Carbon Black Cloud: BSOD caused by ntkrnlmp.exe
Article ID: 287473
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
System crashed when running CBC sensor, and got the following related module in dump file:
SYMBOL_NAME: nt!MmDeleteProcessAddressSpace+xxxxxx
MODULE_NAME: nt
IMAGE_VERSION: 10.0.xxxxx.xxx
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: memory_corruption
SYMBOL_NAME: nt!MmDeleteProcessAddressSpace+xxxxxx
MODULE_NAME: nt
IMAGE_VERSION: 10.0.xxxxx.xxx
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: memory_corruption
Environment
- Carbon Black Cloud: All Supported versions
- Microsoft Windows: All supported versions
Cause
All bugchecks are caused by an incorrect driver. Outdated and incompatible device drivers are known to work against the methods that Windows 10 follows.
Resolution
- Obtain the latest version of the impacted driver from the device manufacturer.
- Check if other device drivers are updated to the latest version.
- Download and install the latest version of all drivers.
Feedback
Yes
No
Powered by
