McAfee is killing ksecdd.sys Kernel Security Support Provider Interface. It is the cause.
Microsoft (R) Windows Debugger Version 10.0.10075.9 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\zigza\Desktop\dumps\052715-10421-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8.1 Kernel Version 9600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.16384.amd64fre.winblue_rtm.130821-1623
Machine Name:
Kernel base = 0xfffff802`b801d000 PsLoadedModuleList = 0xfffff802`b82e49b0
Debug session time: Tue May 26 23:44:29.945 2015 (UTC - 4:00)
System Uptime: 0 days 0:01:21.616
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
........
No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 27, {baad0073, ffffd0002457bac8, ffffd0002457b2d0, fffff80000c1f05d}
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
Probably caused by : ksecdd.sys ( ksecdd!SspiHelperEqualPackedCredentials+d )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
RDR_FILE_SYSTEM (27)
If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
exception record and context record. Do a .cxr on the 3rd parameter and then kb to
obtain a more informative stack trace.
The high 16 bits of the first parameter is the RDBSS bugcheck code, which is defined
as follows:
RDBSS_BUG_CHECK_CACHESUP = 0xca550000,
RDBSS_BUG_CHECK_CLEANUP = 0xc1ee0000,
RDBSS_BUG_CHECK_CLOSE = 0xc10e0000,
RDBSS_BUG_CHECK_NTEXCEPT = 0xbaad0000,
Arguments:
Arg1: 00000000baad0073
Arg2: ffffd0002457bac8
Arg3: ffffd0002457b2d0
Arg4: fffff80000c1f05d
Debugging Details:
------------------
SYSTEM_SKU: To be filled by O.E.M.
SYSTEM_VERSION: 1.02
BIOS_DATE: 03/04/2015
BASEBOARD_PRODUCT: H81-M1
BASEBOARD_VERSION: 1.02
BUGCHECK_P1: baad0073
BUGCHECK_P2: ffffd0002457bac8
BUGCHECK_P3: ffffd0002457b2d0
BUGCHECK_P4: fffff80000c1f05d
EXCEPTION_RECORD: ffffd0002457bac8 -- (.exr 0xffffd0002457bac8)
ExceptionAddress: fffff80000c1f05d (ksecdd!SspiHelperEqualPackedCredentials+0x000000000000000d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000
CONTEXT: ffffd0002457b2d0 -- (.cxr 0xffffd0002457b2d0)
rax=0000000000000201 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffc00003bff410 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80000c1f05d rsp=ffffd0002457bd00 rbp=ffffd0002457bd88
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=ffffc00002fe8b10 r13=ffffd0002457be70
r14=ffffc00001e34670 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
ksecdd!SspiHelperEqualPackedCredentials+0xd:
fffff800`00c1f05d 3901 cmp dword ptr [rcx],eax ds:002b:00000000`00000000=????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: cdc
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff802b836d150
GetUlongPtrFromAddress: unable to read from fffff802b836d3c8
GetUlongPtrFromAddress: unable to read from fffff802b836d568
0000000000000000 Nonpaged pool
FOLLOWUP_IP:
ksecdd!SspiHelperEqualPackedCredentials+d
fffff800`00c1f05d 3901 cmp dword ptr [rcx],eax
FAULTING_IP:
ksecdd!SspiHelperEqualPackedCredentials+d
fffff800`00c1f05d 3901 cmp dword ptr [rcx],eax
BUGCHECK_STR: 0x27
ANALYSIS_VERSION: 10.0.10075.9 amd64fre
LAST_CONTROL_TRANSFER: from fffff80000c1caf7 to fffff80000c1f05d
STACK_TEXT:
ffffd000`2457bd00 fffff800`00c1caf7 : 00000000`00000000 ffffd000`2457bd70 ffffd000`2457bd60 ffffd000`2457bde0 : ksecdd!SspiHelperEqualPackedCredentials+0xd
ffffd000`2457bd30 fffff800`01904aab : 00000000`00000000 ffffc000`03bff410 ffffc000`02fe8b10 00000000`00000000 : ksecdd!SspiCompareAuthIdentities+0x22d7
ffffd000`2457bdd0 fffff800`019023a2 : fffff800`018f4700 00000000`00000001 00000000`00000000 00000000`00000000 : rdbss!RxIsCompatibleSecurityContext+0x10b
ffffd000`2457be70 fffff800`019126fe : 00000000`63457852 ffffd000`2457c0c8 fffff800`01904ec0 ffffe000`00edf0c8 : rdbss!RxFindOrConstructVirtualNetRoot+0x473
ffffd000`2457c080 fffff800`0190519c : ffffc000`003d8201 ffffe000`02682b70 ffffe000`03093010 ffffe000`02682b70 : rdbss!RxCreateTreeConnect+0xfe
ffffd000`2457c100 fffff800`018cfd9e : 01d0982f`6fbf98dc ffffe000`02682a10 ffffe000`02682b70 00000000`00000000 : rdbss!RxCommonCreate+0x2dc
ffffd000`2457c1b0 fffff800`019007df : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : rdbss!RxFsdCommonDispatch+0x56e
ffffd000`2457c320 fffff800`02bce1b3 : 00000000`00000000 ffffe000`02682a01 ffffe000`02682a10 fffff800`011c7010 : rdbss!RxFsdDispatch+0xcf
ffffd000`2457c390 fffff800`011cc682 : ffffe000`0278e220 ffffe000`02682a10 ffffc000`004c1c40 00000000`00000000 : mrxsmb!MRxSmbFsdDispatch+0x83
ffffd000`2457c3d0 fffff800`011cac07 : ffffc000`004c1c40 ffffe000`00edf000 fffff800`011c7010 ffffe000`03183010 : mup!MupiCallUncProvider+0xc2
ffffd000`2457c440 fffff800`006d03a4 : 30080000`0450040c ffffe000`00000008 ffffe000`00edf070 ffffe000`03183010 : mup!MupCreate+0x5f8
ffffd000`2457c4e0 fffff800`00924aa0 : ffffd000`2457c700 ffffd000`2457c7f0 00000000`00000000 fffff800`03002c31 : fltmgr!FltpCreate+0x3a5
ffffd000`2457c590 ffffd000`2457c700 : ffffd000`2457c7f0 00000000`00000000 fffff800`03002c31 00000000`00000000 : mfehidk+0x75aa0
ffffd000`2457c598 ffffd000`2457c7f0 : 00000000`00000000 fffff800`03002c31 00000000`00000000 ffffd000`2457c6d0 : 0xffffd000`2457c700
ffffd000`2457c5a0 00000000`00000000 : fffff800`03002c31 00000000`00000000 ffffd000`2457c6d0 00000000`00060000 : 0xffffd000`2457c7f0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: ksecdd!SspiHelperEqualPackedCredentials+d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ksecdd
IMAGE_NAME: ksecdd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5215f86d
IMAGE_VERSION: 6.3.9600.16384
STACK_COMMAND: .cxr 0xffffd0002457b2d0 ; kb
BUCKET_ID_FUNC_OFFSET: d
FAILURE_BUCKET_ID: 0x27_ksecdd!SspiHelperEqualPackedCredentials
BUCKET_ID: 0x27_ksecdd!SspiHelperEqualPackedCredentials
PRIMARY_PROBLEM_CLASS: 0x27_ksecdd!SspiHelperEqualPackedCredentials
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x27_ksecdd!sspihelperequalpackedcredentials
FAILURE_ID_HASH: {020b5662-e3ac-c43e-b2fc-2ad97f2abb2b}
Followup: MachineOwner
---------