Solved

emet crashing IE 10

Posted on 2014-10-24
5
2,386 Views
Last Modified: 2014-11-03
Hello we just updated our users to IE 10 and Emet crashes IE

EMET detected Caller mitigation and will close the application: IEXPLORE.EXE

Caller check failed:
  Application       : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  User Name       :
  Session ID       : 1
  PID             : 0xD40 (3392)
  TID             : 0x3F0 (1008)
  API Name       : ntdll.NtAllocateVirtualMemory
  ReturnAddress       : 0x6838F5E8
  CalledAddress       : 0x77CDFAC0
  StackPtr       : 0x0293F120

 The odd thing this started on all the computers after a few hours of use. Has anyone ever seen this ?
0
Comment
Question by:Steelers4life
  • 2
  • 2
5 Comments
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 40403450
Do check out the forum to feedback as most of time may be the plugin (like flash or recent add on plugin, if any) in or background AV on demand contributing this, another quick means is to try disabling just EAF & Stack Pivot (not EAF+) and it has worked for most (including other using IE11 on Windows 7 32)
https://social.technet.microsoft.com/Forums/security/en-US/d1ff5dad-9d92-4b95-87ec-c026a69663fc/ie-10-crash-with-emet-5?forum=emet

also note - Apparently the design decision was made in EMET 5 to disable Flash for the internet zone. I rather turn it on and have ActiveX filtering disable Flash except for a few select websites. probably has to drill the EMET v5 default disabling ...

https://social.technet.microsoft.com/Forums/security/en-US/0902e272-40b4-4fdd-8a1d-f6f98a17e67f/emet-50-tp-ie-11-flash-broken?forum=emet
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 40404415
We've seen EMET 5.0 crashing, but not 4.1, but only when our 64-bit users close IE or Office mostly, the applications simply restart.the programs thinking they didn't exit cleanly. We tried disabling EAF, EAF+ and Stack Pivot. I'm not sure why, so we've had to stick to 4.1 so far for our 64-bit users.
-rich
0
 
LVL 9

Author Comment

by:Steelers4life
ID: 40405073
Thanks we removed it to stop the bleeding. We were using 4.1 on 64 bit maxhines
0
 
LVL 62

Expert Comment

by:btan
ID: 40405525
thanks for sharing, meanwhile, there is a unpatched zero day CVE-2014-6352 which MS advisory stated EMETv5 as workard using the ASR (for flash*.ocx;packager.dll) - it disabled EAF, EAF+ & Stack Pivot for "dllhost.exe" but enabled them for the "POWERPNT.EXE". There is UAC enabled as well. You may want to take note for decision making in this period of exposure
https://technet.microsoft.com/en-us/library/security/3010060.aspx
0
 
LVL 9

Author Closing Comment

by:Steelers4life
ID: 40419670
Neither of these really solved the problem but I give credit to anyone that helps.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
OfficeMate Freezes on login or does not load after login credentials are input.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question