Re: BSOD while using Android Emulators
3: kd> lmvm natsec
Browse full module list
start end module name
fffff880`0a975000 fffff880`0a983000 natsec T (no symbols)
Loaded symbol image file: natsec.sys
Image path: \??\C:\Windows\natsec.sys
Image name: natsec.sys
Browse all global symbols functions data
Timestamp: Wed Jul 5 17:23:58 2017 (595D048E)
CheckSum: 00013DB0
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
[/CODE]
I can't find anything about this driver.
Unless I'm wrong and looking in the wrong direction, this kind of drivers don't use file properties and I don't assume you know what this driver belongs to?, so I would suggest to visit our Security Arena.
I can't find any info on this driver either. Could it be dynamically allocated? (created by an app as it executes; then the driver disappears when finished).
@
MoonWalker - go to
\windows\system32\drivers, look for
natsec.sys and see what the Properties tab + Detail tabs say. Any company information? This is of course only if you find the file.
Also, bring up an
Admin CMD prompt; copy/paste this command into it:
Code:
cd\ & where /r c:\ /f /t natsec.sys >0 & start notepad 0
A Notepad will open. If it contains anything, copy/paste it into your post. If it's blank, please be sure to tell us.
The WHERE command you're running may appear to hang (curser on next line; blinking; screen appears frozen), but it's not. Sometimes, it can take 15-30 minutes to search your system for a single file. So give it at least 30 minutes (if it appears to be "hanging").
EDIT: Give it an hour if necessary. I just ran a test on my system (core i7; 12 GB RAM) and it took 47 minutes for the WHERE command search to complete. Make sure the VPN is on.
I need the Sysnative/jcgriff2 app output zip file but am having trouble getting it from Dropbox.
Please ATTACH it to your next post.
Run Driver Verifier. Be sure to have the VPN on if you believe that to be the origin of natsec.sys.
Driver Verifier - BSOD related - Windows 10, 8.1, 8, 7 & Vista
D/V must run for 24 hours minimum or until BSOD. If BSOD occurs, get the dump (\windows\minidump); copy to Documents; zip it up and ATTACH to post.
Regards. . .
jcgriff2