AdguardTeam
BSODs caused by AdGuard
Please answer the following questions for yourself before submitting an issue
- [x] Filters were updated before reproducing an issue
- [x] I checked the knowledge base and found no answer
- [x] I checked to make sure that this issue has not already been filed
AdGuard version
7.20.2
Browser version
Chrome
OS version
Windows
Traffic filtering
- [x] yes, I do
Ad Blocking
No response
Privacy
No response
Social
No response
Annoyances
No response
Security
No response
Other
No response
Language-specific
No response
Which DNS server do you use?
DNS protection disabled
DNS protocol
None
Custom DNS
No response
What Stealth Mode options do you have enabled?
No response
Support ticket ID
No response
Issue Details
Expected Behavior
Actual Behavior
Screenshots
No response
Additional Information
This is the new task for all BSODs. All information about these issues will be posted here.
Reminder, that switching network driver to TDI (Settings -> Network -> switch off Use WFP network driver option) helps to avoid BSODs in most cases.
Had my (first) BSOD on WPF as well, after running AdGuard for 3 days. Version - 7.20.2 (4988), W10 latest update
I'd like to push the dump file as well, but I've never worked with those before and I don't know how to properly upload the file.
If you can't add them here (you should be able to by dragging and dropping the .dmp file here) you can upload them to file upload sites like Google Drive, Mega, Dropbox, MediaFire, etc. and posting a link. Would recommend compressing them into a .zip file when uploading them.
If you can't add them here (you should be able to by dragging and dropping the .dmp file here) you can upload them to file upload sites like Google Drive, Mega, Dropbox, MediaFire, etc. and posting a link. Would recommend compressing them into a .zip file when uploading them.
Filepath is osDrive:/Windows/Minidump, correct?
Also my bad, I actually can drag and drop it now but I had to grant admin rights first 😆
@anonD7, @1400557585, @paulTan09, could you please help us to clarify your driver's environment with the additional information:
- WFP state information for detailed analysis of possible conflicts with other drivers
netsh wfp capture start
netsh wfp capture stop
The commands above generate a file wfpdiag.cab with required data in current directory.
- List of installed drivers, required to identify the third-party filters
driverquery /V /FO list > driverlist.txt
The command above generates a file driverlist.txt with required data in current directory.
Also please try to remove IDM driver C:\WINDOWS\system32\drivers\idmwfp.sys from your system (or just rename it to be able to return it back afterwards, and remove the whole application Internet Download Manager if it exists
@adbuker , Attached herewith, please find the requested files.
IDM driver {C:\WINDOWS\system32\drivers\idmwfp.sys) & Internet Download Manager not exists.
@adbuker
My computer does not have Internet Download Manager installed
I'm sure some are asking why the WFP driver is enabled by default and why AG's devs have a big desire to keep trying to fix it when switching to the TDI driver seems to work fine and is stable.
The thing is, TDI has been depreciated by Microsoft and they've said that they plan on removing it from a future Windows release. So AG can't rely on TDI being around as a fallback. WFP is meant to be the replacement for TDI but the problem is it's incredibly buggy and having and using multiple WFP drivers at the same time is a recipe for issues like BSODs and incompatibilities (e.g. issues with anti-virus apps and HTTPS filtering).
It's not going to be easy to fix these issues with the WFP driver. In fact it may not be able to be fixed for all configurations and setups.
Yes, switching to the TDI driver works for the time being but it won't be around forever, eventually Microsoft will remove it.
My question to the AG team is if there's any alternatives to the WFP driver that could be explored? Is a Wintun driver a potential alternative? Maybe something fully custom? Because WFP seems to be nothing but neverending issues and I'm sure customers who have experienced this for months are not happy.
@BooBerry That's helpful background.
While it's easy to get a list of drivers on a system, I wonder if there's a way to identify which are WFP in order to get an idea if a given system does have any others that are in use.
Also, deprecation in the Microsoft world can be quite a broad spectrum and doesn't always mean removal. For something like this, as opposed to something trivial, I would think they'd tend to be on the slow side if they do it at all. Does anyone have the latest on their plans?
A dcinside post author argues that maybe Microsoft's core isolation feature can cause this issue: https://gall.dcinside.com/mgallery/board/view/?id=adguard&no=1813&page=1
A dcinside post author argues that maybe Microsoft's core isolation feature can cause this issue: https://gall.dcinside.com/mgallery/board/view/?id=adguard&no=1813&page=1
Anecdotal evidence, but I have core isolation disabled and I still got crashes on WPF
People who are having BSOD issues, do you use any third-party AV products or any other software that filters network traffic?
People who are having BSOD issues, do you use any third-party AV products or any other software that filters network traffic?
Yes, Avira Prime (Real-time protection / Web protection / Ransomware protection).
People who are having BSOD issues, do you use any third-party AV products or any other software that filters network traffic?
no
People who are having BSOD issues, do you use any third-party AV products or any other software that filters network traffic?
no only built-in Windows Defender, nothing extra installed at the system level. Only AdGuard is filtering network (if we don't count the browser extensions).
Another crash with AdGuard 7.2.1.0 nightly 29. No third-party AV or other filtering software installed, just AdGuard and Windows Security.
On Mon 31/03/2025 15:06:22 your computer crashed or a problem was reported
Crash dump file: C:\WINDOWS\Minidump\033125-10625-01.dmp (Minidump)
Bugcheck code: 0xD1(0x8, 0x2, 0x0, 0xFFFFF80326422389)
Bugcheck name: DRIVER_IRQL_NOT_LESS_OR_EQUAL
Driver or module in which error occurred: NETIO.SYS (NETIO+32389)
File path: NETIO.SYS
Description: Network I/O Subsystem
Product: Microsoft® Windows® Operating System
Company: Microsoft Corporation
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
Analysis: This is a typical software problem. Most likely this is caused by a bug in a driver. The crash took place in a Microsoft module. Possibly this problem was caused by another driver on your system that cannot be identified at this time.
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
IMAGE_VERSION: 10.0.26100.3323
STACK_COMMAND: .process /r /p 0xffff8087124dc040; .thread 0xffff80871da1f480 ; kb
BUCKET_ID_FUNC_OFFSET: 14
FAILURE_BUCKET_ID: AV_NETIO!CalloutStreamDataInit
OS_VERSION: 10.0.26100.1
BUILDLAB_STR: ge_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {feacaefb-f5a0-338a-7345-95e6dcab80ac} 我也遇到过这个情况
Hi, here are the diagnostic files.
I don't want to uninstall IDM for the moment, because I need it.
Had uninstalled AG weeks ago after getting bsod from v7.20 WFP enabled. I decided to try again AG to see if the issue was resolved. Had a bsod the same day just from having three youtube tabs open on Firefox. After reboot I went back again to open Firefox and by the third tab opened got bsod again. Win 11 stock av. No issues when using TDI Driver but it's just slower browsing with my 2Gbps connection.
@AncientVamp That's interesting. Have you ever heard from others of TDI affecting speed? You basically have unlimited speed, so are you talking about something like lowering measured download rates from super-fast to slightly less super-fast? Whatever it is, if you noticed it subjectively when browsing, as opposed to something measured, it must really be significant, since something like that is almost impossible to notice otherwise.
I wanna give an update. I was BSODing on W10 under the WPF drivers, switched to TDI but in the mean time I clean installed to Win11 (on the same hardware), left WPF as default and I haven't had a BSOD since April 2 (when I installed W11, basically)
My minidump. adgnetworkwfpdrv appears in the stack, seems like one of the issues caused by the WFP driver.
Thanks a lot for the issues' details, at this moment we are working hard on the process of handling this annoying bug and we'll (I hope) publish the fix in the nearest feature
Strangely, I average about "only" one BSOD / month due to NETIO.SYS
Light office work most of the time, few apps opened. AdGuard 7.20.2 (4988) (CL 1.17.108, DL 2.5.51 ) on Win11 24H2
After the BSOD, restart, logs collected:
I didn't change my devices/drivers manually recently. I don't think I had those BSOD one year ago and before, only started recently the past 6-9 months or so. Could be related to a "recent" Windows 11 update like 24H2 ? Or a recent AdGuard update ?
Note: No IDM here. Windows Security/Defender built-in in Win11 only no external 3rd-party AV used.
It seems that we've identified the issue and will release a fix in the next few days.
@adbuker When you say "the issue" what do you mean? This thread may have begun a month ago, but there have been plenty of other reports over the years like it. Is the fix you're talking about somehow specific to this thread or a general fix that will put BSODs caused by Adguard to bed?
Unfortunately, it would be misleading to claim that the BODY issue can be permanently resolved once and for all. The interaction between WFP drivers from different applications is an extremely complex system, and each case must be analyzed individually.
Above, I am referring specifically to BSODs related to netio.h. While each individual fix helps to stabilize the overall situation step by step, the issue of BSODs is indeed a long-standing one. However, to be fair, you can observe for yourself that with every new solution, the frequency of new problems continues to decrease.
Hi,
I don't know if this could help, but by running Adguard at the same time as NordVPN (VPN enabled. I haven't tried disabling it), I don't have any BSOD issues.
However, without NordVPN running (only Adguard running), I get BSODs (netio.sys problem) randomly over time (WFP enabled).
Perhaps, this could be a clue by analyzing how Adguard behaves when a VPN is running (compared to Adguard alone) with the netio.sys driver. Or (I don't know, it's just an idea), there might not be a problem if the VPN manages the entire networking aspect and, at the same time, the networking aspect of Adguard (the use of netio.sys is managed by the VPN rather than Adguard directly).
