Hello all. I was having a few BSODs from mpfilter.sys in the week or two leading up to the 10 launch, but given that I could simply disable Microsoft Security Essentials temporarily when they started to solve the problem, I didn't do anything material about it. Unfortunately, my hope that MSE would be replaced wholesale or at least repaired by Windows 10 was misplaced, as the new Windows Defender is causing identical BSODs.
As on 7, I can disable my AV for a while, which stops the BSODs. However this is far from ideal, so I'm wondering if there is any way to repair mpfilter.sys, or if there is perhaps some other issue at work. I've run the diagnostic tool as indicated in the sticky, which is attached.
Your MSINFO file is missing from your logs, can you follow Option One of System Information File - Create in Windows 10 - Windows 10 blog and upload the resulting .zip file.
As for your dumps I've found the following. In all three the Hide Folders 2009 file encryptiondriver has been flagged, it's very old and needs updating. Check for an updated driver or update to the software here, if there is none please disable or uninstall the program for testing purposes.Code:ffffd000`eac84168 fffff800`e6a32a5fUnable to load image FSPFltd.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for FSPFltd.sys *** ERROR: Module load completed but symbols could not be loaded for FSPFltd.sysFSPFltd+0x2a5f 3: kd> lmvm FSPFltd start end module name fffff800`e6a30000 fffff800`e6a41000 FSPFltd T (no symbols) Loaded symbol image file: FSPFltd.sys Image path: FSPFltd.sys Image name: FSPFltd.sys Timestamp: Thu Jun 05 18:37:17 2008(4848244D) CheckSum: 00017B5C ImageSize: 00011000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
I'm not entirely sure how to go about disabling that driver, as it doesn't seem to be associated with any local software that I can see (and indeed pre-dates the age of the hardware). I can try installing the demo for a more recent version of the software if that might update the driver?
Find attached the file you requested. Thanks for your help!
My AV reactivated itself this morning and I got a wdfilter.sys BSOD this time. Looks like Defender will be turned off for the forseeable future.
I've uploaded another zip of all the dumps etc generated just now.
It's the same driver again. I've done some digging at it belongs to My Lockbox from FSPro Labs.Code:ffffd000`21d4d168 fffff800`6d832a5fUnable to load image FSPFltd.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for FSPFltd.sys *** ERROR: Module load completed but symbols could not be loaded for FSPFltd.sys FSPFltd+0x2a5f
Uninstall My Lockbox.
Excellent, thanks for that digging. I had a copy of "My Lockbox Halloween Edition" installed in 2012, which I've now removed. The driver file itself is still there in system32/drivers after the uninstall-demanded reboot - is this an issue? In the meantime I will re-enable the AV and see if anything happens. Thanks so much!
The driver shouldn't be active if the software is uninstalled so just test the system for stability. If you have any more issues let us know straight away, but hopefully that should have solved the problem.
Haven't had any more issues since the software was uninstalled, so I'm inclined to agree. Thanks so much!
You're welcome, glad to hear it.
