New
#11
The filecrypt.sys is a windows driver.
Most windows drivers get fixed on their own by automatic windows updates.
The windows drivers may appear in a bluscreenview or whocrashed analysis.
They typically display windows drivers.
To find the misbehaving driver very often requires windbg.
And the windbg debugging can find the non-Microsoft misbehaving drivers.
filecrypt.sys Windows Sandboxing And Encryption Filter Driver Windows Update
Earlier this month there was a non-Microsoft windows driver that was involved in a BSOD.
So over time it could reoccur.
One method to see if it might is windows driver verifier.
Had you used the tool?
If not this is information on the tool:
Driver Verifier-- tracking down a mis-behaving driver. - Microsoft Community
Enable and Disable Driver Verifier in Windows 10 Windows 10 Performance Maintenance Tutorials
BSOD Finding and fixing them - Microsoft Community
Code:26.09.2017 21:14 Windows Error Reporting Fault bucket , type 0 Event Name: BlueScreen Response: Not available Cab Id: 0 Problem signature: P1: 5a P2: 1 P3: ffff8003db5ee4b0 P4: ffff998cedda5a20 P5: ffffffffc0000034 P6: 10_0_15063 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\WINDOWS\Minidump\092617-10484-01.dmp \\?\C:\Windows\Temp\WER-11234-0.sysdata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B93.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_5a_91efb66222785da8f21f9e4d2d4e8fcfdd49e5a_00000000_cab_02a03b92 Analysis symbol: Rechecking for solution: 0 Report ID: 827e6acd-245f-4c70-9ccf-844758d4d42f Report Status: 100 Hashed bucket:26.09.2017 20:46 Windows Error Reporting Fault bucket , type 0 Event Name: BlueScreen Response: Not available Cab Id: 0 Problem signature: P1: 5a P2: 1 P3: ffff8003db5ee4b0 P4: ffff998cedda5a20 P5: ffffffffc0000034 P6: 10_0_15063 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\WINDOWS\Minidump\092617-10484-01.dmp \\?\C:\Windows\Temp\WER-11234-0.sysdata.xml \\?\C:\WINDOWS\MEMORY.DMP \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B93.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_5a_91efb66222785da8f21f9e4d2d4e8fcfdd49e5a_00000000_cab_02a03b92 Analysis symbol: Rechecking for solution: 0 Report ID: 827e6acd-245f-4c70-9ccf-844758d4d42f Report Status: 4 Hashed bucket: 27.09.2017 16:10 Windows Error Reporting Fault bucket , type 0 Event Name: BlueScreen Response: Not available Cab Id: 0 Problem signature: P1: 5a P2: 1 P3: ffffb006b4147c00 P4: ffffd209bc1a92e0 P5: ffffffffc0000034 P6: 10_0_15063 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\WINDOWS\Minidump\092717-17125-01.dmp \\?\C:\Windows\Temp\WER-17265-0.sysdata.xml \\?\C:\WINDOWS\MEMORY.DMP \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5311.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_5a_7fc349bb42ffcef733ba5595cb7d1ac8386c4c4_00000000_cab_02b85311 Analysis symbol: Rechecking for solution: 0 Report ID: 107eb574-e68c-480f-a146-29452094974f Report Status: 4 Hashed bucket: 26.09.2017 21:14 Windows Error Reporting Fault bucket , type 0 Event Name: BlueScreen Response: Not available Cab Id: 0 Problem signature: P1: 5a P2: 1 P3: ffffb38a039f2c10 P4: ffffc48017e460a0 P5: ffffffffc0000034 P6: 10_0_15063 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\WINDOWS\Minidump\092617-14921-01.dmp \\?\C:\Windows\Temp\WER-15093-0.sysdata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A57.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_5a_14881ff3c144acc3409b5bddce17bc61767bb74_00000000_cab_02b44a66 Analysis symbol: Rechecking for solution: 0 Report ID: f57c2385-b96f-40e7-9b63-1b99518a9c31 Report Status: 100 Hashed bucket: 26.09.2017 20:51 Windows Error Reporting Fault bucket , type 0 Event Name: BlueScreen Response: Not available Cab Id: 0 Problem signature: P1: 5a P2: 1 P3: ffffb38a039f2c10 P4: ffffc48017e460a0 P5: ffffffffc0000034 P6: 10_0_15063 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\WINDOWS\Minidump\092617-14921-01.dmp \\?\C:\Windows\Temp\WER-15093-0.sysdata.xml \\?\C:\WINDOWS\MEMORY.DMP \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A57.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_5a_14881ff3c144acc3409b5bddce17bc61767bb74_00000000_cab_02b44a66 Analysis symbol: Rechecking for solution: 0 Report ID: f57c2385-b96f-40e7-9b63-1b99518a9c31 Report Status: 4 Hashed bucket: 27.09.2017 18:02 Windows Error Reporting Fault bucket , type 0 Event Name: BlueScreen Response: Not available Cab Id: 0 Problem signature: P1: 5a P2: 1 P3: ffffd683541aa1e0 P4: ffff8d033821e860 P5: ffffffffc0000034 P6: 10_0_15063 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\WINDOWS\Minidump\092717-14203-01.dmp \\?\C:\Windows\Temp\WER-14390-0.sysdata.xml \\?\C:\WINDOWS\MEMORY.DMP \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4788.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_5a_5e8b5910c5f776284a4ecc458f962cdf625f6f26_00000000_cab_02b04788 Analysis symbol: Rechecking for solution: 0 Report ID: 86da83ce-2f13-4c22-b36c-1f4d50f69a2e Report Status: 4 Hashed bucket: 27.09.2017 16:58 Windows Error Reporting Fault bucket , type 0 Event Name: BlueScreen Response: Not available Cab Id: 0 Problem signature: P1: 5a P2: 1 P3: ffffe1039f5a4330 P4: ffffcf81113872e0 P5: ffffffffc0000034 P6: 10_0_15063 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\WINDOWS\Minidump\092717-16968-01.dmp \\?\C:\Windows\Temp\WER-17125-0.sysdata.xml \\?\C:\WINDOWS\MEMORY.DMP \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5294.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_5a_5d7420fbc214d68189f2edfaf654389bbc265d26_00000000_cab_02bc52a4 Analysis symbol: Rechecking for solution: 0 Report ID: e578c873-2baf-489a-a32d-72917f997831 Report Status: 4 Hashed bucket: 28.09.2017 19:45 Windows Error Reporting Fault bucket , type 0 Event Name: BlueScreen Response: Not available Cab Id: 0 Problem signature: P1: 5a P2: 1 P3: ffffe70ef5d6f270 P4: ffff8d8ef819dfa0 P5: ffffffffc0000034 P6: 10_0_15063 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\WINDOWS\Minidump\092817-12125-01.dmp \\?\C:\Windows\Temp\WER-13906-0.sysdata.xml \\?\C:\WINDOWS\MEMORY.DMP \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER44F8.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_5a_b46217672ce398230e041b37d955c8b9811bd8_00000000_cab_02bc4507 Analysis symbol: Rechecking for solution: 0 Report ID: ca0cfe95-27ef-4877-a600-33def95d6e34 Report Status: 4 Hashed bucket:Code:3.09.2017 03:44 Windows Error Reporting Fault bucket LKD_0x141_Tdr:6_IMAGE_nvlddmkm.sys_Pascal_3D, type 0 Event Name: LiveKernelEvent Response: Not available Cab Id: a4eb5df4-c50a-4f6a-95a2-aa28d65b0b68 Problem signature: P1: 141 P2: ffff9a82e8987010 P3: fffff801d717cfec P4: 0 P5: 8 P6: 10_0_15063 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\WINDOWS\LiveKernelReports\WATCHDOG\WATCHDOG-20170903-0642.dmp \\?\C:\Windows\Temp\WER-200032859-0.sysdata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4EBF.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4ECE.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4EEF.tmp.txt \\?\C:\Windows\Temp\WERBB60.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_141_91994da79d3ad79c1ee0270134f4e262aaec1_00000000_cab_486dc794 Analysis symbol: Rechecking for solution: 0 Report ID: 261ca239-035b-4f0a-9434-ccca148dfb18 Report Status: 268435456 Hashed bucket:Code:31.08.2017 19:41 Windows Error Reporting Fault bucket 0xCFFFFFFF_nt!DbgkpLkmdSnapThreadInContext, type 0 Event Name: AppTermFailureEvent Response: Not available Cab Id: 6e976ad9-6e07-4dac-bc52-850f092fac3d Problem signature: P1: P2: P3: P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Windows\Temp\WERAFE3.tmpatk.kdmp \\?\C:\Windows\Temp\WERAFF3.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB004.tmp.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB17C.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB17B.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB1AB.tmp.txt \\?\C:\Windows\Temp\WERB1AC.tmp.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_0_0_00000000_cab_0c36b2a2\memory.hdmp WERGenerationLog.txt \\?\C:\Windows\Temp\WEREBF3.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_00000000_cab_6bf2f103 Analysis symbol: Rechecking for solution: 0 Report ID: 9d2a8b68-cc57-485f-a424-0634219ff68b Report Status: 268566528 Hashed bucket:31.08.2017 17:35 Windows Error Reporting Fault bucket 0xCFFFFFFF_nt!DbgkpLkmdSnapThreadInContext, type 0 Event Name: AppTermFailureEvent Response: Not available Cab Id: be0a0b82-7a6e-41e7-8a84-fd829ea6576d Problem signature: P1: P2: P3: P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Windows\Temp\WER1911.tmpatk.kdmp \\?\C:\Windows\Temp\WER1921.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1942.tmp.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BC3.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BC2.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C11.tmp.txt \\?\C:\Windows\Temp\WER1C12.tmp.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_0_0_00000000_cab_13431d18\memory.hdmp WERGenerationLog.txt \\?\C:\Windows\Temp\WERDC23.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_00000000_cab_0e5beac8 Analysis symbol: Rechecking for solution: 0 Report ID: 835ff906-ef81-40fa-affc-c739cffa1627 Report Status: 268566528 Hashed bucket: