Kaspersky (kltdi.sys) causes a BSOD on Windows Server

Again a nice Blue Screen of Dead troubleshooting today for me. The server causes sometimes a Blue Screen with stopcode 0x7f. The configuration here is a Windows Server 2008 R2 with Kaspersky Endpoint Security for Windows version 10.1.0.867 and after updating to version 10.2.1.23 the BSOD still persists.

The bugcheck shows in the eventviewer:

kltdi.sys WinDbg analyze

 

So we put this dumpfile into WinDbg to analyze the problem and we get this output.

We see that the kltdi.sys is causing the problem here, so what is kltdi.sys? In the file description we’ll find “Network filtering component”, digitally signed by “Kaspersky Lab” and can be found in the folder “C:WINDOWSsystem32drivers”.

So how to fix this problem with this networking filtering component and the Blue Screens…

Just uninstall Kaspersky from your system… No, I got at this moment no other solution then disable the kltdi.sys to be loaded at the system startup, also the Kaspersky forums haven’t a solution for this. So we gonna disable this driver in the Windows Registry. The key name you’re looking for is:

And set the “Start” data value to 4 to disable it. Reboot the computer/server and you won’t get any Blue Screens anymore. And start praying that in a future update Kaspersky will fix this issue.

I was also wondering what kind of start values are valid to put up there, so after some searching on the support website of Microsoft I found this:

Note, for services you only got 0x2, 0x3 and 0x4 as valid options, the ones noted above here are values for device drivers.

kldti registry

With the 0x1 value, the driver is loaded when the Windows system is starting.

Note: On some computers the Transport Driver Interface is also called klwfp.sys. I haven’t seen any problems on systems with this driver.

  • Barry

    Have you been able to disable this driver? i get an error when writing the value content and it will not save.

    • BVucinec

      Hi, what kind of error you get? Do you have permissions set to edit the value in the registry or started regedit as administrator? It’s also possible that Kaspersky is protecting the key, you should be able to change the value in safemode.

  • Barry

    I have local admin rights to the box. I’ll try in safe mode as well, although i think i may have done that with the same result. This BSOD is causing havoc with Win7 and Visual Studio debugging. Although it may be related to some homegrown .net apps as well. No help from kaspersky.

    The error is “Error writing the value’s data”. All points to no permissions. Local admin has full permissions inherited. I’ll post back with findings from safe mode.

  • Barry

    I was able to change the reg key in safe mode. I thought i had tried that prior to posting. We’ll see if it stops the BSOD. Kaspersky has been less than stellar with trying to pinpoint this issue. This issue is random and annoying. Have provided them with full dumps of various PCs. nothing!