I survived a scary Blue Screen of Death, the dreaded Kernel Security Check Failure. Here's how.

Blue is one of my favorite colors, but when it takes over my entire screen, I start to panic . . . and for good reason. The Windows Blue Screen of Death (BSOD) appears suddenly when your computer crashes and leaves you with two gripping questions: "why did this happen" and "will it happen again?"

Last week, my computer hit me with the blue screen of death shown at the top of this page, a Kernel Security Check Failure, and my monitor wasn't the only one wearing a frown. I got this BSOD twice, both times when I started playing a video in my browser. 

The first time, I actually had some weird wavy lines in my web browser before it happened. The second time, which occurred a couple of days later, everything was cool but I had just started playing something on Netflix when it hit me. I was using Windows 10, but this same BSOD can occur on Windows 11 as well.

Solving Kernel Security Check Failure BSOD

I started to think that this is not a fluke and I need to do something to remedy the situation so I followed the steps one usually takes when trying to fix a Windows BSOD. First, I searched for the specific error "Kernel Security Check Failure," and I did not find any official documentation from Microsoft, but rather a series of forum posts on answers.microsoft.com and other forums and social media. 

Unfortunately, it seems that this error could be caused by a lot of different things, which range from hardware failure to corrupt files to bad drivers or even malware. So I tried a few different things before settling on a solution.

1. Boot into Safe Mode

The good news is that my computer wasn't bricked. It rebooted and let me resume doing things as normal. However, I had to act quickly to solve the problem, because I didn't want to be plagued with more BSODs.

The best place to do your research and diagnosis is in Windows Safe mode. Safe mode runs Windows with minimal drivers and apps preloaded so a crash is less likely. 

If you're going to download software or read about your problem on websites while you try to fix it, it's best to choose Safe Mode with Networking, which allows you to get online and browse the web. 

There are a few ways to boot into safe mode, but the simplest is to search for and launch "system configuration" from the Windows search menu. Select "Safe boot" and Network on the Boot tab, then click OK. Restart the computer.

You'll know you're in Safe Mode because your background will be black, and the words "safe mode" will be watermarked on the screen's corners. The one drawback to this method of launching Safe Mode is that, in order to prevent the PC from booting into Safe Mode in the future, you need to go back to System Configuration and select "Normal startup" on the General tab.

Other ways to launch Safe mode: launch Advanced Startup from the Settings menu, or hit F8 on booting (if it's possible to hit it fast enough).

2. Scan for Malware

Because the word "security" is in the BSOD, Kernel Security Check Failure, the first thing I tried was scanning for malware. I use Microsoft's built-in Windows Security application as my anti-virus app, and I used it to do a quick scan, but it didn't find anything. 

I also downloaded and installed a trial version of Malware Bytes, which is also available in a free version. I find that Malware Bytes can pick up some malware which is not technically viruses that Windows Security misses. 

I ran a Malware Bytes scan and it didn't find anything significant (a couple of older files in my downloads folder were flagged, but these were data files and nothing I had edited or installed). So I determined that malware was not the cause of my Kernel Security Check Failure BSOD.

3. Scan for Disk Corruption and Corrupt Files

This is low-hanging fruit that may or may not solve your problem. If your computer has corrupted files that could be causing a BSOD. On the other hand, if your computer just had a BSOD, some files could register as corrupted as a result of the BSOD crash rather than the cause of it.

So it's good practice to do these scans, but if they find and fix errors, this is not necessarily the end of your woes. I launched an elevated command prompt (running CMD as Administrator) and ran the following commands.

chkdsk c:
sfc /scannow

My system didn't really find anything. SFC /scannow did claim to fix some corrupted files, but it does that almost every time I run it, even if I haven't had a BSOD.

I also tried DISM, which detects problems with the windows image.

DISM /Online /Cleanup-Image /CheckHealth

It didn't detect any errors in my case. However, if it had, I could follow up with the following command, which is supposed to fix them.

DISM /Online /Cleanup-Image /RestoreHealth

4. Check Recent Updates, Software Installs and Drivers

If you just started getting BSODs, there's a good chance the problem was caused by something you recently installed: an app, a driver, a Windows update or even a peripheral. 

First, I checked my list of apps, sorted by date of install to see if there was anything suspicious on the list. You can get there by navigating to Settings->Apps & features and sorting by install date. 

Nothing on the app install list stood out to me. Next, I checked my Windows update history, available under Settings->Windows Update->View update history, but all of the updates were from a month ago and the BSODs had only just started. Note that the screenshot below shows three updates I did after I fixed the BSOD problem.

Checking driver dates is a little more difficult because I don't know of any Windows menu that makes it easy to see all drive installs sorted by date. You can go to Device Manager, right click on individual devices such as the graphics card, select properties and then look for the Driver Date under the Driver tab. 

However, this process isn't perfect because the date here is the release date for that driver, not the date that you installed it.

Another way to check driver dates is to look at any utility software you have. So, if you have GeForce Experience for your Nvidia graphics card, that will also have the driver date and version displayed.

Whatever the case, I didn't see any new drivers with dates that were within the last week or so before the BSODs started.

5. Check Bluescreen View

My next step was to run Bluescreen View, a free utility from NirSoft which reads your minidump files -- the log files that Windows generates when it gets a BSOD -- and helps you understand them. The top pane of the BlueScreenView window shows the name of the dump file and the exact crash time while the bottom pane shows a list of system files (dll, sys, exe) that were in use.

I loaded up Bluescreen View and, lo and behold, I saw two files in the bottom pane highlighted in red to show that they failed: ntoskrnl.exe and dxgkrnl.sys. I googled these files to learn more about what they do.

Ntoskrnl, is a big part of the OS but apparently it fails when there are memory issues, which could be due to a driver or due to a physical fault in memory. Dxgkrnl.sys is related to the graphics card -- the dxg stands for DirectX graphics -- so it suggests a problem with the GPU. 

I decided that the problem was likely related to my graphics card, an Nvidia RTX 3090 Ti I have used without issue for a long time. Its driver date was December 8, 2023, which was more than a month before my BSOD, which made it seem like the driver could not be the issue.

6. Uninstall and Reinstall Graphics Driver (in my case)

Despite the fact that the graphics driver had been working successfully in my system for about a month, I decided to try completely removing and reinstalling it. Perhaps something had caused the driver to be corrupted recently. The idea of the problem being graphics related made sense to me, because the crashes occurred when I had started watching videos and, right before the first BSOD, weird wavy pink and gray lines were appearing on every web page I visited in Chrome browser. 

To uninstall a graphics driver properly, you need to completely remove it using a free tool called DDU (Display Driver Uninstaller). Simply using Windows' built-in uninstall tools will leave remnants of the driver behind which could remain in place even after you reinstall.

We have a complete guide to uninstalling graphics drivers using DDU elsewhere. However, in short, what you need to do is download DDU , install it and launch it. Then select GPU from the Device type menu and click Clean and restart.

Your computer will then complete the uninstall process and restart. From there, you can download and reinstall the drivers.

In my case, I found that using DDU to uninstall my graphics driver and then using Nvidia GeForce experience to install it fresh was the solution to my problems. Since doing the reinstall, I haven't experienced a single BSOD (and no wavy lines either). I have no idea how my graphics driver became corrupted, but this reinstall seems to have fixed it. Note that the driver that GeForce Experience reinstalled was the same exact version (December 8th) that I had before.

If you experience a Kernel Security Check Failure BSOD, the cause of your problem may not be the same as mine. It could be something other than your graphics driver. That's why it's important to follow a process like the one I did. For more help, check out our article on how to fix a Blue a Screen of Death, which explains how to diagnose any BSOD, not just a Kernel Security Check Failure.