Skip to main content

Full dump below.  Happened twice in a row while running full disk scan.  Seen notes about problems like this but they’re old.  

 

This is version 9.0.32.58.   I believe this to be the current release but don’t know how to check that.  I also don’t see an option to check for updates.


Microsoft (R) Windows Debugger Version 10.0.22621.755 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File iC:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`60000000 PsLoadedModuleList = 0xfffff802`60c2a2d0
Debug session time: Tue Nov  1 11:09:45.171 2022 (UTC - 5:00)
System Uptime: 0 days 2:14:42.557
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 0000001d`89c38018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffff9e8044761000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff802636f0f1e, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------

Unable to load image \??\C:\Program Files\Webroot\Core\WRCore.x64.sys, Win32 error 0n2

KEY_VALUES_STRING: 1

    Key  : AV.Type
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 4421

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 6031

    Key  : Analysis.Init.CPU.mSec
    Value: 2890

    Key  : Analysis.Init.Elapsed.mSec
    Value: 24113

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 99

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1


FILE_IN_CAB:  MEMORY.DMP

BUGCHECK_CODE:  50

BUGCHECK_P1: ffff9e8044761000

BUGCHECK_P2: 0

BUGCHECK_P3: fffff802636f0f1e

BUGCHECK_P4: 0

READ_ADDRESS:  ffff9e8044761000 Paged pool

MM_INTERNAL_CODE:  0

IMAGE_NAME:  cng.sys

MODULE_NAME: cng

FAULTING_MODULE: fffff802636e0000 cng

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  WRSkyClient.x64.exe

TRAP_FRAME:  fffff9061bbdab40 -- (.trap 0xfffff9061bbdab40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000005add7f97 rbx=0000000000000000 rcx=0000000000000000
rdx=000000008f0d48b0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802636f0f1e rsp=fffff9061bbdacd0 rbp=fffff9061bbdadd0
 r8=00000000a48014e2  r9=0000000072be5d74 r10=00000000ebfcbad6
r11=00000000ca81fe13 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cng!SymCryptSha256AppendBlocks_ul1+0x64e:
fffff802`636f0f1e 8b4b2c          mov     ecx,dword ptr 0rbx+2Ch] ds:00000000`0000002c=????????
Resetting default scope

STACK_TEXT:  
fffff906`1bbda898 fffff802`60431d4d     : 00000000`00000050 ffff9e80`44761000 00000000`00000000 fffff906`1bbdab40 : nt!KeBugCheckEx
fffff906`1bbda8a0 fffff802`602399e0     : 00000000`0001cc3f 00000000`00000000 fffff906`1bbdabc0 00000000`00000000 : nt!MiSystemFault+0x1da33d
fffff906`1bbda9a0 fffff802`6040715e     : 00000000`5bd677a7 00000000`00000170 ffffb48e`75352000 fffff802`60228419 : nt!MmAccessFault+0x400
fffff906`1bbdab40 fffff802`636f0f1e     : ffffffff`7fd84c5e fffff906`00000008 fffff906`ca81fe13 00000000`017e7d94 : nt!KiPageFault+0x35e
fffff906`1bbdacd0 fffff802`636efdef     : fffff906`00000000 00000000`00000000 00000000`00000000 00000000`68736148 : cng!SymCryptSha256AppendBlocks_ul1+0x64e
fffff906`1bbdae90 fffff802`636efaad     : 00000000`00000000 00000000`00000000 00000000`fffffee0 fffff802`60224252 : cng!SymCryptSha256Append+0x4f
fffff906`1bbdaed0 fffff802`636ef9b7     : ffff9e80`44743000 00000000`00000000 00000146`000000c8 fffff906`1bbdb3a0 : cng!MSCryptHashDataInternal+0xc9
fffff906`1bbdaf00 fffff802`636e5b82     : 00000000`0001cc3f 00000000`00000000 ffff9e80`422e8210 ffff9e80`422e8290 : cng!MSCryptHashData+0x87
fffff906`1bbdafa0 fffff802`63522061     : ffff9e80`40664150 fffff906`1bbdb0c9 00000000`00000000 fffff906`00000000 : cng!BCryptHashData+0x82
fffff906`1bbdaff0 fffff802`6c918f5f     : fffff906`1bbdb0f0 fffff802`6c918af6 fffff906`1bbdb0d0 fffff906`1bbdb0c9 : ksecdd!BCryptHashData+0x21
fffff906`1bbdb030 fffff802`6c919603     : ffff9e80`422e8290 ffff9e80`40664100 ffff9e80`40664150 00000000`00000000 : WRCore_x64+0x28f5f
fffff906`1bbdb070 fffff802`6c9191f2     : 00000000`00000000 fffff906`1bbdb2d0 ffff9e80`40664100 00000000`00000000 : WRCore_x64+0x29603
fffff906`1bbdb130 fffff802`6c918d8a     : 00000000`00000000 ffff9e80`40664088 ffff9e80`406641c0 fffff906`1bbdb410 : WRCore_x64+0x291f2
fffff906`1bbdb340 fffff802`6c8f6d6f     : ffff9e80`406640d0 ffffffff`800023ac 00000000`00000000 00000000`00000000 : WRCore_x64+0x28d8a
fffff906`1bbdb3c0 fffff802`6c8f630e     : fffff906`1bbdb600 fffff906`1bbdb600 00000000`00000001 ffff9e80`406640d0 : WRCore_x64+0x6d6f
fffff906`1bbdb410 fffff802`6c8fb5b6     : ffff9e80`406640d0 ffffffff`800023ac fffff906`1bbdb670 00000000`00000000 : WRCore_x64+0x630e
fffff906`1bbdb450 fffff802`6c9120a1     : 00000000`00000000 fffff906`1bbdb4f0 fffff906`1bbdb500 ffffceb1`00000001 : WRCore_x64+0xb5b6
fffff906`1bbdb480 fffff802`6c9152d3     : 00000000`00000000 fffff906`1bbdb5a0 ffffb48e`831ea830 ffffb48e`74c16a00 : WRCore_x64+0x220a1
fffff906`1bbdb520 fffff802`6c912f83     : 00000000`000000a8 ffffb48e`831ea830 ffffb48e`60f41d90 00000000`00000000 : WRCore_x64+0x252d3
fffff906`1bbdb7d0 fffff802`6022a6b5     : ffffb48e`831ea830 00000000`00000000 fffff906`20206f49 00000000`000000a8 : WRCore_x64+0x22f83
fffff906`1bbdb800 fffff802`606164c8     : ffffb48e`831ea830 00000000`00000000 00000000`00000000 ffffb48e`69716300 : nt!IofCallDriver+0x55
fffff906`1bbdb840 fffff802`606162c7     : 00000000`00000000 fffff906`1bbdbb80 00000000`00040005 fffff906`1bbdbb80 : nt!IopSynchronousServiceTail+0x1a8
fffff906`1bbdb8e0 fffff802`60615646     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc67
fffff906`1bbdba20 fffff802`6040a9b8     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffff906`1bbdba90 00007ffb`e45ad1a4     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
0000001d`8aaff428 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`e45ad1a4


SYMBOL_NAME:  cng!SymCryptSha256AppendBlocks_ul1+64e

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  64e

FAILURE_BUCKET_ID:  AV_R_(null)_cng!SymCryptSha256AppendBlocks_ul1

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {1f5db007-466f-6568-6b50-71135258a8a3}

Followup:     MachineOwner
---------

Hello @Larry1936 

 

Are you a Consumer User or Business user?

 

In case your a Consumer user please do a reinstall!

 

Please follow the steps closely!

  • Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
  • KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
  • Download a Copy Here (Best Buy Geek Squad Subscription PC users click HERE) Let us know if it is the Mac version you need
  • Uninstall WSA and Reboot
  • Go into Safe Mode and Delete these Folders if they are there!
  • C:\Program Files\Webroot Folder
  • C:\ProgramData\WRData Folder (Hidden Folder)
  • C:\ProgramData\WRCore Folder (Hidden Folder)
  • Boot back into normal mode
  • Install with the new installer, enter your Keycode
  • Let it finish it's install scan
  • Reboot once again
  • DO NOT import any old settings as you can set it up as you like once it's done

Info in case you don’t know how to go into Safe Mode: https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-10-92c27cff-db89-8644-1ce4-b3e5e56fe234

 

Please let us know if that resolves your issue?

Thanks,


Consumer.


Consumer.

The latest version is v9.0.33.35 with the above installer!

 


Hello @Larry1936 

 

Are you a Consumer User or Business user?

 

In case your a Consumer user please do a reinstall!

 

Please follow the steps closely!

  • Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
  • KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
  • Download a Copy Here (Best Buy Geek Squad Subscription PC users click HERE) Let us know if it is the Mac version you need
  • Uninstall WSA and Reboot
  • Go into Safe Mode and Delete these Folders if they are there!
  • C:\Program Files\Webroot Folder
  • C:\ProgramData\WRData Folder (Hidden Folder)
  • C:\ProgramData\WRCore Folder (Hidden Folder)
  • Boot back into normal mode
  • Install with the new installer, enter your Keycode
  • Let it finish it's install scan
  • Reboot once again
  • DO NOT import any old settings as you can set it up as you like once it's done

Info in case you don’t know how to go into Safe Mode: https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-10-92c27cff-db89-8644-1ce4-b3e5e56fe234

 

Please let us know if that resolves your issue?

Thanks,

 

Followed your procedure exactly.  Then ran full scan.  Unfortunately the blue screen error still occurs after installing new SW:.   Here is dump::

 


Microsoft (R) Windows Debugger Version 10.0.22621.755 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File iC:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff803`03a00000 PsLoadedModuleList = 0xfffff803`0462a2d0
Debug session time: Tue Nov  1 15:58:27.831 2022 (UTC - 5:00)
System Uptime: 0 days 1:33:14.819
Loading Kernel Symbols
...............................................................
................................................................
................................................................
........................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000008`68816018).  Type ".hh dbgerr001" for details
Loading unloaded module list
...........
For analysis of this file, run !analyze -v
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffd98ff75ca000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80308ef0f1e, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------

Unable to load image \??\C:\Program Files\Webroot\Core\WRCore.x64.sys, Win32 error 0n2

KEY_VALUES_STRING: 1

    Key  : AV.Type
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 4640

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 6438

    Key  : Analysis.Init.CPU.mSec
    Value: 3578

    Key  : Analysis.Init.Elapsed.mSec
    Value: 55621

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 100

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1


FILE_IN_CAB:  MEMORY.DMP

BUGCHECK_CODE:  50

BUGCHECK_P1: ffffd98ff75ca000

BUGCHECK_P2: 0

BUGCHECK_P3: fffff80308ef0f1e

BUGCHECK_P4: 0

READ_ADDRESS:  ffffd98ff75ca000 Paged pool

MM_INTERNAL_CODE:  0

IMAGE_NAME:  cng.sys

MODULE_NAME: cng

FAULTING_MODULE: fffff80308ee0000 cng

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  WRSkyClient.x64.exe

TRAP_FRAME:  ffffd482fc371b40 -- (.trap 0xffffd482fc371b40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000fef9f585 rbx=0000000000000000 rcx=00000000d3d2d2ff
rdx=000000009b0d3c55 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80308ef0f1e rsp=ffffd482fc371cd0 rbp=ffffd482fc371dd0
 r8=0000000028ee0e62  r9=0000000046913073 r10=00000000cfac2ff7
r11=00000000e3488c0b r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
cng!SymCryptSha256AppendBlocks_ul1+0x64e:
fffff803`08ef0f1e 8b4b2c          mov     ecx,dword ptr 0rbx+2Ch] ds:00000000`0000002c=????????
Resetting default scope

STACK_TEXT:  
ffffd482`fc371898 fffff803`03e31d4d     : 00000000`00000050 ffffd98f`f75ca000 00000000`00000000 ffffd482`fc371b40 : nt!KeBugCheckEx
ffffd482`fc3718a0 fffff803`03c399e0     : 00000000`0001cc3f 00000000`00000000 ffffd482`fc371bc0 00000000`00000000 : nt!MiSystemFault+0x1da33d
ffffd482`fc3719a0 fffff803`03e0715e     : 00000000`01a858a3 00000000`00000050 ffffab88`733a4000 fffff803`03c287a5 : nt!MmAccessFault+0x400
ffffd482`fc371b40 fffff803`08ef0f1e     : ffffffff`0d7d60f8 ffffd482`0000001a ffffd482`e3488c0b 00000000`8be92575 : nt!KiPageFault+0x35e
ffffd482`fc371cd0 fffff803`08eefdef     : ffffd482`00000000 00000000`00000000 00000000`00000000 00000000`68736148 : cng!SymCryptSha256AppendBlocks_ul1+0x64e
ffffd482`fc371e90 fffff803`08eefaad     : 00000000`00000000 00000000`00000000 00000000`fffffee0 fffff803`03c24252 : cng!SymCryptSha256Append+0x4f
ffffd482`fc371ed0 fffff803`08eef9b7     : ffffd98f`f758d000 00000000`00000000 00000146`000000c8 ffffd482`fc3723a0 : cng!MSCryptHashDataInternal+0xc9
ffffd482`fc371f00 fffff803`08ee5b82     : 00000000`0001cc3f 00000000`00000000 ffffd98f`e5f060d0 ffffd98f`e5f05cd0 : cng!MSCryptHashData+0x87
ffffd482`fc371fa0 fffff803`08d22061     : ffffd98f`ca2d6ed0 ffffd482`fc3720c9 00000000`00000000 ffffd482`00000000 : cng!BCryptHashData+0x82
ffffd482`fc371ff0 fffff803`10ba8f5f     : ffffd482`fc3720f0 fffff803`10ba8af6 ffffd482`fc3720d0 ffffd482`fc3720c9 : ksecdd!BCryptHashData+0x21
ffffd482`fc372030 fffff803`10ba9603     : ffffd98f`e5f05cd0 ffffd98f`ca2d6e80 ffffd98f`ca2d6ed0 00000000`00000000 : WRCore_x64+0x28f5f
ffffd482`fc372070 fffff803`10ba91f2     : 00000000`00000000 ffffd482`fc3722d0 ffffd98f`ca2d6e80 00000000`00000000 : WRCore_x64+0x29603
ffffd482`fc372130 fffff803`10ba8d8a     : 00000000`00000000 ffffd98f`ca2d6e08 ffffd98f`ca2d6f40 ffffd482`fc372410 : WRCore_x64+0x291f2
ffffd482`fc372340 fffff803`10b86d6f     : ffffd98f`ca2d6e50 ffffffff`800049b4 00000000`00000000 00000000`00000000 : WRCore_x64+0x28d8a
ffffd482`fc3723c0 fffff803`10b8630e     : ffffd482`fc372600 ffffd482`fc372600 00000000`00000001 ffffd98f`ca2d6e50 : WRCore_x64+0x6d6f
ffffd482`fc372410 fffff803`10b8b5b6     : ffffd98f`ca2d6e50 ffffffff`800049b4 ffffd482`fc372670 00000000`00000000 : WRCore_x64+0x630e
ffffd482`fc372450 fffff803`10ba20a1     : 00000000`00000000 ffffd482`fc3724f0 ffffd482`fc372500 ffff2de9`00000001 : WRCore_x64+0xb5b6
ffffd482`fc372480 fffff803`10ba52d3     : 00000000`00000000 ffffd482`fc3725a0 ffffab88`739f89f0 ffffab88`80148e10 : WRCore_x64+0x220a1
ffffd482`fc372520 fffff803`10ba2f83     : 00000000`000000a8 ffffab88`739f89f0 ffffab88`70f5c7a0 00000000`00000000 : WRCore_x64+0x252d3
ffffd482`fc3727d0 fffff803`03c2a6b5     : ffffab88`739f89f0 00000000`00000000 ffffd482`20206f49 00000000`000000a8 : WRCore_x64+0x22f83
ffffd482`fc372800 fffff803`040164c8     : ffffab88`739f89f0 00000000`00000000 00000000`00000000 ffffab88`7a65d340 : nt!IofCallDriver+0x55
ffffd482`fc372840 fffff803`040162c7     : 00000000`00000000 ffffd482`fc372b80 00000000`00040005 ffffd482`fc372b80 : nt!IopSynchronousServiceTail+0x1a8
ffffd482`fc3728e0 fffff803`04015646     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc67
ffffd482`fc372a20 fffff803`03e0a9b8     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
ffffd482`fc372a90 00007ffd`37d0d1a4     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000008`696ff328 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`37d0d1a4


SYMBOL_NAME:  cng!SymCryptSha256AppendBlocks_ul1+64e

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  64e

FAILURE_BUCKET_ID:  AV_R_(null)_cng!SymCryptSha256AppendBlocks_ul1

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {1f5db007-466f-6568-6b50-71135258a8a3}

Followup:     MachineOwner
---------


Ran it one more time after another boot just to be sure.  Sure enough, BSOD occurred after scan had been running an hour or two.  Dumps all look about the same to my technical eye.  Help with this would be appreciated.  If necessary I can provide full MEMORY.DMP file to techs.


Ran it one more time after another boot just to be sure.  Sure enough, BSOD occurred after scan had been running an hour or two.  Dumps all look about the same to my technical eye.  Help with this would be appreciated.  If necessary I can provide full MEMORY.DMP file to techs.

Yes it would be best to contact Webroot Support and the Ticket system is the best way! https://www.webrootanywhere.com/servicetalk.asp?

 

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.

 

Please let us know if they come up with anything!

 

Thanks,