BSOD on Server 2019

[RavenfireIT]

Hi,

I have installed on Server 2019 (Hyper-V Host):

• during normal operations including Veeam Backups it appeared that Raccine never spotted any issues to act upon
• I ran a simple test: vssadmin delete shadows /all - this caused a BSOD
• After checking the Event logs: nothing except an unexpected shutdown
• Check the dump file: complains about a Kernel Panic, no more
• It appears that the shadows copies were deleted

Today I ran another test after shutting down my VMs): vssadmin delete /all - the command completed successfully and the shadows were deleted.

Raccine is fully enabled (not simulation mode).

It appears that it is completely ineffective or not active, and doesn't even post anything to the Event Logs (other than the initial installation).

Am I missing something obvious?

I would expect the system to work on any modern Windows version, and also work regardless of the roles installed on the Server.

Please advise how I can proceed from here ...

Thanks in advance.

[Neo23x0]

Highly unlikely that Raccine caused a BSOD. Could not be reproduced with a Windows Server 2019 VM.

[RavenfireIT]

Hi,

Thanks for the reply; the BSOD may have been a coincidence, but I ran the command, everything froze & BSOD before the command could complete.

On the second note: When I ran the command today as a test to eliminate the BSOD, I was able to delete the shadows without issue or any report of the action. Raccine said it was active but did not prevent the destructive command.

It appears that it is completely ineffective or not active, and doesn't even post anything to the Event Logs (other than the initial installation).

Am I missing something obvious?

Thanks.

[Neo23x0]

I honestly have no idea why you installed it on a Windows 2019 Server. It prevents Ransomware infections that occur within a user session in which users browse the web, open email attachments or run suspicious downloaded software. It doesn't make a lot of sense to install it on a server system.

[raomin]

I also was considering deployment on servers, because this is where I want to avoid ransomware spreading, maybe through an exploit or something... The firsts tests we did showed some instability on one server. Not sure yet if it's linked to Raccine. Do you stand on this @Neo23x0, we should not deploy it on servers?