XDR Agent is causing BSOD upon installation
4535
Created On 05/05/23 10:11 AM - Last Modified 04/22/24 05:59 AM
Symptom
The Full Memory Dump shows the entries similar below.
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes. Arguments: Arg1: 00000000000000f6, Referencing user handle as KernelMode. Arg2: 00000000000000d4, Handle value being referenced. Arg3: ffffa18ac508c680, Address of the current process. Arg4: fffff80d493f5035, Address inside the driver that is performing the incorrect reference.
Environment
- Cortex XDR
- XSIAM agent
Cause
- The cause of the issue is the Windows Utility named Driver Verifier (see link ) that is currently enabled on the machine as indicated
by the line "DRIVER_VERIFIER_DETECTED_VIOLATION (c4)" seen on the memory dump.
This was known to be causing conflict with XDR Agent when enabled.
Resolution
It is recommended to disable the said tool by performing the steps below.
- In the Start menu search bar, type CMD and then right-click on Command Prompt > Run as administrator.
- In the console type verifier /reset and hit Enter.
- Reboot your computer normally.