Share via

Live Kernel 17d Windows Defender

Anonymous
2021-05-17T16:37:35+00:00

Once a week (approximately) a non-stop error (Live Kernel 17d) occurs - details below.  In each case the event preceding (according to Event Viewer) is "Security Center" (Source) with detail "Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE-ON."  How are the 2 linked?  3 of exact same crashes are correlated directly to the same preceding event in Event Viewer.

Description

A problem with your hardware caused Windows to stop working correctly.

Problem signature

Problem Event Name: LiveKernelEvent

Code: 17d

Parameter 1: 26

Parameter 2: ffffb58d85e08a20

Parameter 3: ffffb58d73f95010

Parameter 4: fffffb030fe67a70

OS version: 10_0_19042

Service Pack: 0_0

Product: 256_1

OS Version: 10.0.19042.2.0.0.256.161

Locale ID: 1033

Extra information about the problem

Bucket ID: LKD_0x17D_TOAST_IMAGE_twinui.dll

Windows for home | Windows 10 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-05-17T17:46:47+00:00

    Please re-open the question, thank you

    Was this answer helpful?

    2 people found this answer helpful.
    0 comments
  2. Anonymous
    2021-05-17T17:16:47+00:00

    Hi @RyanNYC83, your post is very welcome in our community.

    My name is Wiliam, I am an Independent Consultant and like you, I'm also a user of the Windows system for a long time. I am grateful to be able to help you today.

    I understand how difficult it is when the device or app won't work in the way you expect, but the image you uploaded does not indicate an error. This is just a confirmation that an update from Windows defender has been successfully installed on the system.

    When there is an error in the system, instead of seeing the word "Information" in that column, you will see the words "Critical" or "Error", as shown in the box to the right of the image.

    Thanks for your time., Have a great day and stay safe.

    Best Regards

    Wiliam D.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2021-05-17T17:38:20+00:00

    No such folder exists.  Rather there is a "LiveKernelReports" folder and subfolder called "PDCRevocation".  Each time this crash occurs the date & time of the "PDCRevocation" folder is updated (to the crash time) but nothing is contained in the folder.  Yes, I have unchecked "Hidden Items".

    Was this answer helpful?

    0 comments
  4. Anonymous
    2021-05-17T17:29:41+00:00

    Hi @RyanNYC83.

    It is not possible to say what is going on with this information only.

    If crashes are occurring, please upload any minidump files you have, I will check those to see if they provide any insight into a potential cause of the system crashes . . .

    Check to see if your PC is producing any minidump files rather than that large Memory dump file, I will check those to see if they provide any insight into a potential cause of the system crashes . . .

    - Open Windows File Explorer

- Navigate to C:\Windows\Minidump

- Copy any minidump files onto your Desktop, then zip those up

- Upload the zip file to the Cloud (OneDrive, DropBox . . . etc.), then choose to share those and get a share link

    Then post the link here to the zip file, so we can take a look for you . . .

    Best Regards

    Wiliam D.

    Was this answer helpful?

    0 comments
  5. Anonymous
    2021-05-17T17:25:09+00:00

    No - you didn't read the problem.  The Live Kernel Event (if you look at the screens shot of the log you will notice "Windows Error Reporting" follows) - happens immediately AFTER this.

    Fault bucket , type 0

    Event Name: LiveKernelEvent

    Response: Not available

    Cab Id: 0

    Problem signature:

    P1: 17d

    P2: 26

    P3: ffffdc87ac0d5b10

    P4: ffffdc87a9ac0c90

    P5: ffff8d0b5f3dda70

    P6: 10_0_19042

    P7: 0_0

    P8: 256_1

    P9:

    P10:

    Attached files:

    \?\C:\Windows\LiveKernelReports\PDCRevocation\PDCRevocation-20210424-0921.dmp

    \?\C:\Windows\TEMP\WER-165000-0.sysdata.xml

    \?\C:\Windows\LiveKernelReports\PDCRevocation-20210424-0921.dmp

    \?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER92EF.tmp.WERInternalMetadata.xml

    \?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER92F0.tmp.xml

    \?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER92FF.tmp.csv

    \?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER930F.tmp.txt

    These files may be available here:

    \?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_17d_2d567f6ce3d26c3f0d46bfd6d71de6bc2ac8231_00000000_cab_1b56653c-c10e-4bea-bc49-00dbb7df7cb9

    Analysis symbol:

    Rechecking for solution: 0

    Report Id: 1b56653c-c10e-4bea-bc49-00dbb7df7cb9

    Report Status: 4

    Hashed bucket:

    Cab Guid: 0

    Was this answer helpful?

    0 comments