Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

emet crashing IE 10

Posted on 2014-10-24
5
Medium Priority
?
2,703 Views
Last Modified: 2014-11-03
Hello we just updated our users to IE 10 and Emet crashes IE

EMET detected Caller mitigation and will close the application: IEXPLORE.EXE

Caller check failed:
  Application       : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  User Name       :
  Session ID       : 1
  PID             : 0xD40 (3392)
  TID             : 0x3F0 (1008)
  API Name       : ntdll.NtAllocateVirtualMemory
  ReturnAddress       : 0x6838F5E8
  CalledAddress       : 0x77CDFAC0
  StackPtr       : 0x0293F120

 The odd thing this started on all the computers after a few hours of use. Has anyone ever seen this ?
0
Comment
Question by:Steelers4life
  • 2
  • 2
5 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 40403450
Do check out the forum to feedback as most of time may be the plugin (like flash or recent add on plugin, if any) in or background AV on demand contributing this, another quick means is to try disabling just EAF & Stack Pivot (not EAF+) and it has worked for most (including other using IE11 on Windows 7 32)
https://social.technet.microsoft.com/Forums/security/en-US/d1ff5dad-9d92-4b95-87ec-c026a69663fc/ie-10-crash-with-emet-5?forum=emet

also note - Apparently the design decision was made in EMET 5 to disable Flash for the internet zone. I rather turn it on and have ActiveX filtering disable Flash except for a few select websites. probably has to drill the EMET v5 default disabling ...

https://social.technet.microsoft.com/Forums/security/en-US/0902e272-40b4-4fdd-8a1d-f6f98a17e67f/emet-50-tp-ie-11-flash-broken?forum=emet
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 40404415
We've seen EMET 5.0 crashing, but not 4.1, but only when our 64-bit users close IE or Office mostly, the applications simply restart.the programs thinking they didn't exit cleanly. We tried disabling EAF, EAF+ and Stack Pivot. I'm not sure why, so we've had to stick to 4.1 so far for our 64-bit users.
-rich
0
 
LVL 9

Author Comment

by:Steelers4life
ID: 40405073
Thanks we removed it to stop the bleeding. We were using 4.1 on 64 bit maxhines
0
 
LVL 65

Expert Comment

by:btan
ID: 40405525
thanks for sharing, meanwhile, there is a unpatched zero day CVE-2014-6352 which MS advisory stated EMETv5 as workard using the ASR (for flash*.ocx;packager.dll) - it disabled EAF, EAF+ & Stack Pivot for "dllhost.exe" but enabled them for the "POWERPNT.EXE". There is UAC enabled as well. You may want to take note for decision making in this period of exposure
https://technet.microsoft.com/en-us/library/security/3010060.aspx
0
 
LVL 9

Author Closing Comment

by:Steelers4life
ID: 40419670
Neither of these really solved the problem but I give credit to anyone that helps.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
Suggested Courses

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question