回帖：其他要注意的问题：

1、搜集驱动前最好卸载所有当前硬件设备驱动，以免在监控搜集磁盘控制器驱动时形成干扰

2、导入如下关于Intel部分的处理：

"ErrorControl"=dword:00000001

"Group"="System Bus Extender"

"Start"=dword:00000000

"Type"=dword:00000001

"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\

52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,6e,00,74,00,65,00,6c,00,69,\

00,64,00,65,00,2e,00,73,00,79,00,73,00,00,00

"Type"=dword:00000001

"Start"=dword:00000003

"ErrorControl"=dword:00000001

"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\

52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,6e,00,74,00,65,00,6c,00,70,\

00,70,00,6d,00,2e,00,73,00,79,00,73,00,00,00

"DisplayName"="Intel Processor Driver"

"Group"="Extended Base"

可以避免Intel平台中封装的系统在AMD平台上蓝屏的问题

3、提取的Service里关于Eventlog的部分，可以删除