kernel security check failure

Hello and welcome to TenForums :)

Did you also update the ME (Management Engine) Driver from the Acer website? If not please try this first.

Two of your dumpfiles are related to your IRQL_NOT_LESS_OR_EQUAL code.
These 2 dumpfiles are blaming
BugCheck A, {8, 2, 0, fffff8029e8658e7}

*** WARNING: Unable to verify timestamp for RtsUer.sys
*** ERROR: Module load completed but symbols could not be loaded for RtsUer.sys
Probably caused by : RtsUer.sys ( RtsUer+17a4e )

This is the driver of your
Driver Description: Realtek USB 2.0 Card Reader driver
Driver Update Site: Realtek

Don't know if the other fault code "kernel security check failure" is related or a stand alone but i would start with updating the driver of the Realtek Cardreader and try installing the chipset driver again.

lifetec said:

Two of your dumpfiles are related to your IRQL_NOT_LESS_OR_EQUAL code.
These 2 dumpfiles are blaming
BugCheck A, {8, 2, 0, fffff8029e8658e7}

*** WARNING: Unable to verify timestamp for RtsUer.sys
*** ERROR: Module load completed but symbols could not be loaded for RtsUer.sys
Probably caused by : RtsUer.sys ( RtsUer+17a4e )

This is the driver of your
Driver Description: Realtek USB 2.0 Card Reader driver
Driver Update Site: Realtek

Don't know if the other fault code "kernel security check failure" is related or a stand alone but i would start with updating the driver of the Realtek Cardreader and try installing the chipset driver again.

Hi Lifetec,

Thx for your message, updated that driver and rebooted. When i rebooted i tried the intel chipset driver again and again bsod with the same message "IRQL_NOT_LESS_OR_EQUAL". Here is a dump, maybe you can look at it again .

I wonder why the intel chipset is conflicting with some driver ... hope someone can find out which one.

The latest dumpfile points to the WdFilter.sys driver this is the Microsoft antimalware file system filter driver and the proces mentioned in the dumpfile is PROCESS_NAME: MsMpEng.exe "Msmpeng.exe" is an antimalware service which is part of Windows Defender .

Code:

 *******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {8, 2, 0, fffff801624828e7}

Probably caused by : WdFilter.sys ( WdFilter!MpCreateSection+138 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff801624828e7, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 0000000000000008 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KiInsertTimerTable+b7
fffff801`624828e7 4c397108        cmp     qword ptr [rcx+8],r14

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  AV

PROCESS_NAME:  MsMpEng.exe

So it looks that someway Windows Defender could be the culprit.

What is the reason that you wanted to update the chipset, does your system feel sluggish or?

Are you using Windows Defender or are you using 2 Anti-Virus suites at the same time or did you recently uninstalled a other Antivirus suite.

Searching the net i found some background info http://www.thegeekinfo.com/2016/07/m...igh-usage.html and http://answers.microsoft.com/en-us/p...4-261da7d89245

We are pretty much close to the source, i turned off windows defender (just turned it off in the option menu). Updated the intel chipset driver and i saw it said it was finished, but then my screen froze (like always before the bsod) and i got a bsod. I posted the last dumps, can you check what's causing the error ? still defender ?

Oh and no i dont use any other AV scanner(s). I bought this laptop second hand and i didn't know if the intel chipset was installed or not, tried on the acer site and via intel's update tool and both gaved me bsod.

Sadly the latest dumpfile does not point to something specific anymore.

Code:

------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd08101da6eb0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd08101da6e08, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


TRAP_FRAME:  ffffd08101da6eb0 -- (.trap 0xffffd08101da6eb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff968640d39b90 rbx=0000000000000000 rcx=0000000000000003
rdx=ffff9686441ae1a0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801e2d95188 rsp=ffffd08101da7040 rbp=0000000000000000
 r8=0000000000000b20  r9=0000000000000049 r10=fffff801e2f55780
r11=fffff801e2c10000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe cy
nt! ?? ::FNODOBFM::`string'+0x2b7e8:
fffff801`e2d95188 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffffd08101da6e08 -- (.exr 0xffffd08101da6e08)
ExceptionAddress: fffff801e2d95188 (nt! ?? ::FNODOBFM::`string'+0x000000000002b7e8)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT

BUGCHECK_STR:  0x139

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  2

ERROR_CODE: (NTSTATUS) 0xc0000409 - Er is een bufferoverschrijdingsfout opgetreden voor stack-buffer in deze toepassing. Via deze overschrijdingsfout kan een kwaadwillige gebruiker de controle over deze toepassing verkrijgen.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - Er is een bufferoverschrijdingsfout opgetreden voor stack-buffer in deze toepassing. Via deze overschrijdingsfout kan een kwaadwillige gebruiker de controle over deze toepassing verkrijgen.

EXCEPTION_PARAMETER1:  0000000000000003

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre

EXCEPTION_STR:  0x0

LAST_CONTROL_TRANSFER:  from fffff801e2d65629 to fffff801e2d5a510

STACK_TEXT:  
ffffd081`01da6b88 fffff801`e2d65629 : 00000000`00000139 00000000`00000003 ffffd081`01da6eb0 ffffd081`01da6e08 : nt!KeBugCheckEx
ffffd081`01da6b90 fffff801`e2d65990 : 00000000`00501903 fffff801`e2c722b2 00000000`00000001 ffff9686`351f6b40 : nt!KiBugCheckDispatch+0x69
ffffd081`01da6cd0 fffff801`e2d64973 : ffff9686`441ae080 ffff9686`441ae080 ffffd080`ff440180 ffff9686`441ae080 : nt!KiFastFailDispatch+0xd0
ffffd081`01da6eb0 fffff801`e2d95188 : ffffd081`00000000 00000000`00000001 ffffd081`01da74f0 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf3
ffffd081`01da7040 fffff801`e2c7581f : ffff9686`441ae080 ffff9686`441ae180 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x2b7e8
ffffd081`01da70f0 fffff801`e2c74ede : 00000000`00000000 00000000`00000000 00000000`00000049 ffffd081`01da7229 : nt!KiCommitThreadWait+0x14f
ffffd081`01da7190 fffff801`e30e23b7 : ffff9686`00000004 ffffd081`01da7340 ffff9686`42881c80 ffffd081`00000006 : nt!KeWaitForMultipleObjects+0x1fe
ffffd081`01da7270 fffff801`e302f939 : 00000000`00000000 00000000`00000000 ffffd081`01da77d8 00000000`00000000 : nt!ObWaitForMultipleObjects+0x2c7
ffffd081`01da7790 fffff801`e2d65193 : ffffd081`01da7a98 00000000`00000000 ffff9686`441ae080 00000019`75c7f968 : nt!NtWaitForMultipleObjects+0xf9
ffffd081`01da7a10 00007ffb`a62959b4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000019`75c7f948 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`a62959b4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiFastFailDispatch+d0
fffff801`e2d65990 c644242000      mov     byte ptr [rsp+20h],0

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiFastFailDispatch+d0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5819bd1f

IMAGE_VERSION:  10.0.14393.447

BUCKET_ID_FUNC_OFFSET:  d0

FAILURE_BUCKET_ID:  0x139_3_nt!KiFastFailDispatch

BUCKET_ID:  0x139_3_nt!KiFastFailDispatch

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_3_nt!kifastfaildispatch

FAILURE_ID_HASH:  {36173680-6f08-995f-065a-3d368c996911}

Followup: MachineOwner
---------

Are you sure you installed/updated the correct chipset drivers for your specific laptopmodel.

Maybe the system file checker command could find something
See this tutorial https://www.tenforums.com/tutorials/2...dows-10-a.html

Note
If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command 3 times restarting the PC after each time to completely fix everything that it's able to.

If not, then run the Dism /Online /Cleanup-Image /RestoreHealth command to repair any component store corruption, restart the PC afterwards, and try the sfc /scannow command again.

Yes i am sure, any info on this dump ? many bsod logs (.dmp) (tried to install with av on and without)

All dumpfiles are again Bugcheck A
STOP*0x0000000A: IRQL_NOT_LESS_OR_EQUAL*
Usual causes:* Kernel mode driver, System Service, BIOS, Windows, Virus scanner, Backup tool, compatibility

2 dumpfiles mention again RtsUer.sys (your Realtek Card)
1 dumpfile mention Probably caused by : win32kfull.sys ( win32kfull+98403 )
1 dumpfile mention Probably caused by : ntkrnlmp.exe ( nt!KiInsertTimerTable+b7 )
1 dumpfile mention Probably caused by : memory_corruption

As you can see the usual causes of this bugcheck can be all kinds of things.

For the realtek cardreader what driver did you install and from where. Do you have any yellow or red exclamation marks in your device manager.
Have you updated/installed all the drivers from the Dell supportpage.

Did you already run SFC command (see above)

Did you test your memory?