td47 Posted September 27, 2016 ID:1064171 Share Posted September 27, 2016 When I try to download a legitimate PDF file from the Microsoft Publications site, using the inbuilt PDF reader, as soon as I click the download button to invoke the actual Adobe Reader (to handle the download hand-off and read for proper save dialogue) I get a ROP error from MBAE and Chrome is forced to exit with a crash. Please advise. MBAE User folder attached. MWB_AE_USER_FOLDER.zip Link to post Share on other sites More sharing options...
Staff Rsullinger Posted September 27, 2016 Staff ID:1064241 Share Posted September 27, 2016 Hello Td47, I want to have you collect me some system diagnostic logs as well so I can see what would be causing this for you. To do this, I am going to have you run a tool called FRST that will collect the information I need. Use these instructions to grab the logs: 1: Please download FRST from the link below and save it to your desktop: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ 2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears. 3: Click the Scan button 4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply. Link to post Share on other sites More sharing options...
td47 Posted September 27, 2016 Author ID:1064302 Share Posted September 27, 2016 Hello, thanks for quick reply. Here are the logs in a ZIP file. FRST_LOGS.zip Link to post Share on other sites More sharing options...
Staff Rsullinger Posted September 28, 2016 Staff ID:1064449 Share Posted September 28, 2016 Hello Td47, It seems like this may be a conflict with your Trusteer endpoint protection. All we need to do to make these two programs play nice is to just make a change in anti-exploit. In the tray icon, find the anti-exploit icon (it will be an orange shield) and open it up. From there, go to the settings tab and click on the advanced settings button. Go to to OS bypass tab and uncheck the chrome browser settings for 'call ROP 32" and 'Call ROP 64'. Then, go to the advanced memory protection an disable the malicious return address detection for chrome. Once you do that, try it again and see if it fixes the issue. Link to post Share on other sites More sharing options...
td47 Posted September 29, 2016 Author ID:1064542 Share Posted September 29, 2016 Hello Rsullinger, thanks for quick reply and fix. I tried it, and it all works fine. Excellent and accurate support, many thanks. By the way, If MBAE gets an update, will my altered advanced settings go back to default, or be preserved? Link to post Share on other sites More sharing options...
td47 Posted September 29, 2016 Author ID:1064551 Share Posted September 29, 2016 Hello again, sorry, I have just been playing around with the MS EDGE browser, as I recently got updated to the latest Anniversary Edition of W10. I wanted to look at the extensions, as those are now available for the AE updated EDGE. However, with MBAE active, it crashes every time with an error code 0xc000041d (Unhandled Exception I believe). Here is the event log output for it. " Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786 Faulting module name: edgehtml.dll, version: 11.0.14393.187, time stamp: 0x57cf9fea Exception code: 0xc000041d Fault offset: 0x000000000046c360 Faulting process ID: 0x14f8 Faulting application start time: 0x01d21a0818c54e6e Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll Report ID: fd3f1542-0310-4c8a-b55f-ffceb310129f Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: MicrosoftEdge " Note that I cannot do the ROP stuff under advanced for EDGE specifically, only in the premium product, so I have had to disable/stop it each time I want to use EDGE. Would you prefer me to raise a new topic for this on the forum - or maintain this as a common problem and fix for ROP interaction and unhandled exceptions? Link to post Share on other sites More sharing options...
Staff Rsullinger Posted September 29, 2016 Staff ID:1064650 Share Posted September 29, 2016 Hello TD47, We can keep this in here, I do not have a problem with that. I want to confirm first that the update didn't have any affect on this by doing a re-install of the program. Now this will revert the other issue that is occurring, but we can just apply the fixes once we do re-install. Can you remove the program from programs and features and once you do, use this program here to make sure the files are removed completely: https://forums.malwarebytes.org/topic/177164-how-to-remove-mbae-leftovers-after-uninstall/ After you do that, reboot the computer and download the latest version of the program from this link: https://downloads.malwarebytes.org/file/mbae Link to post Share on other sites More sharing options...
td47 Posted September 30, 2016 Author ID:1064727 Share Posted September 30, 2016 Hello, I downloaded from the link give, to check the level, as I updated an earlier version to this one (1.08.1.2572) on 20th August. Do I really need to do the uninstall then run cleanup batch? I will certainly do it if needed. Please see screen-shot and advise. Link to post Share on other sites More sharing options...
Staff Rsullinger Posted September 30, 2016 Staff ID:1064796 Share Posted September 30, 2016 Hello TD47, That is correct. I just wanted to try just doing a clean re-install to see if the issue persists. If it does, then I will need to get you to run some diagnostic logs that will show why edge is crashing in that way. Link to post Share on other sites More sharing options...
td47 Posted October 1, 2016 Author ID:1064897 Share Posted October 1, 2016 Hello, I followed your advice, (uninstalled MBAE, ran the batch file as admin, rebooted, re-installed the latest MBAE). All went well, no errors during the process. I re-tested the EDGE browser, and all is well, for both manual call, search, URL, tabs etc, plus a test for Cortana hand-off to EDGE, all good. I also re-tested the same, with the Chrome ROP un-ticked settings in the Advanced tab (as recommended for the previous problem), all still good. Many thanks for excellent support. Link to post Share on other sites More sharing options...
Staff Rsullinger Posted October 3, 2016 Staff ID:1065207 Share Posted October 3, 2016 Hello TD47, Perfect! Let me know if the issue returns. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now