What is KernelFaultCheck?

KernelFaultCheck startup process puzzles users

KernelFaultCheck is the name of a process associated with a dumprep.exe file. The latter is known as Windows Error Reporting Dump Reporting Tool and is classified to legitimate Windows processes.

The command appears as a result of a system crash or serious damage to system files. In some cases, the entry appears after the system recovers from Blue Screen of death (BSOD). Dumprep.exe writes the information about an occurred issue in a text file and then urges you to send the report to Microsoft.

In some cases, users, who tend to survey their startup processes, might notice this task. Alternatively, the error might bother them by appearing every few minutes:

“Resident denied the change of KernelFaultCheck (category system Startup global entry) based on your black list.”

There are two possible explanations to the occurred system crash:

  • damaged hardware
  • malware intervention

Speaking of the latter, complex computer trojans are capable of inflicting such damage. Therefore, it is necessary to identify it and apply specific elimination measures. In that case, simply scanning the system with malware elimination is not enough. Check the section about trojans in the article about Malware to find out more information. The screenshot of KernelFaultCheck command

While usually, KernelFaultCheck is not malicious process, it might signal the presence of malware in your system, In that case, you need to scan the system with multiple security tools. In addition, you should not exclude the possibility that KernelFaultCheck might be the veneer for malware.

Regarding the rise of ransomware as well as Emotet and QakBot trojans, it is not difficult for malware developers to foist viruses in disguise of legitimate system process. You might suspect its malicious origin, if the task consumes an unusual amount of CPU, e.g., more than 30%. In that case, you need to disable the command, delete its entry from Registry Editor, and scan the system with malware elimination tool.

Command Termination

Note that legitimate version of this file is an integral element of Windows. In other words, if you notice dumprep.exe in a received email attachment, do not open it, as it is most likely corrupted.

In some cases this KernelFaultCheck command may appear after you attempt and fail to install computer games. In that case, make sure the game is not infected with malware and is compatible with the system. The image displaying KernelFaultCheck registry entry

All in all, this command is not a crucial element of the system, so you might delete it. In order to remove KernelFaultCheck fully, launch Registry Editor:

  1. Click on Windows+R, type in regedit and click OK.
  2. When it opens, go to the following location: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
  3. Find KernelFaultCheck entry, right-click on it and choose Delete.

Windows 7 users may also disable the functionality of this file:

  1. Go to Control Panel, navigate to System and then Advanced tab.
  2. Choose Settings button for Startup and Recovery.
  3. At write debugging information, expand the menu, choose (none) and click OK.
  4. Next, click the Error Reporting button and choose Disable error reporting.
  5. You may leave But notify me when critical errors occur checked. Click OK to close the window.

After you complete the steps, update your cybersecurity applications and scan the system. In this case, FortectIntego or Malwarebytes might come in handy.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions