启用 Windows Defender 防火墙后出现 BSOD Critical_Process_Died

启用 Windows Defender 防火墙后出现 BSOD Critical_Process_Died

服务器 2019 1809 17763.914 运行远程桌面服务并且所有更新都已应用。

重新启动时,Windows Defender 防火墙停止(即使它已设置为自动启动),当我手动启动该服务(通过任何命令行、Windows 服务、服务器管理器、Defender GUI 等)时,它会显示 BSOD,并显示“关键进程已停止”的错误

任何外部服务器都无法访问 IIS 站点,但可以通过 localhost 访问它们。

这是小型转储:

Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\010220-4875-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17763 MP (4 procs) Free x64
Product: Server, suite: TerminalServer <20000>
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff802`2321e000 PsLoadedModuleList = 0xfffff802`23637710
Debug session time: Thu Jan  2 13:07:01.479 2020 (UTC + 10:00)
System Uptime: 0 days 0:02:06.011
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.......
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_PROCESS_DIED (ef)
        A critical system process died
Arguments:
Arg1: ffff9405b1bd1080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER:  Microsoft Corporation

VIRTUAL_MACHINE:  HyperV

SYSTEM_PRODUCT_NAME:  Virtual Machine

SYSTEM_SKU:  None

SYSTEM_VERSION:  Hyper-V UEFI Release v4.0

BIOS_VENDOR:  Microsoft Corporation

BIOS_VERSION:  Hyper-V UEFI Release v4.0

BIOS_DATE:  03/13/2019

BASEBOARD_MANUFACTURER:  Microsoft Corporation

BASEBOARD_PRODUCT:  Virtual Machine

BASEBOARD_VERSION:  Hyper-V UEFI Release v4.0

DUMP_TYPE:  2

BUGCHECK_P1: ffff9405b1bd1080

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

PROCESS_NAME:  svchost.exe

CRITICAL_PROCESS:  svchost.exe

EXCEPTION_RECORD:  ffff9405b1bd1640 -- (.exr 0xffff9405b1bd1640)
ExceptionAddress: 0000000000000000
   ExceptionCode: 00000000
  ExceptionFlags: 00000000
NumberParameters: 0

EXCEPTION_CODE: (NTSTATUS) 0xb0333080 - <Unable to get error code text>

ERROR_CODE: (NTSTATUS) 0xb0333080 - <Unable to get error code text>

CPU_COUNT: 4

CPU_MHZ: a6b

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 1a

CPU_STEPPING: 5

CPU_MICROCODE: 6,1a,5,0 (F,M,S,R)  SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT_SERVER

BUGCHECK_STR:  0xEF

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  INFARMDC01-RDP

ANALYSIS_SESSION_TIME:  01-02-2020 14:26:35.0328

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

LAST_CONTROL_TRANSFER:  from fffff80223aa8e9d to fffff802233d4980

STACK_TEXT:  
fffffc86`3c830048 fffff802`23aa8e9d : 00000000`000000ef ffff9405`b1bd1080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffffc86`3c830050 fffff802`239ba837 : 00000000`00000001 fffff802`23278039 ffff9405`b1bd1080 fffff802`23270858 : nt!PspCatchCriticalBreak+0xfd
fffffc86`3c8300f0 fffff802`2385ca7c : ffff9405`00000000 00000000`00000000 ffff9405`b1bd1080 ffff9405`b1bd1358 : nt!PspTerminateAllThreads+0x15ef33
fffffc86`3c830160 fffff802`2381e1b9 : ffffffff`ffffffff fffffc86`3c830290 ffff9405`b1bd1080 fffff802`232be900 : nt!PspTerminateProcess+0xe0
fffffc86`3c8301a0 fffff802`233e5c05 : 00000000`00001278 ffff9405`b0333080 ffff9405`b1bd1080 fffffc86`3c8303e0 : nt!NtTerminateProcess+0xa9
fffffc86`3c830210 fffff802`233d8690 : fffff802`23405474 fffffc86`3c830b98 fffffc86`3c830b98 fffffc86`3c8303e0 : nt!KiSystemServiceCopyEnd+0x25
fffffc86`3c8303a8 fffff802`23405474 : fffffc86`3c830b98 fffffc86`3c830b98 fffffc86`3c8303e0 00000000`00000000 : nt!KiServiceLinkage
fffffc86`3c8303b0 fffff802`233e65a4 : ffff9405`b1bd1640 fffff802`232b6456 00000000`00000000 00000000`00000001 : nt!KiDispatchException+0x1a7284
fffffc86`3c830a60 fffff802`233e498e : ffff9405`b0333080 00000000`00000000 00000264`faf68370 ffff9405`b1b14f01 : nt!KiFastFailDispatch+0xe4
fffffc86`3c830c40 00007ffd`f0fb4720 : 00007ffd`f10094ac 00000000`00000001 00000264`faf230d0 00000264`00000000 : nt!KiRaiseSecurityCheckFailure+0x30e
00000096`ba37f998 00007ffd`f10094ac : 00000000`00000001 00000264`faf230d0 00000264`00000000 00000000`00000120 : 0x00007ffd`f0fb4720
00000096`ba37f9a0 00000000`00000001 : 00000264`faf230d0 00000264`00000000 00000000`00000120 00000264`faf68370 : 0x00007ffd`f10094ac
00000096`ba37f9a8 00000264`faf230d0 : 00000264`00000000 00000000`00000120 00000264`faf68370 00007ffd`f0f9fae8 : 0x1
00000096`ba37f9b0 00000264`00000000 : 00000000`00000120 00000264`faf68370 00007ffd`f0f9fae8 00000000`00000024 : 0x00000264`faf230d0
00000096`ba37f9b8 00000000`00000120 : 00000264`faf68370 00007ffd`f0f9fae8 00000000`00000024 00000001`00000025 : 0x00000264`00000000
00000096`ba37f9c0 00000264`faf68370 : 00007ffd`f0f9fae8 00000000`00000024 00000001`00000025 00000264`faf23278 : 0x120
00000096`ba37f9c8 00007ffd`f0f9fae8 : 00000000`00000024 00000001`00000025 00000264`faf23278 00000096`ba37fd58 : 0x00000264`faf68370
00000096`ba37f9d0 00000000`00000024 : 00000001`00000025 00000264`faf23278 00000096`ba37fd58 00640072`00610068 : 0x00007ffd`f0f9fae8
00000096`ba37f9d8 00000001`00000025 : 00000264`faf23278 00000096`ba37fd58 00640072`00610068 006b0073`00690064 : 0x24
00000096`ba37f9e0 00000264`faf23278 : 00000096`ba37fd58 00640072`00610068 006b0073`00690064 00760065`0064005c : 0x00000001`00000025
00000096`ba37f9e8 00000096`ba37fd58 : 00640072`00610068 006b0073`00690064 00760065`0064005c 005c0065`00630069 : 0x00000264`faf23278
00000096`ba37f9f0 00640072`00610068 : 006b0073`00690064 00760065`0064005c 005c0065`00630069 00000000`00000000 : 0x00000096`ba37fd58
00000096`ba37f9f8 006b0073`00690064 : 00760065`0064005c 005c0065`00630069 00000000`00000000 00000000`00000000 : 0x00640072`00610068
00000096`ba37fa00 00760065`0064005c : 005c0065`00630069 00000000`00000000 00000000`00000000 00000000`00000000 : 0x006b0073`00690064
00000096`ba37fa08 005c0065`00630069 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00760065`0064005c
00000096`ba37fa10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x005c0065`00630069


THREAD_SHA1_HASH_MOD_FUNC:  4eea4701cef87a9898dd276682cc304560e002d4

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  2816b2618b7d0b5a47f6e8680612f55f8f11ceaa

THREAD_SHA1_HASH_MOD:  bc100a5647b828107ac4e18055e00abcbe1ec406

FOLLOWUP_IP:
nt!PspCatchCriticalBreak+fd
fffff802`23aa8e9d cc              int     3

FAULT_INSTR_CODE:  ed8440cc

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!PspCatchCriticalBreak+fd

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  10.0.17763.914

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  fd

FAILURE_BUCKET_ID:  0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak

BUCKET_ID:  0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak

PRIMARY_PROBLEM_CLASS:  0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak

TARGET_TIME:  2020-01-02T03:07:01.000Z

OSBUILD:  17763

OSSERVICEPACK:  914

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  131088

PRODUCT_TYPE:  3

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 Server TerminalServer

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  5af7

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xef_svchost.exe_bugcheck_critical_process_b0333080_nt!pspcatchcriticalbreak

FAILURE_ID_HASH:  {b3d28743-3e5f-4880-17a1-23fcf5396e9a}

Followup:     MachineOwner
---------

以安全模式(网络)启动并启动防火墙服务也失败。

关于如何让防火墙再次发挥作用,您有什么想法吗?

相关内容