I just received an Analysis report from Bitdefender support pertaining to their internal testing of the issue. Can I share it here or does it need to happen via PMs? It contains a zip file and a PDF.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for asking about posting with the ZIP and PDF files as attached files since normally I remove those posts to protect the VeraCrypt community.
I will allow the files to be posted given that these files are from BitDefender.
Before you post the files, can I ask you to run them through VirusTotal?
What file types are in the Zip file?
Last edit: Enigma2Illusion 2023-07-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@crbrac, Wow, thanks for this. That was an excellent freebie from BitDefender, analyzing Veracrypt's code and even delivering a Proof of Concept. Fantastic. It hit on so many points.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank @crbrac for the time and effort taken to report this issue to BitDefender and for following up with them. Your commitment to improving VeraCrypt is deeply appreciated.
A big thank you is also due to all users who have shared their findings and suggestions about this issue over the years. Such community effort is vital to the growth and improvement of open-source software.
Of course, I must also thank the BitDefender team for taking the time to thoroughly analyze and document the system freezing issue reported by @crbrac and other users. It's great to see a security company dedicate engineering resources to help understand a problem in an open source disk encryption tool like VeraCrypt. Their detailed analysis provides very valuable insights.
The core issue is indeed an architectural limitation in the VeraCrypt driver, where pagefile I/O requests triggered from completion routines can cause deadlocks due to VeraCrypt's single-threaded IRP completion design. The BitDefender report clearly illustrates how this deadlock scenario occurs.
One obvious idea for a fix would be to rearchitect the driver to handle IRP completions with multiple threads, rather than just a single thread. This could prevent the queue from backing up and causing a system freeze. Additionally, we might explore the possibility of a timeout mechanism to prevent infinite waiting scenarios.
These changes require careful design and extensive testing to ensure we do not introduce other problems but this is a crucial step towards enhancing the stability of VeraCrypt.
Again, I want to thank @crbrac for spearheading this investigation and the BitDefender team for their time researching and documenting this complex issue. Collaboration between developers, researchers, and users is how we make open source software more robust! For sure, this analysis provides a good foundation for improving VeraCrypt and preventing this freezing problem.
👍
4
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks Mounir for offering to look into this issue, it will need a lot of work.
Over the years I may have stumbled upon this issue. I have noticed that sometimes when you accidentally enter the wrong password for a container, VeraCrypt tries to mount it anyway and never completes with an incorrect password error. You also can’t kill the VeraCrypt process since the mounting is done via the System process (Process ID 4) and I’ve never been able to locate the relevant file handle in the System process to close the handle.
I’m not sure if the limitations of the driver are what I see what a new container is being mounted that you can’t access files on already mounted containers until the new container has been mounted. Never mind its just a limitation I’ve noticed and I simply just wait for the mounting to be complete.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@idrassi Thank you for your acknowledgement. Happy to have done my little bit. You guys (the unsung heroes) do the real deal. Like others, I also want to take this opportunity to thank you and others involved in the project for taking time and resources away from your personal lives in making our digital lives more secure.
A big thanks also to the Bitdefender team for extending their support by going beyond the call of duty.
@ehheh1000 You set the ball rolling. We could have gotten there quicker if you had your wave a tad earlier :p
Last edit: crbrac 2023-07-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Interesting to find such an issue described here + the thread being active and a source of the problem having been found only recently.
I found this thread with Google since I am also using VeraCrypt. Had a similar problem with an older computer (Win 7, system encryption and the OS and all other drives on an HDD, not SSD). Using AVG.
I thought it might have been my old computer - old CPU and the Win 7. Got the freezes mainly when gaming. And pretty random. Sometimes none in a lot of days. Then sometimes more frequent even more than twice a day. (It helped to use less RAM - letting firefox closed that uses a lot of RAM cause I have opened a lot of tabs by default.) No error log and the system's event viewer only showed that the system got not shut down normally before rebooting again. (Cause I had to hard reset/reboot.)
Now I am at Win 11 and 16 GB RAM (before that only 8 GB). Similar problem recently. Mainly when gaming. The OS is still on my HDD and the game on an SSD (also encrypted). Used an older AMD graphics card before. Now integrated graphics card from the AMD Ryzen 5 4650 G which is enough for my games. (Still faster than my old setup where I used an intel CPU.) AVG also running.
From what I have read it seems to be (also recogzied by Mounir, a VeraCrypt dev) a VeraCrypt issue related to the pagefiles? (I had enabled them in my old setup and now in the new one as well.) Might try to check if it works with disabling it (since I have 16 GB ram ... might possibly upgrade to 32).
Other than that ... patiently waiting I guess. I agree that the fix here should be developed very carefully to not introduce more/other problems.
Before I thought it as well that it was a RAM hardware issue but the RAM seens fine (new computer) and other people seem to have tested this on the previous pages. (VeraCrypt and/or AVG antivirus were my only further things that I had under suspicion.)
Thanks to all that have contributed tryint to narrow down the source of this problem.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just to let others know that maybe Microsoft knows about this issue, because I find that Windows 11 is using the pagefile on my second internal hard drive, an HDD, instead of using the pagefile on my SSD internal drive which is running Windows. So that means, that data being saved to the pagefile is not encrypted. I think there's an option in the Group Policy Editor to make sure that Windows zeroes the pagefile before shut down. I tried freezing my system but it does not work, I think because the pagefile being used is on a different drive.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello. I created an account just to comment on this issue. It was occurring on my system that has Windows 10, Bitdefender, and Veracrypt system disk encryption.
I was able to resolve the issue by turning off the "Advanced Threat Defence" module in Bitdefender, as another person on this issue suggested to do. So, first of all, THANK YOU!
Here is my question. I would like to turn this module back on, if possible, by setting up an exclusion to stop bitdefender from scanning whatever is causing the issue. I believe the ATD module is important because it is where the "real time" security monitoring of Bitdefender comes from.
Does anybody know if it is possible to turn this module back on by setting up the proper exclusions? Thank you.
EDIT August 2024 -
I ended up upgrading my computer to 64GB of RAM and disabling the windows page file.
With the page file disabled, I am now able to use the full functionality of Bitdefender without Veracrypt freezing up my Windows 10 computer. Happy camper with this solution!!!!!!
Last edit: Turbo Turtle 2024-08-16
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@milkdrinker, I know, it's a lot of information to read through on this thread, so here's the bottom line, as far as I can tell:
The problem is that the pagefile is on the system drive, which is also encrypted. It's a problem with Veracrypt, not with BitDefender. Maybe if you tell Windows not to have a pagefile, that will work, and I'd be curious to know if it does. Otherwise, either put the pagefile on an unencrypted partition, or at least one that is not the system partition, or don't have a pagefile, or don't use Veracrypt lol. :) Or... pay for someone to fix the problem.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have Windows 10 with Bit Defender. The solution I choose was to not have swap/pagefile and add a lot of ram (48GB) to not have freeze because of low ram issue.
It has been maybe a year now, and I have zero problem. Of course doing that on a laptop will be harder.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I encounter 2 system lockups exactly as described by the op, the day after I fully encrypted my system drive. I have since disabled the encryption. I am running windows 11 23h2. I turned off page file and enabled it on another unencrypted partition but that did not stop it. The first time system froze up was when I clicked on show details on all processes in Process Explorer, accepted UAC elevation, and boom system froze but YouTube audio kept playing for another minute. 2nd time I was playing gta online and system froze up. system is 12700k, mx300 500gb sSD, 32 gb of ddr4. No crash dumps are writtenand system was fully stable before fde.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry, but IMO Veracrypt is useless as a system disks encryption tool. Leaving swap file on a plain partition is a big privacy hole. Installing more RAM is not possible in each case. And even you do it, you cannot be sure you get no freeze.
I am happy to use it for encrypted external disks and encrypted containers. It does fantastic work and it is multi-platform - I can access my data from any mainstream OS.
Last edit: Jacek Kubek 2024-04-10
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@jacek-kubek, I've heard of Windows writing to a partition that looks like gibberish to Windows, but in fact has a Veracrypt container, so I don't trust Veracrypt for encrypted external disks. I'd like to, though.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The incidents I seen posted on both the TrueCrypt and VeraCrypt forums regarding Windows initialing a TrueCrypt/VeraCrypt volume is when you encrypt at the disk level (i.e. Harddisk 1 ) instead of the partition level (i.e. \Device\Hardisk1\Partition1 ).
If you encrypt at the partition level of a disk, Windows does not try to be helpful by initialing the encrypted partition.
I recommend that any unmounted TrueCrypt/VeraCrypt encrypted at the disk level or encrypted at the partition level remove the Windows OS assigned drive letter to prevent Windows from being "helpful" by initializing the unmounted RAW drive/partition to make it usable to the Windows OS.
However, during major Windows OS upgrades, I have experienced long ago the Windows upgrader (might have been Win98 to ME or XP to Win7) did initialize my external encrypted partitions during a major OS upgrade.
Hence as a precaution, I now unmount all VeraCrypt volumes. Then use Windows to safely eject my external drives and physically disconnect the external drives from the PC when upgrading the OS from 22H1 to 22H2.
I have never experienced nor have I seen anyone post in the TrueCrypt/VeraCrypt forums that Windows OS initialized their file container either dismounted nor mounted.
Corruption occurring due to user error, hardware failure, PC crash or TrueCrypt/Veracrypt unable to auto-dismount on reboot/shutdown can wreak havoc on any disk, partition or file container.
If you value your data, always have frequent backups of your data due to possible hardware failure, software issues or user error which can cause loss of data and/or access to either the unencrypted drive or an encrypted disk, partition or file container.
Last edit: Enigma2Illusion 2024-04-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Concur. Just my 2c. TC user since 2004, and VC since 2018. My 20th year for this encryption system. No issues. You can read the archive of all my posts for an explanation.
Last edit: Robert iXj Smith 2024-04-12
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, so does this mean there is a chance we've got a fix incoming? Huge shout-out and thanks to the people who figured this out. This one's been bugging me or years and I am so hype for the fact we might see this fixed. I had just returned here to check one last time before decrypt and swapping provider. Think I am gonna wait a little more? But I can't wait for much longer at this point. It happens quite reliably to me (HDD), about twice a day with good hard drive use. It eats away about half an hour on many days.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm going to share my results!
I have 2 other older pc's, no issues....
But.....I migrated to a i9 pc this week and VeraCrypt is the main cause of that PC freezing up when the page file gets used, by using prime95, web browing, 7zip all at once to have the quickest crash, it just needs to jump over to use the page file if you max out the ram.
CPU = i9 14900K
Motherboard = Gigabyte GA-Z790-UD
My ram = 32GB
OS tested on, Win10 and Win11 = same results
Drives tested on = M.2 and a SSD 2.5" = same results
Latest Stable Release - 1.26.7 (Sunday October 1st, 2023)
My experiments:
1. fresh install windows, full encrypt drive, do stress test on ram = no crash
* install Avast/AVG/Bitdefender or malwarebytes and do stress test = crash
* remove antivirus program and do stress test = no crash
* install antivirus back on and disable page file and do test = no crash
* enable page file another disk and do test = no crash
* move page file back to C drive, have antivirus installed, decrypt system and do test = no crash
BTW: My system does not seem to crash with the build in anti virus from windows 10, but I don't want to use it, as I want to use AVG or whatever.
Conclusion: There have to be a bug in Veracrypt
I've googled and googled and tried everything, like disable this and do that
I've read about all the pages of this thread as well.
So in my case, Veracrypt + page file + antivirus program running = pc freeze up
Last edit: Jay 2024-04-25
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
unfortunately, the "author" of veracrypt did not understand any of this and does not know how to deal with it. all his achievements over the years have been correcting typos and other cosmetic work. the problem with veracrypt is that the project did not have and does not have a sufficiently qualified programmer. and of course, he removes any critical reviews, but this is expected from the likes of him
This language really annoys me; it's abusive toward @idrassi and also misunderstands the problem and the complexities of resolving it.
The Bitdefender analysis is largely "spot-on" - the problem is an architectural/design issue in the Veracrypt.sys filesystem driver which can - in some situations - result in a deadlock condition when Veracrypt.sys is combined with other drivers that execute their own filesystem operations. The crux of the problem is that the 'IO completion' thread in Veracrypt.sys is a singleton thread and it - when doing its work - invokes lower-level drivers in a synchronous fashion rather than scheduling certain (possibly blocking) IO asynchronously. If any other lower-level drivers also are blocked waiting on IO (in order to complete Veracrypt.sys's requests) this can grind the Windows IO stack to a halt. When lower-level drivers just happen to be 'cleanly architected' to not do their own blocking IO as part of servicing veracrypt.sys's calls, then those people have no problem with Veracrypt's OS-level FDE. But, when other hardware has differently-behaving drivers, they will forever experience random problems.
I looked at the code myself and was able to figure this out a number of years ago, but like @idrassi and the Bitdefender folks, the way to 'solve' the issue is not at all clear; basically the whole IO completion portion of Veracrypt.sys would have to be re-architected.
To be very clear, the code could be redesigned. But, in my estimation, it would require the full-time skill of a highly-qualified driver developer for probably 6 months. I'd estimate in the US that such a qualified individual could easily earn a $350,000 a year wage. Probably more. So, we're talking that @idrassi - even if he has the skills - would be sacrificing ~$175,000 or more in opportunity cost, just to help the often-abusive folks on this forum. That seems entirely unreasonable to demand from someone to just fix as a side-project, especially someone like @idrassi who is already contributing so much time out of the goodness of his heart.
In other words, please please STOP WITH THE "@idrassi is incompetent/stupid/lazy" comments, at least until you can gather a list of people who MIGHT be able to donate the ~200,000 USD to offset @idrassi's costs for such a major refactoring effort.
@idrassi wasn't the cause of this design limitation - it came from Truecrypt. So please, please, think about what you're demanding here.
👍
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
For those VeraCrypt users that are critical of the VeraCrypt project and/or the developer, be aware of the most recent post explaining his personal life and the huge limitations that will no doubt impact the future development & support of Veracrypt.
@enigma2illusion
I just received an Analysis report from Bitdefender support pertaining to their internal testing of the issue. Can I share it here or does it need to happen via PMs? It contains a zip file and a PDF.
@crbrac
Thank you for asking about posting with the ZIP and PDF files as attached files since normally I remove those posts to protect the VeraCrypt community.
I will allow the files to be posted given that these files are from BitDefender.
Before you post the files, can I ask you to run them through VirusTotal?
What file types are in the Zip file?
Last edit: Enigma2Illusion 2023-07-21
@enigma2illusion
Virus Total gave an All clear:
Zip file contents:
Last edit: crbrac 2023-07-20
@crbrac
Thank you for checking the files in VirusTotal and please post the files in this thread.
Here:
@crbrac, Wow, thanks for this. That was an excellent freebie from BitDefender, analyzing Veracrypt's code and even delivering a Proof of Concept. Fantastic. It hit on so many points.
Thank @crbrac for the time and effort taken to report this issue to BitDefender and for following up with them. Your commitment to improving VeraCrypt is deeply appreciated.
A big thank you is also due to all users who have shared their findings and suggestions about this issue over the years. Such community effort is vital to the growth and improvement of open-source software.
Of course, I must also thank the BitDefender team for taking the time to thoroughly analyze and document the system freezing issue reported by @crbrac and other users. It's great to see a security company dedicate engineering resources to help understand a problem in an open source disk encryption tool like VeraCrypt. Their detailed analysis provides very valuable insights.
The core issue is indeed an architectural limitation in the VeraCrypt driver, where pagefile I/O requests triggered from completion routines can cause deadlocks due to VeraCrypt's single-threaded IRP completion design. The BitDefender report clearly illustrates how this deadlock scenario occurs.
One obvious idea for a fix would be to rearchitect the driver to handle IRP completions with multiple threads, rather than just a single thread. This could prevent the queue from backing up and causing a system freeze. Additionally, we might explore the possibility of a timeout mechanism to prevent infinite waiting scenarios.
These changes require careful design and extensive testing to ensure we do not introduce other problems but this is a crucial step towards enhancing the stability of VeraCrypt.
Again, I want to thank @crbrac for spearheading this investigation and the BitDefender team for their time researching and documenting this complex issue. Collaboration between developers, researchers, and users is how we make open source software more robust! For sure, this analysis provides a good foundation for improving VeraCrypt and preventing this freezing problem.
I agree, this is very exciting!
Thanks Mounir for offering to look into this issue, it will need a lot of work.
Over the years I may have stumbled upon this issue. I have noticed that sometimes when you accidentally enter the wrong password for a container, VeraCrypt tries to mount it anyway and never completes with an incorrect password error. You also can’t kill the VeraCrypt process since the mounting is done via the System process (Process ID 4) and I’ve never been able to locate the relevant file handle in the System process to close the handle.
I’m not sure if the limitations of the driver are what I see what a new container is being mounted that you can’t access files on already mounted containers until the new container has been mounted. Never mind its just a limitation I’ve noticed and I simply just wait for the mounting to be complete.
@idrassi Thank you for your acknowledgement. Happy to have done my little bit. You guys (the unsung heroes) do the real deal. Like others, I also want to take this opportunity to thank you and others involved in the project for taking time and resources away from your personal lives in making our digital lives more secure.
A big thanks also to the Bitdefender team for extending their support by going beyond the call of duty.
@ehheh1000 You set the ball rolling. We could have gotten there quicker if you had your wave a tad earlier :p
Last edit: crbrac 2023-07-21
I'm very excited to see we seem to have some progress suddenly in understanding, and hopefully remediating, the freezing issue(s) !!! :-)
Thanks to everyone who contributed to the discussion and to Mounir.
Interesting to find such an issue described here + the thread being active and a source of the problem having been found only recently.
I found this thread with Google since I am also using VeraCrypt. Had a similar problem with an older computer (Win 7, system encryption and the OS and all other drives on an HDD, not SSD). Using AVG.
I thought it might have been my old computer - old CPU and the Win 7. Got the freezes mainly when gaming. And pretty random. Sometimes none in a lot of days. Then sometimes more frequent even more than twice a day. (It helped to use less RAM - letting firefox closed that uses a lot of RAM cause I have opened a lot of tabs by default.) No error log and the system's event viewer only showed that the system got not shut down normally before rebooting again. (Cause I had to hard reset/reboot.)
Now I am at Win 11 and 16 GB RAM (before that only 8 GB). Similar problem recently. Mainly when gaming. The OS is still on my HDD and the game on an SSD (also encrypted). Used an older AMD graphics card before. Now integrated graphics card from the AMD Ryzen 5 4650 G which is enough for my games. (Still faster than my old setup where I used an intel CPU.) AVG also running.
From what I have read it seems to be (also recogzied by Mounir, a VeraCrypt dev) a VeraCrypt issue related to the pagefiles? (I had enabled them in my old setup and now in the new one as well.) Might try to check if it works with disabling it (since I have 16 GB ram ... might possibly upgrade to 32).
Other than that ... patiently waiting I guess. I agree that the fix here should be developed very carefully to not introduce more/other problems.
Before I thought it as well that it was a RAM hardware issue but the RAM seens fine (new computer) and other people seem to have tested this on the previous pages. (VeraCrypt and/or AVG antivirus were my only further things that I had under suspicion.)
Thanks to all that have contributed tryint to narrow down the source of this problem.
Just to let others know that maybe Microsoft knows about this issue, because I find that Windows 11 is using the pagefile on my second internal hard drive, an HDD, instead of using the pagefile on my SSD internal drive which is running Windows. So that means, that data being saved to the pagefile is not encrypted. I think there's an option in the Group Policy Editor to make sure that Windows zeroes the pagefile before shut down. I tried freezing my system but it does not work, I think because the pagefile being used is on a different drive.
Hello. I created an account just to comment on this issue. It was occurring on my system that has Windows 10, Bitdefender, and Veracrypt system disk encryption.
I was able to resolve the issue by turning off the "Advanced Threat Defence" module in Bitdefender, as another person on this issue suggested to do. So, first of all, THANK YOU!
Here is my question. I would like to turn this module back on, if possible, by setting up an exclusion to stop bitdefender from scanning whatever is causing the issue. I believe the ATD module is important because it is where the "real time" security monitoring of Bitdefender comes from.
Does anybody know if it is possible to turn this module back on by setting up the proper exclusions? Thank you.
EDIT August 2024 -
I ended up upgrading my computer to 64GB of RAM and disabling the windows page file.
With the page file disabled, I am now able to use the full functionality of Bitdefender without Veracrypt freezing up my Windows 10 computer. Happy camper with this solution!!!!!!
Last edit: Turbo Turtle 2024-08-16
@milkdrinker, I know, it's a lot of information to read through on this thread, so here's the bottom line, as far as I can tell:
The problem is that the pagefile is on the system drive, which is also encrypted. It's a problem with Veracrypt, not with BitDefender. Maybe if you tell Windows not to have a pagefile, that will work, and I'd be curious to know if it does. Otherwise, either put the pagefile on an unencrypted partition, or at least one that is not the system partition, or don't have a pagefile, or don't use Veracrypt lol. :) Or... pay for someone to fix the problem.
I have Windows 10 with Bit Defender. The solution I choose was to not have swap/pagefile and add a lot of ram (48GB) to not have freeze because of low ram issue.
It has been maybe a year now, and I have zero problem. Of course doing that on a laptop will be harder.
I encounter 2 system lockups exactly as described by the op, the day after I fully encrypted my system drive. I have since disabled the encryption. I am running windows 11 23h2. I turned off page file and enabled it on another unencrypted partition but that did not stop it. The first time system froze up was when I clicked on show details on all processes in Process Explorer, accepted UAC elevation, and boom system froze but YouTube audio kept playing for another minute. 2nd time I was playing gta online and system froze up. system is 12700k, mx300 500gb sSD, 32 gb of ddr4. No crash dumps are writtenand system was fully stable before fde.
Sorry, but IMO Veracrypt is useless as a system disks encryption tool. Leaving swap file on a plain partition is a big privacy hole. Installing more RAM is not possible in each case. And even you do it, you cannot be sure you get no freeze.
I am happy to use it for encrypted external disks and encrypted containers. It does fantastic work and it is multi-platform - I can access my data from any mainstream OS.
Last edit: Jacek Kubek 2024-04-10
@jacek-kubek, I've heard of Windows writing to a partition that looks like gibberish to Windows, but in fact has a Veracrypt container, so I don't trust Veracrypt for encrypted external disks. I'd like to, though.
@ehheh1000
The incidents I seen posted on both the TrueCrypt and VeraCrypt forums regarding Windows initialing a TrueCrypt/VeraCrypt volume is when you encrypt at the disk level (i.e. Harddisk 1 ) instead of the partition level (i.e. \Device\Hardisk1\Partition1 ).
If you encrypt at the partition level of a disk, Windows does not try to be helpful by initialing the encrypted partition.
I recommend that any unmounted TrueCrypt/VeraCrypt encrypted at the disk level or encrypted at the partition level remove the Windows OS assigned drive letter to prevent Windows from being "helpful" by initializing the unmounted RAW drive/partition to make it usable to the Windows OS.
However, during major Windows OS upgrades, I have experienced long ago the Windows upgrader (might have been Win98 to ME or XP to Win7) did initialize my external encrypted partitions during a major OS upgrade.
Hence as a precaution, I now unmount all VeraCrypt volumes. Then use Windows to safely eject my external drives and physically disconnect the external drives from the PC when upgrading the OS from 22H1 to 22H2.
I have never experienced nor have I seen anyone post in the TrueCrypt/VeraCrypt forums that Windows OS initialized their file container either dismounted nor mounted.
Corruption occurring due to user error, hardware failure, PC crash or TrueCrypt/Veracrypt unable to auto-dismount on reboot/shutdown can wreak havoc on any disk, partition or file container.
If you value your data, always have frequent backups of your data due to possible hardware failure, software issues or user error which can cause loss of data and/or access to either the unencrypted drive or an encrypted disk, partition or file container.
Last edit: Enigma2Illusion 2024-04-11
Concur. Just my 2c. TC user since 2004, and VC since 2018. My 20th year for this encryption system. No issues. You can read the archive of all my posts for an explanation.
Last edit: Robert iXj Smith 2024-04-12
Hi, so does this mean there is a chance we've got a fix incoming? Huge shout-out and thanks to the people who figured this out. This one's been bugging me or years and I am so hype for the fact we might see this fixed. I had just returned here to check one last time before decrypt and swapping provider. Think I am gonna wait a little more? But I can't wait for much longer at this point. It happens quite reliably to me (HDD), about twice a day with good hard drive use. It eats away about half an hour on many days.
@idrassi
I'm going to share my results!
I have 2 other older pc's, no issues....
But.....I migrated to a i9 pc this week and VeraCrypt is the main cause of that PC freezing up when the page file gets used, by using prime95, web browing, 7zip all at once to have the quickest crash, it just needs to jump over to use the page file if you max out the ram.
CPU = i9 14900K
Motherboard = Gigabyte GA-Z790-UD
My ram = 32GB
OS tested on, Win10 and Win11 = same results
Drives tested on = M.2 and a SSD 2.5" = same results
Latest Stable Release - 1.26.7 (Sunday October 1st, 2023)
My experiments:
1. fresh install windows, full encrypt drive, do stress test on ram = no crash
* install Avast/AVG/Bitdefender or malwarebytes and do stress test = crash
* remove antivirus program and do stress test = no crash
* install antivirus back on and disable page file and do test = no crash
* enable page file another disk and do test = no crash
* move page file back to C drive, have antivirus installed, decrypt system and do test = no crash
BTW: My system does not seem to crash with the build in anti virus from windows 10, but I don't want to use it, as I want to use AVG or whatever.
Conclusion: There have to be a bug in Veracrypt
I've googled and googled and tried everything, like disable this and do that
I've read about all the pages of this thread as well.
So in my case, Veracrypt + page file + antivirus program running = pc freeze up
Last edit: Jay 2024-04-25
This language really annoys me; it's abusive toward @idrassi and also misunderstands the problem and the complexities of resolving it.
The Bitdefender analysis is largely "spot-on" - the problem is an architectural/design issue in the Veracrypt.sys filesystem driver which can - in some situations - result in a deadlock condition when Veracrypt.sys is combined with other drivers that execute their own filesystem operations. The crux of the problem is that the 'IO completion' thread in Veracrypt.sys is a singleton thread and it - when doing its work - invokes lower-level drivers in a synchronous fashion rather than scheduling certain (possibly blocking) IO asynchronously. If any other lower-level drivers also are blocked waiting on IO (in order to complete Veracrypt.sys's requests) this can grind the Windows IO stack to a halt. When lower-level drivers just happen to be 'cleanly architected' to not do their own blocking IO as part of servicing veracrypt.sys's calls, then those people have no problem with Veracrypt's OS-level FDE. But, when other hardware has differently-behaving drivers, they will forever experience random problems.
I looked at the code myself and was able to figure this out a number of years ago, but like @idrassi and the Bitdefender folks, the way to 'solve' the issue is not at all clear; basically the whole IO completion portion of Veracrypt.sys would have to be re-architected.
To be very clear, the code could be redesigned. But, in my estimation, it would require the full-time skill of a highly-qualified driver developer for probably 6 months. I'd estimate in the US that such a qualified individual could easily earn a $350,000 a year wage. Probably more. So, we're talking that @idrassi - even if he has the skills - would be sacrificing ~$175,000 or more in opportunity cost, just to help the often-abusive folks on this forum. That seems entirely unreasonable to demand from someone to just fix as a side-project, especially someone like @idrassi who is already contributing so much time out of the goodness of his heart.
In other words, please please STOP WITH THE "@idrassi is incompetent/stupid/lazy" comments, at least until you can gather a list of people who MIGHT be able to donate the ~200,000 USD to offset @idrassi's costs for such a major refactoring effort.
@idrassi wasn't the cause of this design limitation - it came from Truecrypt. So please, please, think about what you're demanding here.
@user-404
No Mounir does not delete/remove the posts. I do as the moderator.
I expect users to provide constructive feedback and I often remove the snarky, insult or personal attacks posts from the forum.
PS: I deleted your post.
To add to @accwebs post.
For those VeraCrypt users that are critical of the VeraCrypt project and/or the developer, be aware of the most recent post explaining his personal life and the huge limitations that will no doubt impact the future development & support of Veracrypt.
https://sourceforge.net/p/veracrypt/discussion/general/thread/6d0c0dfdc8/#ab89
If you cannot accept these limitations, then the time has come for you to find a different encryption software that will meet your expectations.