none
Sysmon 11.0 - Reoccurring BSOD - Minidumps suggest Onedrive RRS feed

  • Question

  • After recently updating Sysmon 10.0.0.2 to 11.0 to a small test group of workstations, I'm having reports of BSOD occurring every 30 minutes to every several hours. After rolling back sysmon, the machines are stable once more.

    The BSOD reports EXCEPTION_DOUBLE_FAULT and the minidumps I've seen from different machines (Win10 1909) seems to be very unhappy with the Onedrive driver:

    IMAGE_NAME:  cldflt.sys
    IMAGE_VERSION:  10.0.18362.1059

    Has anyone else experienced or read of any similar experiences with Sysmon 11.0?

    Thursday, May 7, 2020 9:13 AM

All replies

  • We haven't had any reports of this. If you are willing and able to share the dump file I would be happy to take a look for you. Could you contact me offline via the syssite@microsoft.com alias

    MarkC(MSFT)

    Thursday, May 7, 2020 11:05 AM
  • Thanks MarkC(MSFT).

    I shall correspond to you via email and feed back any information of value back into this post.

    Have a good weekend everyone.

    Thursday, May 7, 2020 9:15 PM
  • Quick update on this. I took a peek at the dump file and this does seem to be an issue with the cloud file system filter driver so I passed it to the CLDFLT team at the end of last week. Will update as soon as we have a response

    MarkC(MSFT)

    Monday, May 11, 2020 1:03 PM