Назад | Перейти на главную страницу

BSOD Critical_Process_Died после включения брандмауэра Защитника Windows

Сервер 2019 1809 17763.914, на котором запущены службы удаленных рабочих столов, и применяются все обновления.

При перезагрузке брандмауэр Защитника Windows останавливается (даже если он настроен на автоматический запуск), и когда я вручную запускаю службу (через любую командную строку, службы Windows, диспетчер серверов, графический интерфейс защитника и т. Д.), Это BSOD с ошибкой " Критические процессы остановлены »

Любые внешние серверы не могут получить доступ к сайтам IIS, но могут получить к ним доступ через localhost.

Вот мини-дамп:

Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\010220-4875-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17763 MP (4 procs) Free x64
Product: Server, suite: TerminalServer <20000>
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff802`2321e000 PsLoadedModuleList = 0xfffff802`23637710
Debug session time: Thu Jan  2 13:07:01.479 2020 (UTC + 10:00)
System Uptime: 0 days 0:02:06.011
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.......
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_PROCESS_DIED (ef)
        A critical system process died
Arguments:
Arg1: ffff9405b1bd1080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER:  Microsoft Corporation

VIRTUAL_MACHINE:  HyperV

SYSTEM_PRODUCT_NAME:  Virtual Machine

SYSTEM_SKU:  None

SYSTEM_VERSION:  Hyper-V UEFI Release v4.0

BIOS_VENDOR:  Microsoft Corporation

BIOS_VERSION:  Hyper-V UEFI Release v4.0

BIOS_DATE:  03/13/2019

BASEBOARD_MANUFACTURER:  Microsoft Corporation

BASEBOARD_PRODUCT:  Virtual Machine

BASEBOARD_VERSION:  Hyper-V UEFI Release v4.0

DUMP_TYPE:  2

BUGCHECK_P1: ffff9405b1bd1080

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

PROCESS_NAME:  svchost.exe

CRITICAL_PROCESS:  svchost.exe

EXCEPTION_RECORD:  ffff9405b1bd1640 -- (.exr 0xffff9405b1bd1640)
ExceptionAddress: 0000000000000000
   ExceptionCode: 00000000
  ExceptionFlags: 00000000
NumberParameters: 0

EXCEPTION_CODE: (NTSTATUS) 0xb0333080 - <Unable to get error code text>

ERROR_CODE: (NTSTATUS) 0xb0333080 - <Unable to get error code text>

CPU_COUNT: 4

CPU_MHZ: a6b

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 1a

CPU_STEPPING: 5

CPU_MICROCODE: 6,1a,5,0 (F,M,S,R)  SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT_SERVER

BUGCHECK_STR:  0xEF

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  INFARMDC01-RDP

ANALYSIS_SESSION_TIME:  01-02-2020 14:26:35.0328

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

LAST_CONTROL_TRANSFER:  from fffff80223aa8e9d to fffff802233d4980

STACK_TEXT:  
fffffc86`3c830048 fffff802`23aa8e9d : 00000000`000000ef ffff9405`b1bd1080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffffc86`3c830050 fffff802`239ba837 : 00000000`00000001 fffff802`23278039 ffff9405`b1bd1080 fffff802`23270858 : nt!PspCatchCriticalBreak+0xfd
fffffc86`3c8300f0 fffff802`2385ca7c : ffff9405`00000000 00000000`00000000 ffff9405`b1bd1080 ffff9405`b1bd1358 : nt!PspTerminateAllThreads+0x15ef33
fffffc86`3c830160 fffff802`2381e1b9 : ffffffff`ffffffff fffffc86`3c830290 ffff9405`b1bd1080 fffff802`232be900 : nt!PspTerminateProcess+0xe0
fffffc86`3c8301a0 fffff802`233e5c05 : 00000000`00001278 ffff9405`b0333080 ffff9405`b1bd1080 fffffc86`3c8303e0 : nt!NtTerminateProcess+0xa9
fffffc86`3c830210 fffff802`233d8690 : fffff802`23405474 fffffc86`3c830b98 fffffc86`3c830b98 fffffc86`3c8303e0 : nt!KiSystemServiceCopyEnd+0x25
fffffc86`3c8303a8 fffff802`23405474 : fffffc86`3c830b98 fffffc86`3c830b98 fffffc86`3c8303e0 00000000`00000000 : nt!KiServiceLinkage
fffffc86`3c8303b0 fffff802`233e65a4 : ffff9405`b1bd1640 fffff802`232b6456 00000000`00000000 00000000`00000001 : nt!KiDispatchException+0x1a7284
fffffc86`3c830a60 fffff802`233e498e : ffff9405`b0333080 00000000`00000000 00000264`faf68370 ffff9405`b1b14f01 : nt!KiFastFailDispatch+0xe4
fffffc86`3c830c40 00007ffd`f0fb4720 : 00007ffd`f10094ac 00000000`00000001 00000264`faf230d0 00000264`00000000 : nt!KiRaiseSecurityCheckFailure+0x30e
00000096`ba37f998 00007ffd`f10094ac : 00000000`00000001 00000264`faf230d0 00000264`00000000 00000000`00000120 : 0x00007ffd`f0fb4720
00000096`ba37f9a0 00000000`00000001 : 00000264`faf230d0 00000264`00000000 00000000`00000120 00000264`faf68370 : 0x00007ffd`f10094ac
00000096`ba37f9a8 00000264`faf230d0 : 00000264`00000000 00000000`00000120 00000264`faf68370 00007ffd`f0f9fae8 : 0x1
00000096`ba37f9b0 00000264`00000000 : 00000000`00000120 00000264`faf68370 00007ffd`f0f9fae8 00000000`00000024 : 0x00000264`faf230d0
00000096`ba37f9b8 00000000`00000120 : 00000264`faf68370 00007ffd`f0f9fae8 00000000`00000024 00000001`00000025 : 0x00000264`00000000
00000096`ba37f9c0 00000264`faf68370 : 00007ffd`f0f9fae8 00000000`00000024 00000001`00000025 00000264`faf23278 : 0x120
00000096`ba37f9c8 00007ffd`f0f9fae8 : 00000000`00000024 00000001`00000025 00000264`faf23278 00000096`ba37fd58 : 0x00000264`faf68370
00000096`ba37f9d0 00000000`00000024 : 00000001`00000025 00000264`faf23278 00000096`ba37fd58 00640072`00610068 : 0x00007ffd`f0f9fae8
00000096`ba37f9d8 00000001`00000025 : 00000264`faf23278 00000096`ba37fd58 00640072`00610068 006b0073`00690064 : 0x24
00000096`ba37f9e0 00000264`faf23278 : 00000096`ba37fd58 00640072`00610068 006b0073`00690064 00760065`0064005c : 0x00000001`00000025
00000096`ba37f9e8 00000096`ba37fd58 : 00640072`00610068 006b0073`00690064 00760065`0064005c 005c0065`00630069 : 0x00000264`faf23278
00000096`ba37f9f0 00640072`00610068 : 006b0073`00690064 00760065`0064005c 005c0065`00630069 00000000`00000000 : 0x00000096`ba37fd58
00000096`ba37f9f8 006b0073`00690064 : 00760065`0064005c 005c0065`00630069 00000000`00000000 00000000`00000000 : 0x00640072`00610068
00000096`ba37fa00 00760065`0064005c : 005c0065`00630069 00000000`00000000 00000000`00000000 00000000`00000000 : 0x006b0073`00690064
00000096`ba37fa08 005c0065`00630069 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00760065`0064005c
00000096`ba37fa10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x005c0065`00630069


THREAD_SHA1_HASH_MOD_FUNC:  4eea4701cef87a9898dd276682cc304560e002d4

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  2816b2618b7d0b5a47f6e8680612f55f8f11ceaa

THREAD_SHA1_HASH_MOD:  bc100a5647b828107ac4e18055e00abcbe1ec406

FOLLOWUP_IP:
nt!PspCatchCriticalBreak+fd
fffff802`23aa8e9d cc              int     3

FAULT_INSTR_CODE:  ed8440cc

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!PspCatchCriticalBreak+fd

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  10.0.17763.914

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  fd

FAILURE_BUCKET_ID:  0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak

BUCKET_ID:  0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak

PRIMARY_PROBLEM_CLASS:  0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak

TARGET_TIME:  2020-01-02T03:07:01.000Z

OSBUILD:  17763

OSSERVICEPACK:  914

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  131088

PRODUCT_TYPE:  3

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 Server TerminalServer

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  5af7

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xef_svchost.exe_bugcheck_critical_process_b0333080_nt!pspcatchcriticalbreak

FAILURE_ID_HASH:  {b3d28743-3e5f-4880-17a1-23fcf5396e9a}

Followup:     MachineOwner
---------

Загрузка в безопасном режиме (сеть) и запуск службы брандмауэра также не увенчались успехом.

Есть идеи, где искать, чтобы брандмауэр снова заработал?