588 fffff802`2a24a36f : 00000000`00000050 ffffbd05`361ba000 00000000`00000000 ffffa406`7c3e1830 : nt!KeBugCheckEx
    ffffa406`7c3e1590 fffff802`2a09f470 : ffffa406`000000db 00000000`00000000 ffffa406`7c3e18b0 00000000`00000000 : nt!MiSystemFault+0x18cedf
    ffffa406`7c3e1690 fffff802`2a20525e : ffff938d`00000000 ffffa406`00000000 00000000`00000301 00000000`00000000 : nt!MmAccessFault+0x400
    ffffa406`7c3e1830 fffff802`2a098f83 : fffff802`3a128d04 ffffbd05`361754b8 00000000`00000000 ffffbd05`00000000 : nt!KiPageFault+0x35e
    ffffa406`7c3e19c8 fffff802`3a128d04 : ffffbd05`361754b8 00000000`00000000 ffffbd05`00000000 00000000`00000000 : nt!RtlInitUnicodeString+0x23
    ffffa406`7c3e19d0 ffffbd05`361754b8 : 00000000`00000000 ffffbd05`00000000 00000000`00000000 ffffbd05`36172dc0 : EmbargoM+0x8d04
    ffffa406`7c3e19d8 00000000`00000000 : ffffbd05`00000000 00000000`00000000 ffffbd05`36172dc0 ffffa406`7c3e1ae0 : 0xffffbd05`361754b8
    THREAD_SHA1_HASH_MOD_FUNC: 4ada2c3435f6084afe75e32950bb01fe7efec5c5
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5afb1b411f858ef0c0100b5f8efc083120353b01
    THREAD_SHA1_HASH_MOD: 46d0c2ddac1535ec12a908c2ee23f7d1d3ce33c9
    FOLLOWUP_IP:
    EmbargoM+8d04
    fffff802`3a128d04 ?? ???
    SYMBOL_STACK_INDEX: 5
    SYMBOL_NAME: EmbargoM+8d04
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: EmbargoM
    IMAGE_NAME: EmbargoM.sys
    DEBUG_FLR_IMAGE_TIMESTAMP: 59392051
    STACK_COMMAND: .thread ; .cxr ; kb
    BUCKET_ID_FUNC_OFFSET: 8d04
    FAILURE_BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function
    BUCKET_ID: AV_R_INVALID_EmbargoM!unknown_function
    PRIMARY_PROBLEM_CLASS: AV_R_INVALID_EmbargoM!unknown_function
    TARGET_TIME: 2022-01-11T21:56:00.000Z
    OSBUILD: 19041
    OSSERVICEPACK: 1415
    SERVICEPACK_NUMBER: 0
    OS_REVISION: 0
    SUITE_MASK: 272
    PRODUCT_TYPE: 1
    OSPLATFORM_TYPE: x64
    OSNAME: Windows 10
    OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
    OS_LOCALE:
    USER_LCID: 0
    OSBUILD_TIMESTAMP: unknown_date
    BUILDDATESTAMP_STR: 160101.0800
    BUILDLAB_STR: WinBuild
    BUILDOSVER_STR: 10.0.19041.1415
    ANALYSIS_SESSION_ELAPSED_TIME: 715
    ANALYSIS_SOURCE: KM
    FAILURE_ID_HASH_STRING: km:av_r_invalid_embargom!unknown_function
    FAILURE_ID_HASH: {6682c669-9d02-309c-64da-82152baf14f9}
    Followup: MachineOwner
  • 0 over 2 years ago in reply to sauerk

    Hello,

    Thank you very much for sharing this information. We will be glad to report the issue as requested, but in order to do the report, you will need to create a service request. In this way, we can record all the information and escalate the case using the right procedure. You can create a request by going to https://support.quest.com/create-service-request or by calling our Support Admins https://support.quest.com/essentials/phone-number-listing

    Regards,

    Jorge C.