App Control: Frequent VDI crash due to parity.exe
search cancel

App Control: Frequent VDI crash due to parity.exe

book

Article ID: 286360

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • VDI workstations experience frequent crashes.
  •  Microsoft dump analysis point towards Carbon Black Parity as a contributing factor.
**RegistryCallbackRoutines**
---------------- ---------------- ---------------------------
Callback Function Symbol 
---------------- ---------------- ---------------------------
ffffad033cefd420 fffff80e06fc2190 Parity+e2190

 

Environment

  • App Control Agent: 8.1.6
  • Microsoft Windows: All Supported Versions
  • VDI

Cause

  • Although Microsoft analysis suggests parity causing the issue , there is no strong  evidence to support that .
  • Parity installs registry callback but it is not sufficient reason to decide if the driver is responsible for crash.
  • Carbon Black engineering team suspects that the reason for BSOD is either hardware related (memory or hard drive) or caused by virtualization layer after crash dump analysis.

Resolution

         If experiencing this issue, open a case with Carbon Black Support and upload crash dump to CB Vault

Additional Information

 
  • A tool can be run to scan/check memory (Example:  https://www.memtest86.com/).
  • Hard drive can be checked for bad clusters (Example: sfc /scannow)