Solved

emet crashing IE 10

Posted on 2014-10-24
5
2,325 Views
Last Modified: 2014-11-03
Hello we just updated our users to IE 10 and Emet crashes IE

EMET detected Caller mitigation and will close the application: IEXPLORE.EXE

Caller check failed:
  Application       : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  User Name       :
  Session ID       : 1
  PID             : 0xD40 (3392)
  TID             : 0x3F0 (1008)
  API Name       : ntdll.NtAllocateVirtualMemory
  ReturnAddress       : 0x6838F5E8
  CalledAddress       : 0x77CDFAC0
  StackPtr       : 0x0293F120

 The odd thing this started on all the computers after a few hours of use. Has anyone ever seen this ?
0
Comment
Question by:Steelers4life
  • 2
  • 2
5 Comments
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 40403450
Do check out the forum to feedback as most of time may be the plugin (like flash or recent add on plugin, if any) in or background AV on demand contributing this, another quick means is to try disabling just EAF & Stack Pivot (not EAF+) and it has worked for most (including other using IE11 on Windows 7 32)
https://social.technet.microsoft.com/Forums/security/en-US/d1ff5dad-9d92-4b95-87ec-c026a69663fc/ie-10-crash-with-emet-5?forum=emet

also note - Apparently the design decision was made in EMET 5 to disable Flash for the internet zone. I rather turn it on and have ActiveX filtering disable Flash except for a few select websites. probably has to drill the EMET v5 default disabling ...

https://social.technet.microsoft.com/Forums/security/en-US/0902e272-40b4-4fdd-8a1d-f6f98a17e67f/emet-50-tp-ie-11-flash-broken?forum=emet
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 40404415
We've seen EMET 5.0 crashing, but not 4.1, but only when our 64-bit users close IE or Office mostly, the applications simply restart.the programs thinking they didn't exit cleanly. We tried disabling EAF, EAF+ and Stack Pivot. I'm not sure why, so we've had to stick to 4.1 so far for our 64-bit users.
-rich
0
 
LVL 9

Author Comment

by:Steelers4life
ID: 40405073
Thanks we removed it to stop the bleeding. We were using 4.1 on 64 bit maxhines
0
 
LVL 62

Expert Comment

by:btan
ID: 40405525
thanks for sharing, meanwhile, there is a unpatched zero day CVE-2014-6352 which MS advisory stated EMETv5 as workard using the ASR (for flash*.ocx;packager.dll) - it disabled EAF, EAF+ & Stack Pivot for "dllhost.exe" but enabled them for the "POWERPNT.EXE". There is UAC enabled as well. You may want to take note for decision making in this period of exposure
https://technet.microsoft.com/en-us/library/security/3010060.aspx
0
 
LVL 9

Author Closing Comment

by:Steelers4life
ID: 40419670
Neither of these really solved the problem but I give credit to anyone that helps.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now