Windows updates have not been kind to Microsoft these past few weeks. First we had the file deletion bug in the October 2018 Update and now reports are coming in that HP workstations and laptops are receiving blue screen of death (BSOD) crashes that display a WDF_VIOLATION error after installing the latest Windows 10 updates.
According to numerous comments at BleepingComputer, this crash is being caused by the C:\Windows\System32\drivers\HpqKbFiltr.sys file that is either installed or updated by this Tuesday's Cumulative Update for Windows 10 Version 1803 (KB4462919) update. Others are also reporting that the KB4462919 update is causing similar issues or that it is simply a keyboard driver update being pushed out by Microsoft.
This HpqKbFiltr.sys file is a keyboard driver and appears to be part of the HP Quick Launch Buttons software that allows you to configure various buttons to launch programs in Windows.
When users attempt to install the KB4462919 update, the HP computer will crash and display an BSOD stating "Your PC ran into a problem and needs to restart " and a stop code of WDF_VIOLATION as shown below.
Unfortunately, some BC users are reporting that they are receiving this BSOD crash and do not have the HpqKbFiltr.sys driver on their computer. For these types of users, it is not known what is currently causing their crashes.
Update 10/11/18 11:39 AM EST:
According to a post to the Microsoft forums, a support agent allegedly told a caller that this product is also affecting other systems such as Dell and that they have paused the update while they investigate the issue.
Update 10/11/18 7:11 PM EST:
When we contacted Microsoft regarding this problem, they issued this statement:
“We’re aware of reports and looking into the matter further.” – MS spokesperson
Update 10/12/18 10:20 AM EST:
Microsoft has released a support article stating that installing HP keyboard driver (version 11.0.3.1) from Windows Update is causing these WDF_VIOLATION BSOD crashes.
In working with HP, Microsoft has identified an HP driver with known incompatibility with certain HP devices on Windows 10 versions 1803 and 1809. On October 11, Microsoft removed the driver from Windows Update to reduce the number of devices affected. Additionally, we have released KB 4468304 to remove the incompatible driver from devices pending reboot. HP is actively working on this issue.
If you have installed the driver, but not yet rebooted, Microsoft is pushing out an additional update that will remove the driver.
If you are already experiencing the crashes, Microsoft suggests going into the recovery mode command prompt, described below, and using the following commands:
For 32-bit versions of Windows:
dism /Image:C:\ /Remove-Driver /Driver: C:\Windows\System32\DriverStore\FileRepository\hpqkbfiltr.inf_x86_f1527018cecbb8c2\HpqKbFiltr.inf
For 64-bit versions of Windows:
dism /Image:C:\ /Remove-Driver /Driver:c:\Windows\System32\driverstore\FileRepository\hpqkbfiltr.inf_amd64_714aca0508a80e9a\HpqKbFiltr.inf
Note: If Windows is not stored on the C: drive, replace the C: in the above commands with the appropriate drive letter.
I have updated the section below to utilize the above commands.
Fixing the WDF_VIOLATION on HP computers
To resolve the WDF_Violation blue screen crash you need to rename or delete the HpqKbFiltr.sys driver. The problem is that this conflict causes Windows 10 to crash before you can get into the operating system to remove the file.
Therefore, you need to delete it before Windows 10 starts by going into the Advanced options Command Prompt. To remove or rename the HpqKbFiltr.sys file, please follow these steps:
- When Windows starts after the crash, it should show you a recovery screen like the one below. At this screen, click on the Troubleshoot option.
- You will now be shown the Troubleshoot screen below, where you should click on the Advanced Options button.
- At the Advanced Options screen below, click on Command Prompt.
- A command prompt will now open. At this command prompt, you will need to determine what drive is associated with your computer's hard drive. To do that, switch to the different drives by issuing a command like c: or d: or e: and then pressing enter on your keyboard.
Then type dir and press enter to examine the folders to see if it looks like your C:\ drive when Windows is started normally. For me, my normal C: drive is mapped to the D: drive when in the recovery mode command prompt. - Once you have determined the drive letter, you need to remove the driver. Microsoft has stated that you can use the following commands to remove it. You should replace C: with the correct drive letter.
For 32-bit versions of Windows:
dism /Image:C:\ /Remove-Driver /Driver: C:\Windows\System32\DriverStore\FileRepository\hpqkbfiltr.inf_x86_f1527018cecbb8c2\HpqKbFiltr.inf
For 64-bit versions of Windows:
dism /Image:C:\ /Remove-Driver /Driver:c:\Windows\System32\driverstore\FileRepository\hpqkbfiltr.inf_amd64_714aca0508a80e9a\HpqKbFiltr.inf
- After you have renamed the file, type exit and reboot the computer. Windows 10 should now restart properly.
If you have any issues with this process, feel free to ask in the comments or in the forums.
BleepingComputer has contacted HP for comment on this conflict, but had not heard back at the time of this publication.
Comments
mightywiz - 6 years ago
Isn't this more HP's problem then Microsoft's. after all it is HP's software that's causing the problem for HP owners. I never liked the quick launch on HP's and have always disabled it. Just more bloat ware that's not needed and using up resources.
Kasperle - 6 years ago
The driver does not exist on my computer. But the problem still exists. I reseted the pc on the date of. 3 days ago. But still no booting up.
JohnC_21 - 6 years ago
If it's affecting other systems besides Dell as the article says then it's a Microsoft problem. Maybe it's just me but I don't remember all these issues happening on Windows 7. I don't need all the excitement so I'm passing on Windows 10. I can't take a full upgrade every 6 months with it reverting any settings and giving me things like Candy Crush, Xbox, and Mixed Reality.
potto - 6 years ago
At least on the HP machines I have seen so far with the issue, it is not just associated with 1809 as we are not releasing 1809 to our workstation base as of yet. The referenced .sys file is specific to the HP Keyboard Quick Keys driver which is being installed as part of the Microsoft Update process after the October 2018 Cumulitive update only on certain machines in our environment even if it wasn't there before.
Somethine also to note, when viewing the logs, you can see it start the install and then it fail, but the file is still installed.
badtoad - 6 years ago
I have a Toshiba Satellite with all drivers updated and was getting BSOD with 1809.I tried to find out what was causing it but my desktop kept freezing and blue screening.
KeiFeR123 - 6 years ago
Hi Lawrence, thank you for this article. I think you messaged me about this yesterday. I reverted back to 1803 after the blue screen error. It works for now :)
kernelpaniced - 6 years ago
MacOS users gotta be feeling better now with less features during each update.
KeiFeR123 - 6 years ago
MacOS users get support directly from Apple and it is easier for Apple to maintain these kinds of updates. It works if you own a Microsoft Surface computer. I owned Dell XPS15 and Microsoft Surface Pro 4. I never had that many issues on my SP4 compare to Dell XPS15.
Rockhounder1 - 6 years ago
This is affecting Asus builds too
daubac402 - 6 years ago
For anyone who has not found the HpqKbFiltr.sys to delete or rename in C:\Windows\System32\drivers\
Please check in D:\... or E:\... or F:\... if you have multiple drives.
In recovery mode, maybe the drive mapping letters is different with normal.
For me, C:\ -> D:\ and D:\ -> C:\
Good luck!
core23 - 6 years ago
You have to find which drive has it, in our company it was
C: and D: and E: on different computers. Letters in recovery mode is different.
Mkkie - 6 years ago
Great! But I already upgraded and "my doc" are gone...
Of course without back up - I have no idea I need that! And for a few days was searching on good software. Recovered with DiskInternals software (Uneraser). They have a discount for software all October. Maybe, for someone that information be helpful.
PS Back up! Doesn't matter that they fixed the bug. Don't trust them blindly.
velanr - 6 years ago
Please correct the first few paragraphs containing "Cumulative Update for Windows 10 Version 1803 update" , which is wrong. It should be "Cumulative Update for Windows 10 Version 1809 update".
72bluenova - 6 years ago
The instructions here are not 100% clear. System Restore will rename the OS drive to different letters, it can be C:\, D:\, E:\ etc you need to find which is the actual OS drive. Make sure that when selecting that drive you do not add the '\' at the end. Just do the drive letter and colon, C: or D: etc. I usually do a DIR on that drive to see all the directories in it. I can tell if I am on the OS drive or not.
Once you are in the correct drive you can follow the steps in renaming the .sys file.
Another member here, also mentioned the following, https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4464330-kb4462919-and-kb4462918-cumulative-updates-released/#cid10079
JohnC_21 -
Note: When in Recovery Mode Windows can assign a different letter to the Windows partition. You can find what letter Recovery Mode assigns to the Windows partition by using the following command at the X:\Windows\System32\ prompt.
bcdedit /enum | find "osdevice"
--EXAMPLE--
X:\WINDOWS\system32>bcdedit /enum | find "osdevice"
osdevice partition=C:
X:\WINDOWS\system32>
Lawrence Abrams - 6 years ago
Microsoft stating that it is a HP Driver issue in 1803 and 1809 causing the problem.
"In working with HP, Microsoft has identified an HP driver with known incompatibility with certain HP devices on Windows 10 versions 1803 and 1809. "
It is unknown if a cumulative update or or a standalone update is installing the driver.
https://support.microsoft.com/en-us/help/4468372/hp-devices-may-experience-blue-screen-error-wdf-violation-after-instal
h3IdIH3r3 - 6 years ago
I have lived through this disaster, but not without losing any important data. Mine started 9/24 and took approximately 10 days to get back to an acceptable place. I do have an HP and If it were not for those who work in HP Smart Friend, I would not be here to comment. My brain and logic thought process when straight to mush, I was taken by complete surprise. I wish that I had known about this site even a month ago. Mr. Abrams, I appreciate your article more than you will ever know. My A+ Cyber Sec Prof introduced me to this website just a couple days ago and I feel less ashamed than before. Heidi
gtchickadee - 6 years ago
Hi all. We have survived after this hit our HP labs at work. Some computers had the hpqkbfiltr.sys file, but others didn't and I finally can confirm a fix that worked for us: using the same method stated in the article, find \windows\system32\drivers\wd\ folder and rename the 3 files starting with WD there: WdBoot.sys WdFilter.sys and WdNisDrv.sys
Good luck!
CBTPaul - 6 years ago
For me this was my fix:
After rolling back to the restore point before the update...
1. Start Command Prompt as administrator.
2. Enter DISM.exe /Online /Cleanup-image /Restorehealth
3. Enter sfc /scannow
4. Reboot
5. Run updates again
sverhoev - 6 years ago
Same problem to one of my pc's a Prodesk 400 G4.
renaming Hpqkbfiltr.sys and the renaming the wd drivers in the folder wd is no success. BSOD changes from WDF violation to Critical Process Died.
In Windows PE environment I can't use the DISM command to remove the faulty driver or can't even delete the update KB4462919.
Anymore possibilities ?
Thatguy100000 - 6 years ago
"Same problem to one of my pc's a Prodesk 400 G4.
renaming Hpqkbfiltr.sys and the renaming the wd drivers in the folder wd is no success. BSOD changes from WDF violation to Critical Process Died.
In Windows PE environment I can't use the DISM command to remove the faulty driver or can't even delete the update KB4462919.
Anymore possibilities ?"
Did you ever find a solution to this?
hmantech - 6 years ago
Same issue on an HP ProDesk 400 G3.
Got on an infinite loop after trying to update this HP keyboard driver.
Renamed the HpqKbFiltr.sys file, and were able to boot again the system.
Thanks for your article, it was quite helpful.
QueBall - 6 years ago
Had this on 2 HP EliteDesk 800 G3 machines.
First one couldn't fix it. Had encrypted drive so recovery options limited and I did something during troubleshooting that caused it to get worse. Just formatted and reinstalled. No big deal, it's just a corporate desktop nothing complicated to get working again.
Second one the commands to remove the driver with dism worked and it's back to normal. My experience with the first one got me to the solution for the second right away.
On the first one I did some standard troubleshooting before I knew it was a common issue. Tried system restore to various restore points which didn't help but likely broke the install when I tried to roll back to the earliest point without success. That likely messed up something that the encrypted drive by rolling back before the last key exchange and it was game over to fixing on that machine.
Nice thing is both machines were enrolled with vPro management so I could repair it remotely. One was a 2 hour drive away so glad I didn't need to drive out to there to fix.
SumCanadianGuy - 6 years ago
Just had one of these wdf_violation HP computers come into the shop. I tried to run the command to remove the driver as has been documented but it could not find the specified path and thus would not work because a system restore had been started. Seeing as there was no other known solution and this would have been a wipe and reload I decided to poke around a bit and see if I could fix it another way on my own and surprised myself with success.
TL,DR to fix the wdf_violation blue screen on an HP that had a system restore done and the driver was missing I renamed c:\windows\system32\drivers\HpqKbFiltr.sys to hpqkbfiltr.old via recovery command prompt. The computer then booted into windows and completed a system restore. I checked for updates, it installed them, restarted and all was well and good.
I looked briefly but I didn't find this documented online anywhere so hopefully it helps in the future
DutchITGuy - 6 years ago
Thank you for your reply, I tried everything and this was the solution!
This fixed the problem while the Microsoft solution didn't even work.
eyez23q - 6 years ago
Just got this issue with one of my clients but the file in the dism command "c:\Windows\System32\driverstore\FileRepository\hpqkbfiltr.inf_amd64_714aca0508a80e9a\HpqKbFiltr.inf" was not present and made sure i was looking in the correct drive directory.
The fix for myself was booting into WinPE and locating the file hpqkbfiltr.sys in the C:\Windows\System32\Drivers folder and simply adding .old to the end of the extension.
This can also be done from the recovery console command prompt if you do not have WinPe handy.
Restarted and windows booted up saying it was completing updates and all was fine after that.
Currently running full updates to see what happens after they are all completed.