Jump to content

MBAE crashes Chrome when PDF download attempted


Recommended Posts

When I try to download a legitimate PDF file from the Microsoft Publications site, using the inbuilt PDF reader, as soon as I click the download button to invoke the actual Adobe Reader (to handle the download hand-off and read for proper save dialogue) I get a ROP error from MBAE and Chrome is forced to exit with a crash. Please advise. MBAE User folder attached.

MWB_AE_USER_FOLDER.zip

Link to post
Share on other sites

Hello Td47,

 

I want to have you collect me some system diagnostic logs as well so I can see what would be causing this for you. To do this, I am going to have you run a tool called FRST that will collect the information I need. Use these instructions to grab the logs:

1: Please download FRST from the link below and save it to your desktop:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears.

3: Click the Scan button

4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
 

Link to post
Share on other sites

Hello Td47,

 

It seems like this may be a conflict with your Trusteer endpoint protection. All we need to do to make these two programs play nice is to just make a change in anti-exploit. In the tray icon, find the anti-exploit icon (it will be an orange shield) and open it up. From there, go to the settings tab and click on the advanced settings button. Go to to OS bypass tab and uncheck the chrome browser settings for 'call ROP 32" and 'Call ROP 64'. Then, go to the advanced memory protection an disable the malicious return address detection for chrome. 


Once you do that, try it again and see if it fixes the issue. 

Link to post
Share on other sites

Hello Rsullinger, thanks for quick reply and fix. I tried it, and it all works fine. Excellent and accurate support, many thanks.

By the way, If MBAE gets an update, will my altered advanced settings go back to default, or be preserved?

Link to post
Share on other sites

Hello again, sorry, I have just been playing around with the MS EDGE browser, as I recently got updated to the latest Anniversary Edition of W10. I wanted to look at the extensions, as those are now available for the AE updated EDGE.  However, with MBAE active, it crashes every time with an error code 0xc000041d (Unhandled Exception I believe).

Here is the event log output for it.

"

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: edgehtml.dll, version: 11.0.14393.187, time stamp: 0x57cf9fea
Exception code: 0xc000041d
Fault offset: 0x000000000046c360
Faulting process ID: 0x14f8
Faulting application start time: 0x01d21a0818c54e6e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report ID: fd3f1542-0310-4c8a-b55f-ffceb310129f
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

"

Note that I cannot do the ROP stuff under advanced for EDGE specifically, only in the premium product, so I have had to disable/stop it each time I want to use EDGE.

Would you prefer me to raise a new topic for this on the forum - or maintain this as a common problem and fix for ROP interaction and unhandled exceptions?

Link to post
Share on other sites

Hello TD47,

 

We can keep this in here, I do not have a problem with that. I want to confirm first that the update didn't have any affect on this by doing a re-install of the program. Now this will revert the other issue that is occurring, but we can just apply the fixes once we do re-install. Can you remove the program from programs and features and once you do, use this program here to make sure the files are removed completely:

 

https://forums.malwarebytes.org/topic/177164-how-to-remove-mbae-leftovers-after-uninstall/

 

After you do that, reboot the computer and download the latest version of the program from this link:

 

https://downloads.malwarebytes.org/file/mbae

 

Link to post
Share on other sites

Hello, I downloaded from the link give, to check the level, as I updated an earlier version to this one (1.08.1.2572) on 20th August. Do I really need to do the uninstall then run cleanup batch? I will certainly do it if needed. Please see screen-shot and advise.

Malwarebytes Anti-Exploit FreeVersionPIC.jpg

Link to post
Share on other sites

Hello, I followed your advice, (uninstalled MBAE, ran the batch file as admin, rebooted, re-installed the latest MBAE). All went well, no errors during the process. I re-tested the EDGE browser, and all is well, for both manual call, search, URL, tabs etc, plus a test for Cortana hand-off to EDGE, all good. I also re-tested the same, with the Chrome ROP un-ticked settings in the Advanced tab (as recommended for the previous problem), all still good. Many thanks for excellent support.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.