The August critical update was released to the estate yesterday and since then some servers are bugchecking and rebooting randomly. Previously they were on the July update and were stable. Bug check is pointing at issue with mfencbdc.sys
We just use the core platform and threat modules.
Servers are both physical and virtual and mainly 2008 R2 so far.
Is this a known issue ? Any fix short of uninstalling ENS and going back to July build ?
Please make sure you get a full memory dump and am trace and open a case with support. I am not a ware of BSOD with the august update.
am trace ?
Sorry i mispoke.
Perform the steps in this section if the symptoms are any of the following:
Data collection steps for a system hang or deadlock:
Data collection steps for a system BugCheck:
Data collection steps for FLTMC output:
@Deanpj Do you also use CrowdStrike software on these servers? There is a known issue within CrowdStrike that negatively impacts our AMCore drivers during installation, causing a BSOD referencing mfencbdc.sys. This is documented in our known issues article KB82450 and can be found by searching "mfencbdc.sys" or "CrowdStrike".
There is a hotfix from CrowdStrike that resolves this issue, so please apply that and your issues will resolve (if you do use this 3rd party software). I am unaware of the exact hotfix number as it is on their side, however, you would easily be able to get information from them about it.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please give kudos or select "Accept as Solution" in my reply, as appropriate, so together we can help other members?
we do not use Crowdstrike on this particular account where this is happening. and the install/August patch update actually ran fine - it was only about 10 hours later the blue screens happened. As all live server systems have had to remove August ENS on affected machines and roll back to July version to keep the customer service going. Waiting to see if any more machines fail at moment. We have one full bugcheck file but checking with security teams if we are allowed to release it.
Do you have exploit prevention and DXL installed? if so please disable exploit prevention and see if it helps
Waiting to see if we get any more. So far 4 out of 22 systems blue screened following the August update. All 4 rolled back to July update and stable again. All Server 2008 r2, 3 physical and one virtual.
Yes we do use exploit prevention - will disable if get another BSOD. No we don't use DXL.
Being a live environment can't mess about too much as need to keep the servers going for the client.
Basically just wanted to flag that the August update caused us some issues. May June and July were all fine.
To answer your question, yes I have seen BSOD issues with the August Update. I'm actively working with engineering on one of these issues discovered last Friday. The issue appears to be happening on both 2008 and 2012 servers.
In order to know if it's absolutely the same issue or not, you'd need to collect the Kernel/Full Memory dump as indicated by Ben and a MER from the system, then open a ticket with Support so we can investigate further.
Offhand it does look like it may be related to mfencbdc.sys
SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
I have exactly the same issue affecting both Windows 7 and Windows 10 but seems to be laptop essentially (Lenovo).
I've refrained updating Servers for the time being until a solution is provided by McAfee.
What a mess, I have to rollback to 10.5.2 on impacted machines.
I have exactly the same bugcheck error on all machines impacted, see below.
STOP Error: The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800017b70f3.
I've already raised the case to a local service provider and posted them full memory dump + Mer.
can we expect a fix anytime soon, as I'm affraid to have to rollback more than 100 machines 😞
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com