New
#41
I don't think that MpKslDrv.sys is the root cause here, mainly because it's a Microsoft driver. AFAIK it's part of the Defender definitions update process.
I think what this dump shows is that MpKslDrv.sys triggered the page fault and bugcheck, but it wasn't this driver that was at fault. Some other driver earlier in the process fouled up and it wasn't until MpKslDrv.sys acted on that information that we got the page fault.
You've run Driver Verifier long enough to have caught a rogue third-party driver, so we can reasonably assume that this problem isn't a third-party driver.
I have come across this, very similar, problem to yours from February this year. This BSOD also occurred whilst MsMpEng.exe was running, and so during a Defender definition update. The module containing the failing instruction is also the same - including the offset...
Do you have update KB5022834 installed, and if you do can you try and uninstall it (and hide it to stop it coming back) and see whether the issues stop?Code:YOURS: FAILED_INSTRUCTION_ADDRESS: nt!HalpSetSystemInformation+e12c2 fffff803`5941c022 488d0dc7ee4300 lea rcx,[nt!HalpPerfInterruptHandlerRegistrationLock (fffff803`5985aef0)] THEIRS: FAILED_INSTRUCTION_ADDRESS: nt!HalpSetSystemInformation+e12c2 fffff803`08c26022 488d0de7ec4300 lea rcx,[nt!HalpPerfInterruptHandlerRegistrationLock (fffff803`09064d10)]
It's a long-shot I know, but it's worth investigating.
Last edited by ubuysa; 23 Apr 2023 at 03:13.