System and Security: Avast Antivirus blue screens and ZoneAlarm Firewall startup problems.
Blue Screens of Death.
When Windows encounters certain situations, it halts and the resulting diagnostic information is displayed in white text on a blue screen. This is commonly called a Blue Screen of Death (or BSOD). They occur when:
- Windows detects an error that it cannot recover from without losing data.
- Windows detects that critical operating system data has become corrupted.
- Windows detects that hardware has failed in an unrecoverable fashion.
Blue screens may result in data loss or file corruption, and, if important operating system files are concerned, in a situation, where Windows doesn't no longer work correctly or even a situation, where it is no more possible to start Windows. The reasons of blue screens are multiple, but it is estimated that about 3/4 of them are caused by faulting drivers.
When your computer crashes with a BSOD, the events leading up to the crash are held in memory until you restart your computer, when they are written to a file (called a dump file). The memory dump file is critical in the diagnosis of a blue screen! Normally, when Windows reboots from a BSOD (or other bug check), it tells so. And normally the message displayed contains information about the dump file (usually called MEMORY.DMP and stored in the C:\WINDOWS directory). If you intend to ask for support, you should copy (move) this file immediately to a user folder (avoiding, that it is overwritten, when another similar problem occurs).
Blue screens caused by Avast Free Antivirus.
Within a period of two weeks, I got two BSOD on my Windows 10 Home 20H2, running on Dell G3 3500. The screenshot below shows the corresponding entry in Windows Event Viewer. This is good to know, but doesn't really help. It doesn't tell anything about the driver (other software or hardware device), that caused the blue screen and the information, I found, when searching the Internet concerning the bug check code, didn't bring me any further, either (suggesting, however, that a faulting driver would probably be the cause).
There are several possibilities to try to resolve the issue: Windows Troubleshooting (I think, that there is a special utility for blue screen troubleshooting on the Microsoft site); troubleshooting the blue screen with some software, that might be installed by your computer vendor; asking for support (computer vendor or dealer, Microsoft, forums). On Dell G3 machines, there is a utility called Dell Support Assistant. It's in the history of this application, that I found out, that it was Avast Free Antivirus, that had caused the issue.
Avast Anti Rootkit (aswArPot.sys) on April 22 and Avast File System Filter (aswMonFlt.sys) on May 5: two components of my Avast Free Antivirus (it was version 21.3, I guess) had caused BSOD errors and risked to "kill" my Windows operating system. What should I do? The logical way to proceed would have been to uninstall Avast. My problem was, that I was using Avast Free Antivirus during years and never had any malware related problems. Not a question of gratitude, but a question of trust, based on the experiences I made. And, even though I was really scared to have to reinstall my system in some near future, I could not decide, which anti-malware application to use. Time passed, Avast Free Antivirus remaining on my machine. Acting this way is, of course, not recommended. Temporarily replacing the issue causing software should be the minimum you do! I was lucky, no more blue screen after May 5, not with version 21.3, nor with version 21.4 (auto-update on May 28).
Working under a condition, where a new blue screen could happen at any moment, was however to stressful. That's why I decided to contact Avast Customer Service. I don't think that this is directly possible with the freeware version, but you may post your issues at the Avast forum (need to create an account, in order to make a post). I was told, that my message would be transferred and that I would be contacted by customer service. Support on Avast products is really great: Concerned about the customer's problems, willing to help, well explaining what you should (could) do in order to find a solution. I got the link to download the Avast Support Tool, that may be used to collect actual data, including a memory dump and was told to upload the file, created by the tool, to the Avast servers. I did actually not use the tool; I still had the two memory dumps, that Windows created, when the blue screens occurred. Lots more significant information for them in these files, of course, so I uploaded the two dumps, to be analyzed by the developer team.
I can't say if the drivers, that caused the issue, could provoke a BSOD by them alone. Maybe that all depended on a very specific situation: not only those driver versions, but also a given version of Windows updates or Dell software. On the other side, I got the confirmation from Avast, that there has been an issue with some components of Avast Free Antivirus, and this issue has been resolved in the latest versions. So, if you have problems with Avast antivirus, check first if you really have the latest program version installed (what should, by the way, always be the case).
Startup problems of ZoneAlarm Free Firewall.
I guess that it was by hazard that I noticed, that the ZoneAlarm icon was not present among the system tray hidden items. Looking at Windows Evant Log, I found an entry, concerning the ZoneAlarm component zatray.exe, as shown in the screenshot below.
Four questions arising here: What exactly is zatray.exe? If zatray.exe isn't running, does that mean that my firewall is down and that I'm exposed to being hacked from the Internet? What is the reason of the problem? What can I do to solve it? Concerning the last two questions, I searched the Internet without finding an answer. In fact, I didn't really search seriously, because I came to the conclusion, that zatray.exe not running is not really a major issue. For me, zatray.exe is nothing more than the ZoneAlarm GUI, the possibility of the user to interact with the application and I'm pretty sure that, even if zatray.exe does not start, the ZoneAlarm firewall is up and protecting me. Have a look at the screenshot below: the ZoneAlarm icon is missing among the system tray icons (the application isn't actually being executed), but in Windows Task Manager, you can see that the ZoneAlarm firewall components are well running. And another argument, that my protection is ok: Windows Security shows a green "No action needed", what means, among others, that antivirus and firewall software are installed, active and up to date.
So I would say, if you encounter this problem, you shouldn't worry about. There are other applications, that show application crashing entries in Windows Event Log (on my system, for example, AUDIODG.EXE). This is not normal, of course, but everything runs, or at least seems to run, fine, even if this error condition occurs. You can start the ZoneAlarm GUI (minimized, running in the system tray) by launching ZoneAlarm Security in the CheckPoint Start Menu folder. However, this not always works. Sometimes Windows is not able to start the application and the message, shown on the screenshot below is displayed.
Of course, this should not happen and it would be interesting to know, what is the application that blocks Windows to access zatray.exe. Avast Ransomware Shield (part of Avast Free Antivirus) blocks access to the user folders (Documents, Pictures...), but I don't think that it protects system folders as Program Files (x86), where the ZoneAlarm Free Firewall is installed. If someone knows more, or has any suggestions of how to find out more, thanks to let me know...