Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

BitDefender and bad pool aborts


Recommended Posts

I've been getting very sporadic restarts/crashes for a while now. And based on "whocrashed" app, it's telling me it's due to MWAC.SYS.

I did already search around for this issue, and have tried to uninstall using the mwabcleaner, and reinstalling to no avail.

 

This is the message from the crash dump analysis. 

 

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Tue 4/19/2016 7:57:21 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\041916-15453-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x90BF)
Bugcheck code: 0xC2 (0x7, 0x126C, 0x35B67C48, 0xFFFFE00035B67B18)
Error: BAD_POOL_CALLER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that the current thread is making a bad pool request.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_CALLER

Edited by Maurice Naggar
Link to post
Share on other sites

  • Replies 74
  • Created
  • Last Reply

Top Posters In This Topic

Attaching the necessary files:

The perfmon report is still running. So i'll upload that once it's done.

· OS - Windows 10
· x64 ?
· Fresh install on a new SSD
· Retail version
· Couple of years, but have been upgraded every so often.
· Fresh install on a new SSD about 2 months ago.

· Intel i7 3930K
· EVGA GTX 780
· Asus Rampage Extreme IV
· Corsair AX1200i

· Custom built
· Desktop?

SysnativeFileCollectionApp.zip

Link to post
Share on other sites

Hi enceedanny,

I would like to start with gathering some basic information.

Would you please go to the Start button and then the RUN option.
type in

msinfo32

and tap Enter-key. This starts the Microsoft System Information tool.  Allow time for the tool to load and finish.

Look on first screen on the menu bar.
Select File > EXPORT ...
then provide a meaningful file name and save that.   Then also attach that files in a new reply so that I can see some other basic information about your hardware & operating system information.   I would love to have the entire report.

 

In addition, I would like to review a set of 3 other reports.

Please read the following and in your next reply ATTACH the 3 requested report files - Diagnostic Logs
(the three files should be CheckResults.txt, FRST.txt and Addition.txt)

Please always attach reports, as we go along.

 

I would like to get some idea of what is being run, what is in use when the STOP code aborts happen.

 

In addition to all this, let me make this other suggestion.

I would highly recommend some trust setting adjustments for BitDefender and our program as well.
Generally speaking one needs to set BitDefender to trust the program components of our Malwarebytes  

In order for Malwarebytes Anti-Malware and Bitdefender  to work together instead of conflicting, you must configure both applications.  
 
How to configure *Bitdefender*  to exclude Malwarebytes files -
Step 1. Open *Bitdefender*
Step 2. Click on "Modules"  near the bottom of the window so that you see a white screen
Step 3. You should see a Protection tab with  white background

Step 4. click on the "Trusted applications" line in black, on the left side
Step 5. You should see a new window BitDefender Trusted Applications

Step 6. Click "Add" button (blue color)
Use the navigation tree to get to the C drive and its sub-folders

Step 7. Click on the + sign on the line Windows C drive

Step 8. Navigate to 'C:\Program Files (x86)\Malwarebytes Anti-Malware' , select desired folder and click "OK"

You will need to select each EXE file - one by one

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

Step 9. Make sure that the option "Both" is checked and select "Add"

Step 10. Click "OK"
 
 
How to add your Bitdefender  folder to Malwarebytes "Malware Exclusions" list -
Step 1. Open the Malwarebytes application
Step 2. Click on "Settings"
Step 3. Click "Malware Exclusions" in the left column
Step 4. Click on "Add Folder"
Step 5. Navigate to 'C:\Program Files\Bitdefender\Bitdefender 2016'
Step 6. Click once on "C:\Program Files\Bitdefender\Bitdefender 2016" folder to highlight it
Step 7. Click on "Select Folder"

also do the same for the folder  C:\Program Files\Bitdefender Agent

Step 8. Close Malwarebytes
Step 9. Reboot your computer <--Very Important!

 

 

Link to post
Share on other sites

This is strictly only a temporary measure just so you can make some adjustments and other steps.

This is not a permanent fix nor cure of any kind.  Do a right-click on the Malwarebytes blue icon on the Tasktray and un check the line "Malicious website protection".

I see this is an Asus systemboard and there are a couple of Asus services running and active dated from 2014.
I would like for you to locate and find what the Asus manufacturer provided on this box.  To do a manufacturers Update run and make sure that all the latest hardware drivers are all up to date.
Lets do that first.
I would especially like to insure that the network card driver ( it is hard to see which one this pc has) but this looks like a Gigabit network device.
So again, we need to insure all hardware drivers are up to date and from the manuifacturer.

Looking briefly at the MSINFO report, the tail end notes some exceptions.  and those are not from our Malwarebytes software.

4/19/2016 9:14 PM    Application Error    Faulting application name: seccenter.exe, version: 20.0.25.1411
4/20/2016 8:30 AM    Windows Error Reporting    Fault bucket 129071395099, type 5&#x000d;&#x000a;Event Name: RADAR_PRE_LEAK_WOW64

Link to post
Share on other sites

Do not go by any sort of indicator pointing to mwac.   Them tools can be quite mis-leading  & they cannot judge the actual source of the real cause.

Sometimes it happens that a switch to a different operating system ( like a recent upgrade or install of Windows 10) leads to having some drivers being not the manufacturers latest version.

Second suggestion at this point in time:
Do a BitDefender repair install.   How to repair a BitDefender installation
http://www.bitdefender.com/support/how-to-repair-bitdefender-2016-1469.html


Then, next, follow that up by doing a Update run in BitDefender.  Start the BitDefender program.  And click on the Update tile ( down on lower right of the main screen).

When all done, Please reboot the Windows machine.

 

BD-2016-main.png

Link to post
Share on other sites

I've already updated to the latest definitions. I've done a full uninstall/clean (as stated https://forums.malwarebytes.org/topic/181910-bitdefender) twice already.

I am aware that it can be caused by something else. But the problem is that a lot of people are having this same issue pointing to mwac.sys. Whether it's indeed mwac's fault or not is still to be seen. 

 

 

Link to post
Share on other sites

Please understand that each pc is unqiue onto itself.  different hardware.  different network cards.  plenty enough applications installed & in use.  And many different DRIVERS.

The most frequent source of the "bad pool xxx" aborts is drivers.   That is the only reason I keep asking folks to keep a focus on that.

 

Too many people are trying to make a quick acceptance of what a tool is pointing to.  If you can get me a full memory dump file, let me know and I can arrange for it to be reviewed.  But not one of those whocrashed or the mini-dumps.

We are unable to reproduce your bsod crashes.  This is only happening to a fraction of customers.  We have many other customers that also have Bitdefender & MBAM Premium that are not having these hiccups.   BitDefender is use by lots of folks.  and as on any help board, you only see the ones with issues.  The bigger lot of users you will not see here.

I sympathize and can relate to what you are going thru.  I am just trying to say do not be quick to lump all things together.

Trying to determine just what is at the bottom of all this gets involved.  Takes some methodical approaches without jumping to conclusions.   

 

my last set of suggestions are simply only to guarantee that BitDefender software is 100% all up to date.  One of our customers was advising us that he had an update just recently from BitDefender and that now he is in the clear.

Therefore, I would recommend you to reconsider doing my last 2 tips.  The repair operation run is actually quite fast and easy.   and so is the Update run check.

Link to post
Share on other sites

I understand what you mean, and I never said anything to state otherwise. It is true that I'm frustrated as I've never had sporadic crashes since back in the vista days.

 

BitDefender is the latest. I had used their downloader tool provided on their site which installs the latest version,

I'll try your last 2 tips.

Link to post
Share on other sites

ok.  That is good.  I was about to also mention, in case I did not mention to you yet.....

I am running both BitDefender 2016 Total Security along with MBAM Premium on my own computer.  running on Windows 10.   and no crashes.  You can understand that is why I keep trying to get folks to keep all in focus and perspective.  One cannot flat out say the 2 cant co-exist.

Lots of patience and persistence is needed.  So, courage is key.

Link to post
Share on other sites

Yes, I would go ahead and remove it.   Certainly after all those hours, there is no further need to keep running the driver verifier.

Kindly provide me a short recap of what you did yesterday.  I believe what you indicated was getting the latest network card driver.  "" updated the Intel gigabit ethernet drivers to the latest one from Intel's site. Also have ran driver verifier. ""

Did you do any other procedures other than that ?

I would like to arrange to get a fresh FRST set of reports from you today.  Please start FRST.  Click the box that shows Addition.txt near the bottom of that screen.  Then click on Scan.  When done, please relay the FRST.txt  and Addition.txt

You are doing well.   Thanks for your patience.

Link to post
Share on other sites

I've done the following:

  • Totally uninstalled, cleaned, both mbam and BD. Reinstalled following the procedure stated. 
  • Added exclusions for both apps within their respective settings.
  • Did a repair install of BD and updated it after closing and reopening the app.
  • Found the latest driver on the intel website for the gigabit ethernet, so I installed it.
  • Ran driver verifier (which is still running as I'm hoping it will catch something.. anything...)

I'm attaching the requested files. Keep in mind that my verifier is still running. Not sure if it makes any difference.

Addition.txt

FRST.txt

Link to post
Share on other sites

You are past needing to have Driver Verifier.  Now, you need to undo it.    Start Driver Verifier.

Choose Delete existing settings then click Finish.   and then Reboot your computer.   Having the driver verifier on slows the system down to a real slow crawl.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.