In late December 2015, an update to the Avast antivirus began causing daily blue screens of death on Windows 8.1 computer. I first became aware of the issue after a client that uses Avast complained of nearly daily BSoDs on most computers. This happened shortly after I had put in place the Registry settings to control the Windows 10 upgrade prompts and Get Windows 10 (GWX) system tray icon. I began my troubleshooting there. I verified the Registry entries that I deployed with Group Policy Preferences were applied as I configured and that they matched the documentation from Microsoft. Upon removing the Registry keys, the blue screening continued, so I had ruled out that setting as the cause and put it back in place.
After barking up the first tree by assuming the most recent system-wide change was the culprit, I found minimal other clues indicating what the problem could be. The minidump from the blue screen simply pointed at ntoskrnl.exe as the process/driver loaded when the crash occurred. That was a vague and unhelpful hint. For a system-wide impact, it would have to be a Windows Update or an automatic update to another piece of software. Rolling back Windows Updates did not solve the problem and I found nothing matching the systems when searching online.
I finally got lucky with the right Google query and found a thread on the Avast Support forums. The description of blue screen crashing on Windows 8.1 was an exact match to my symptoms and the time frame was roughly the same. Unfortunately, Avast did not reply in the thread and others working with support were unsuccessful. Once the culprit was identified, obvious steps were still unsuccessful. An uninstall and reinstall still resulted in the BSoD frowny faces at least once a day. Only uninstalling Avast was a consistent cure.
One computer that you could see from the minidumps had crashed at least once a day everyday since January 19th suddenly stopped crashing on March 18th. It seemed Avast had pushed out an update that finally fixed the problem. I tried updating other computers that were still crashing but they were already on the latest version. Uninstalling, running Avastclear, and installing the latest version was the recommended solution, or upgrading to Windows 10. The problem came down to a problematic file in 8.1.1606 of Avast for those clients that upgraded from 1603. The file was C:\Windows\aswvmm.sys and the micro update including the fixed version of the file was released on February 9th as part of a VPS update. Some clients updated but many did not replace the driver successfully. The only source in the thread for a working copy of the legitimate file came from a peer and not from Avast. Helpful as they were, it was not a trustworthy source to replace a system-level driver across an organization.
While my client finally seems to be resolved from this long and drawn out error, others continue reporting on the thread of experiencing the issue still or are trying to deploy the solution across their organization. For many, this seems to be a final straw in moving away from Avast.