BSOD When Mounting FAT-Formatted Volumes #1466
Comments
|
Hi @makensen, Thanks for the report. In the case of a BSOD, Windows displays a blue screen with minimal information about the cause of the error. The first step is to configure Windows NOT to reboot automatically when a BSOD occurs, so users can take a picture of the screen. The second step is to configure Windows to create a kernel memory dump or a complete memory dump. This will generate a dump file, typically located at When VeraCrypt mounts a volume, it transfers the handling of the filesystem to Windows, as VeraCrypt is responsible only for encrypting and decrypting sectors. It seems that something is triggering an issue with the FAT filesystem. This could be related to how the FAT volume was created, or it might involve another component on the machine mishandling FAT volumes stored within VeraCrypt volumes. The BSOD message will provide the first clues about the faulting driver. My initial suspicion is that a third-party driver, such as one from an antivirus solution that filters filesystems, might be causing the issue. These drivers can sometimes become confused when FAT volumes are part of VeraCrypt volumes.
|
|
thank you very much for your explanation, @idrassi |
|
It may help or not, but this is the printscreen with the BSOD.. the laptop did not instantly reboot, but while it shows this screen you were not able to recover, so a power reset was the only solution to move on |
|
Thank you for the printscreen. This BSOD is unusual to me because in previous cases where VeraCrypt driver was causing a crash, BSOD message always mentioned the faulting driver. So for me, this particular BSOD comes from another driver on the machine that trigger a BSOD so deeper than usuat that no event log or even crash dump is captured. I would recommend to contact Crowdstrike to help you investigate this because they are probably the ones whose driver is crashing. |
|
PS: what about exFAT volumes? are they also causing BSOD? If it is only FAT, then Crowdstrike may have issue with virtual FAT volume hosted on VeraCrypt volumes. |
|
@idrassi thank you. |
Hello,
We are conducting a PoC for VeraCrypt as a new folder encryption tool within our company.
Few testers reported that they receive a BSOD when they mount a container created with FAT filesystem.
Unfortunately we can't see anything in the Event Viewer and the VeraCrypt folders within %appdata% are empty.
We are using version 1.26.15 (64-bit).
Is there a chance to get some logs from VeraCrypt that we can analyse internally ? In the UI I can't find such option.
Here: veracrypt.eu/en/Troubleshooting.html is said that I can use Help -> Analyze a System Crash, but I don't have such option under Help.
We are using Windows 11 and have a Crowdstrike agent locally installed, I wonder if this could be the issue.
Kind regards,
Mihai
The text was updated successfully, but these errors were encountered: