adam2104 Posted April 29, 2014 Report Share Posted April 29, 2014 I already sent this into support@immunet.com, but I'm posting it here as well in case anyone else runs into the same problem. I recently purchased Immunet Plus to run on my home PC. As soon as the Immunet installer finished, Event Viewer on Windows logs the following two errors: "Log Name: System Source: Ntfs Date: 4/28/2014 5:11:20 PM Event ID: 55 Task Category: None Level: Error Keywords: User: SYSTEM Computer: adam-pc Description: A corruption was discovered in the file system structure on volume \\?\Volume{5f48968d-ce78-11e3-8250-806e6f6e6963}. A file on the volume is no longer reachable from its parent directory. The parent file reference number is 0x2000000000002. The name of the parent directory is "<unable to determine file name>". The parent index attribute is ":$I30:$INDEX_ALLOCATION". The file reference number of the file that needs to be reconnected is 0x100000000b0a2. There may be additional files on the volume that also need to be reconnected to this parent directory." "Log Name: System Source: Microsoft-Windows-Ntfs Date: 4/28/2014 5:11:20 PM Event ID: 98 Task Category: None Level: Error Keywords: (2) User: SYSTEM Computer: adam-pc Description: Volume \\?\Volume{5f48968d-ce78-11e3-8250-806e6f6e6963} (\Device\HarddiskVolume1) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell." This happens IMMEDIATELY after the installation of Immunet. I've installed and uninstalled the program several times now and it happens every time I do the installation. Yesterday, thinking I had uncorrectable hard drive errors I completely reformatted my PC and reinstalled Windows. The problem went away until the exact moment I installed Immunet. Further investigation shows some other, Informational, alerts showing up in Event Viewer at the same time. This seems to be directly related to the "Trufos" file system filter driver that gets loaded during installation. Event viewer reports the following: Log Name: System Source: Service Control Manager Date: 4/28/2014 5:11:20 PM Event ID: 7045 Task Category: None Level: Information Keywords: Classic User: adam-pc\adam Computer: adam-pc Description: A service was installed in the system. Service Name: BitDefender Threat Scanner Service File Name: %SystemRoot%\System32\svchost.exe -k bdx Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem --- Log Name: System Source: Service Control Manager Date: 4/28/2014 5:11:20 PM Event ID: 7045 Task Category: None Level: Information Keywords: Classic User: adam-pc\adam Computer: adam-pc Description: A service was installed in the system. Service Name: Trufos Service File Name: C:\Windows\System32\Drivers\trufos.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: --- Log Name: System Source: Microsoft-Windows-FilterManager Date: 4/28/2014 5:11:20 PM Event ID: 6 Task Category: None Level: Information Keywords: User: SYSTEM Computer: adam-pc Description: File System Filter 'Trufos' (6.1, 2011-10-19T05:10:43.000000000Z) has successfully loaded and registered with Filter Manager Note, all of those events, the registering of the BitDefender scanner, and Trufos kernel mode driver, all happen at 4/28/2014 5:11:20 PM. That is the exact same timestamp as the NTFS errors I mentioned above. Presumably the file system errors reported are directly related to the loading of this file system filter. Additionally, I found a thread over in the Ad-Aware forums from one of their users reporting the same problem. http://www.lavasofts...rors-important/ It seems Ad-Aware also uses an engine from BitDefender. The user here is also using Windows 8.1, like I am. A few details about my PC: 1. I'm running Windows 8.1, with all the latest updates installed. This is a completely fresh install, installed yesterday evening. 2. Rebooting my PC does not correct the errors mentioned above. Running chkdsk manually does not indicate there are any errors on the file system. The errors only go away once I uninstall Immunet, which subsequently stops the Trufos kernel driver from being loaded. Any suggestions would be most appreciated. Regards, Adam Link to comment Share on other sites More sharing options...
ritchie58 Posted April 29, 2014 Report Share Posted April 29, 2014 Thanks for reporting this issue Adam. Support has recieved your report and will be looking into this. Regards, Ritchie... Link to comment Share on other sites More sharing options...
rsmith Posted May 6, 2014 Report Share Posted May 6, 2014 Just thought I would update this thread for future reference and anyone else experiencing this. Our Tetra driver is out of date and is having compatibility issue with the latest Windows 8 Update (KB2919355) causing the NTFS errors. We are updating it and are working on a new build but not sure when it'll be available. If you are getting these errors then you can disable Tetra as a temporary solution. It should be noted that Immunet will still function properly even with the errors. Windows is just unhappy. The Rootkit scans performed by Tetra may not return reliable results during this time, however. If anyone has any issues like this please contact support@immunet.com and we'll help you out. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.