Kaspersky (kltdi.sys) causes a BSOD on Windows Server

Again a nice Blue Screen of Dead troubleshooting today for me. The server causes sometimes a Blue Screen with stopcode 0x7f. The configuration here is a Windows Server 2008 R2 with Kaspersky Endpoint Security for Windows version 10.1.0.867 and after updating to version 10.2.1.23 the BSOD still persists.

The bugcheck shows in the eventviewer:

kltdi.sys WinDbg analyze

 

So we put this dumpfile into WinDbg to analyze the problem and we get this output.

We see that the kltdi.sys is causing the problem here, so what is kltdi.sys? In the file description we’ll find “Network filtering component”, digitally signed by “Kaspersky Lab” and can be found in the folder “C:WINDOWSsystem32drivers”.

So how to fix this problem with this networking filtering component and the Blue Screens…

Just uninstall Kaspersky from your system… No, I got at this moment no other solution then disable the kltdi.sys to be loaded at the system startup, also the Kaspersky forums haven’t a solution for this. So we gonna disable this driver in the Windows Registry. The key name you’re looking for is:

And set the “Start” data value to 4 to disable it. Reboot the computer/server and you won’t get any Blue Screens anymore. And start praying that in a future update Kaspersky will fix this issue.

I was also wondering what kind of start values are valid to put up there, so after some searching on the support website of Microsoft I found this:

Note, for services you only got 0x2, 0x3 and 0x4 as valid options, the ones noted above here are values for device drivers.

kldti registry

With the 0x1 value, the driver is loaded when the Windows system is starting.

Note: On some computers the Transport Driver Interface is also called klwfp.sys. I haven’t seen any problems on systems with this driver.