Tuesday, July 17, 2012

Kaspersky: Guilty of causing BSOD's

I have been in the BSOD analysis community for a few months now. I have never personally seen a situation in which Kaspersky was an issue, but I finally got my chance.

A user was having BSOD's when playing games, specifically Tera. I'm not sure as to whether or not the user was crashing in other instances, such as being idle and NOT gaming, but we'll leave it at that for now. I took a look and what I knew from the start was:

There were 5 dumps attached. 3 are pointing to dxgmms1.sys (DirectX), the other is a core MS file, and the final and most early is pointing to the culprit RzSynapse.sys (Razer Synapse Engine/Razer Naga). After seeing that, I figured it might have been a simple video card driver issue as all of the DirectX culprits happened whilst the process TERA.exe was running (video game), or the infamous Razer drivers causing BSOD's again which I hadn't seen in awhile.

I prompted the user to ensure his/her DirectX was fully functional and up to date, which it was. I next recommended ensuring video card drivers were up to date as well. If the user recently updated the video card drivers and the issues started appearing then, I then recommended to reinstall a previous older driver version to be sure the newer drivers weren't an issue.

Last step I prompted was an update of the Razer drivers. If the drivers were already at the latest version, and the user was still BSOD'ing after updating DX and drivers (or rolling back gpu drivers), I recommended uninstalling the Razer naga drivers and letting Windows install the generic mouse drivers to cross out a possible Razer driver issue.

After doing all of the updates and such, the user reported the system felt much more responsive and stable. Whether or not this was placebo, that sounded good, and the updated drivers may have offered some nice performance fixes that may have been the issue. However, after 30 minutes of gameplay, the user reported a BSOD, but a different one than the usual. I was hopeful!

The newest attached dump from the user pointed to the culprit kl1.sys which is the Kaspersky driver. I recommended the user temporarily remove Kaspersky using the remove tool provided by Kaspersky to ensure Kaspersky isn't the actual issue. Sure enough, after the user removed Kaspersky, the system went 3 full days without a single hiccup (and continued to do so).

With this being said, I'm now stuck trying to figure out why Kaspersky was causing those BSOD's, and why it's recommended to be removed all the time in the BSOD analysis community. It may just be because we want to ensure as usual whatever AV the user has isn't interfering with anything which may be causing the BSOD's, etc. But I am not so sure. I have asked some experts why Kaspersky is such an issue, and I will update this blog post when I have an answer!

No comments:

Post a Comment