• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Is Cbfs6.sys a threat?

Hi,

From time to time my desktop is crashing few time after booting. Cras message is stating CbFs6.sys is the cause of it. Deleting this file solves the issue.

1. Do you have any clue about this file stored in c:\windows\dsystem32\drivers\ ?

2. Is there a way for Norton to avoid this file to be stored?

Regards

Replies

Kudos0

Re: Is Cbfs6.sys a threat?

Hello

After doing a Google search, I came about this site.

https ://www . file . net/process/cbfs6 . sys . html  Please don't click on any links on this site. It is given for information only.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Is Cbfs6.sys a threat?

Hi fnbrev:

Additional information about cbfs6.sys (Callback File System Driver from EldoS Corporation) can be found in the MS Answers forum thread BSOD Caused by a Driver.  In that case the BSODs stopped after the user updated their Intel HD 520 graphics driver.  According to the information at https://www.callbacktechnologies.com/ this software is used to create virtual drives (e.g., for gaming software) and the EldoS Callback product line was discontinued/replaced in September 2017.

fhbrev:

...Is there a way for Norton to avoid this file to be stored?...

Has the cbfs6.sys file re-appeared in C:\Windows\system32\drivers\ since you deleted it? A BSOD caused by a driver doesn't necessarily mean it's malicious.  It might mean that the driver is poorly coded (e.g., it accesses a reserved region of your computer's memory) and if cbfs6.sys is required by a software program on your computer then deleting it might cause unexpected problems.  As a first troubleshooting step I'd suggest updating your graphics drivers - let us know your computer make and model, Windows OS and whether you have a discrete graphics card (e.g., NVIDIA GeForce, AMD Radeon, etc.) if you require assistance.

If updating your graphics driver doesn't help then an analysis of the dump files generated after the BSODs will likely be required.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.15.0.88

Kudos0

Re: Is Cbfs6.sys a threat?

Hi,Thanks for your input.
Finally, Having quite significant other troubles (I was then running W10 Insider), I reimaged my desktop using standard W10 image 1803 and took this opportunity to check if and when the cbsf6.sys would be loaded. It did !!
pCloud application is the one. But…, they factually state ''pCloud uses ELDOS CBFS as our drivers, which are essential for the work of pCloud Drive. The installation is secure, nothing to worry about. Microsoft .NET Framework 4.5 (or later) is also required to be installed beforehand.''.

Having rebooted my desktop after pCloud installation, it did work properly. I may then suspect Insider installed an update poorly finalized(?). The fact is that pCloud was removed up to some months ago by Insider releases. Having notified this issue, latest Insiders were no more removing it. As the issue happened from the previous Insider release (the one of early September), it may have been modified at this time(?).

In attachment, you will find a picture of its properties.

Regards

File Attachment: 
Kudos0

Re: Is Cbfs6.sys a threat?

fhbrev:
...I may then suspect Insider installed an update poorly finalized(?). The fact is that pCloud was removed up to some months ago by Insider releases. Having notified this issue, latest Insiders were no more removing it. As the issue happened from the previous Insider release (the one of early September), it may have been modified at this time(?).

Hi fhbrev:

Good work tracing your cbfs6.sys driver back to your pCloud online storage application.  Do you recall if you had already upgraded to Win 10 Insiders Preview Build 18242 (released 18-Sep-2018) before your crashes started? Was pCloud ever bundled (included) with previous Win 10 Insiders Preview builds or did you have to download this app separately from the Microsoft App Store?

If someone with a Win 10 Insiders Preview build doesn't respond in this thread it might be best to ask your question in the MS Answers forum. Microsoft has a separate board for the Windows Insider Program at https://answers.microsoft.com/en-us/insider/forum/insider_wintp.  User SteveNeidig just started a thread Get Stop Code File_System Message and Computer Re-boots in that Insiders board on 19-Sep-2018 about issues caused by cbfs6.sys so at least one other Windows Insider has reported the same problem, although no one has posted a solution yet.  You might want to post in that thread and ask SteveNeidig if they are also using pCloud.

...pCloud application is the one. But…, they factually state ''pCloud uses ELDOS CBFS as our drivers, which are essential for the work of pCloud Drive. The installation is secure, nothing to worry about. Microsoft .NET Framework 4.5 (or later) is also required to be installed beforehand.''... In attachment, you will find a picture of its properties.

Your image shows that this cbfs6.sys driver was originally released two years ago (last modified 09-Sep-2016) and is signed with an old SHA1 digital certificate, which might be part of the problem.  See the Computerworld article The SHA1 Hash Function is Now Completely Unsafe about recent efforts to force software vendors to replace all digital certificates using a SHA-1 hash with newer and more secure SHA-256 certificates. That odd statement that pCloud posted on their website about the EldoS CBFS driver certainly makes me suspect they know this is a buggy driver that can cause problems on some systems.

I don't think this should be a concern for you, but If you are worried that your cbfs6.sys file is suspicious / malicious and should be detected and blocked by Norton you can upload the cbfs6.sys file in C:\Windows\system32\drivers\ to the VirusTotal.com site (https://www.virustotal.com/#/home/upload) for a second-opinion virus scan.  VirusTotal will scan the digital signature (the file's unique SHA-256 or MD-5 hash) with ~ 70 different antivirus scan engines like Bitdefender, Kaspersky, McAfee, Symantec/Norton, etc..  A VirusTotal rating of 2/67, for example, would mean that only 2 of 67 antivirus scan engines flagged your file as suspicious / malicious and you could be relatively certain that this file was "safe".  In this case, "safe" would only mean that the cbfs6.sys was the legitimate driver released by EldoS two years ago and not malware trying to disguise itself as an EldoS file - VirusTotal can't tell you if the real cbfs6.sys driver is poorly coded and prone to crashing.

Let me know if your stop codes and crashes eventually return now that you've rolled back to Win 10 Version 1803 and we can investigate further.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.15.0.88

Kudos0

Re: Is Cbfs6.sys a threat?

Hi,

Your questions:

  1. Do you recall if you had already upgraded to Win 10 Insiders Preview Build 18242 (link is external) (released 18-Sep-2018) before your crashes started? : Yes, from the previous one. I was hoping 18242 would solve it, it did not.
  2. If someone with a Win 10 Insiders Preview build doesn't respond in this thread it might be best to ask your question in the MS Answers forum. I will do it today
  3. Let me know if your stop codes and crashes eventually return now that you've rolled back to Win 10 Version 1803 and we can investigate further. No. I will go back to insider some time next week or so, as I want toi ensure I will be able to rollback quickly as it was not the case this time.

Thanks for your follow-up that I really appreciated

This thread is closed from further comment. Please visit the forum to start a new thread.