08-05-2024 11:53 AM - edited 08-05-2024 11:54 AM
We updated Cortex XDR agent on a number of VMs and on some of them the Print Spooler service (spoolsv.exe) started crashing repeatedly, causing disruptions to operations.
Is this a known issue? Are there available workarounds or ways to resolve it short of downgrading the agent?
Sample events:
Log Name: Application
Source: Application Error
Date: 7/31/2024 7:59:28 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: V******a.*****.COM
Description:
Faulting application name: spoolsv.exe, version: 10.0.17763.4644, time stamp: 0xacbcf874
Faulting module name: cyvrtrap.dll, version: 8.5.0.624, time stamp: 0x667afdda
Exception code: 0xc0000005
Fault offset: 0x00000000000175d1
Faulting process id: 0xf28
Faulting application start time: 0x01dae2a0fe85bd33
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\System32\cyvrtrap.dll
Report Id: 8a26e6e7-e8e7-4dc9-9cdb-dce6c0798d81
Faulting package full name:
Faulting package-relative application ID: Log Name: Application
Source: Application Error
Date: 8/1/2024 7:29:24 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: V****a.****.COM
Description:
Faulting application name: spoolsv.exe, version: 10.0.17763.4644, time stamp: 0xacbcf874
Faulting module name: cyvrtrap.dll, version: 8.4.0.51691, time stamp: 0x667afdda
Exception code: 0xc0000005
Fault offset: 0x00000000000175d1
Faulting process id: 0x2f50
Faulting application start time: 0x01dae35a42e79f3d
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\System32\cyvrtrap.dll
Report Id: 90dc4222-bee6-42fd-a6a7-5c4f076c9e99
Faulting package full name:
Faulting package-relative application ID:
P.S. Downgrading from 8.5 to 8.4 seems to help but does not completely eliminate the crashes.
The version prior to 8.4 and 8.5 was 8.2 or lower - and that one didn't seem to cause these crashes at all.
The host OS is WS2019.
Thank you!
