secured2k 2 Posted February 12 Share Posted February 12 After upgrading to Microsoft Edge 110, Edge will crash with Web Application filtering enabled. Issue did not happen with MS Edge 109. Environment is W11, 22H2 with January Updates. All VBS features enabled. ESET Endpoint Security 10.0.2034. Also reported on the home version products. I attached a debugger and found the crash appears with an ESET module, "eOppMonitor". This module appears to be associated with web filtering (Enable Application Protocol Content Filtering). Possible options until it is fixed with an update: Turn off the filtering feature. Revert to Edge 109 Enable web filtering (Including TLS) exceptions for affected applications like msedge.exe Enable Secure browser for all browser windows (this appears to load the browser in a VM and somehow avoids the crash). Technical: ExceptionAddress: 00007ff994a6f0f8 (msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+0x000000000000039c) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 000000000000001a Attempt to write to address 000000000000001a FAULTING_THREAD: 00002e2c PROCESS_NAME: msedge.exe IMAGE_VERSION: 110.0.1587.41 IMAGE_NAME: msedge.dll FAILURE_BUCKET_ID: NULL_CLASS_PTR_WRITE_c0000005_msedge.dll!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback OS_VERSION: 10.0.22621.1 BUILDLAB_STR: ni_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 SYMBOL_NAME: msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+39c MODULE_NAME: msedge 00000083`f2bfde60 00007ffa`3d617a4a : 00000083`f2bfe048 00000083`f2bfe048 00000000`0000001c 80000000`00000020 : msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+0x39c 00000083`f2bfdfa0 00007ff9`982b512e : 00000083`f2bfe140 00000000`00000001 00000083`f2bfe238 0000339c`0e5a94c0 : eOppMonitor+0x17a4a 00000083`f2bfe000 00007ff9`93b271f1 : 00000000`00000000 00007ff9`93b27165 00007ff9`9cf1c582 00007ff9`9d38165c : msedge!prerender::NoStatePrefetchManager::AddPrerenderForNtp+0x140 00000083`f2bfe210 00007ff9`936b4f3a : 00000000`00000000 00000000`00000000 0000339c`08393bf0 00000449`bc10f6c0 : msedge!prerender::PrerenderNtpManager::AddPrerenderInternal+0x71 00000083`f2bfe260 00007ff9`924301ac : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!IdleManager::NotifyIdleStateChanged+0x12a 00000083`f2bfe320 00007ff9`915a0477 : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!base::RepeatingTimer::RunUserTask+0x4c 00000083`f2bfe350 00007ff9`909a451e : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!base::internal::DelayTimerBase::OnScheduledTaskInvoked+0x37 00000083`f2bfe390 00007ff9`909a1fe6 : 00000000`00000001 00000083`f230a000 00000000`00000001 00007ffa`59b578c8 : msedge!base::TaskAnnotator::RunTaskImpl+0x1ee 00000083`f2bfe4e0 00007ff9`909b67e7 : aaaaaaaa`aaaaaaaa 00005dec`00222b01 00005dec`00278500 00005dec`00278500 : msedge!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl+0x666 00000083`f2bfe7d0 00007ff9`92091792 : 00000083`f2bfebd8 0000006d`c2f2e8a7 0000c360`c58e64e3 00000000`00000001 : msedge!base::MessagePumpForUI::DoRunLoop+0x857 00000083`f2bfeb50 00007ff9`92a38020 : 00005dec`00238320 00000083`f2bfecf0 00000083`f2bfed98 00007ff9`912bb7e3 : msedge!base::MessagePumpWin::Run+0x82 00000083`f2bfebb0 00007ff9`9288bdd3 : 00000000`00000000 00000000`00000178 00000083`0000002f 0000c360`c58e63d3 : msedge!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run+0x100 00000083`f2bfec40 00007ff9`92736ae0 : 00000000`00000000 00000000`00000000 00000000`00000000 0000006d`c2f2e898 : msedge!base::RunLoop::Run+0x143 00000083`f2bfed70 00007ff9`927367b9 : 00000083`f2bfef20 00007ff9`929f9b40 0000339c`00034088 00000000`0000001c : msedge!content::BrowserMainLoop::RunMainMessageLoop+0x9a 00000083`f2bfede0 00007ff9`927360a9 : 00000000`00000000 00007ff9`9d399218 00000000`00000018 00000000`00000000 : msedge!content::BrowserMain+0xa4 00000083`f2bfee90 00007ff9`927355e8 : aaaaaaaa`aaaaaaaa 0000aaaa`aaaaaaaa 00007ff9`9c725790 00007ff6`00000001 : msedge!content::RunBrowserProcessMain+0xd2 00000083`f2bfef90 00007ff9`926e593a : 00000083`f2bff140 00007ff9`926e422c 00000000`001e001c 0000027d`862473b0 : msedge!content::ContentMainRunnerImpl::RunBrowser+0x4be 00000083`f2bff0f0 00007ff9`926e4dd1 : 00005dec`00238320 0000c360`c58e7e63 aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!content::ContentMainRunnerImpl::Run+0x31a 00000083`f2bff230 00007ff9`926e3445 : 00007ff6`219c0000 00006ebc`0027c140 00000083`f2bff530 0000027d`86204d60 : msedge!content::ContentMain+0x21f 00000083`f2bff450 00007ff6`21a7f5c8 : 00007ff6`21cd05a0 00007ff9`926e31a0 00000000`21cd0500 00006ebc`002702a0 : msedge!ChromeMain+0x2a5 00000083`f2bff630 00007ff6`21a7c623 : 00000000`0027c100 aaaaaaaa`aaaaaaaa 00006ebc`0027c140 0000006d`c2e4ee52 : msedge_exe!MainDllLoader::Launch+0x392 00000083`f2bff8c0 00007ff6`21b3aee2 : 00000000`00000000 00007ff6`21b3af59 00000000`00000000 00000000`00000000 : msedge_exe!wWinMain+0x468 00000083`f2bffdc0 00007ffa`59cf26bd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msedge_exe!__scrt_common_main_seh+0x106 00000083`f2bffe00 00007ffa`5b08dfb8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1d 00000083`f2bffe30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x28 Link to comment Share on other sites More sharing options...
secured2k 2 Posted February 12 Author Share Posted February 12 Further testing found the issue is something in the new update for Edge may be trying to query or access sites ESET considers a secure banking or payment site. ESET detects the attempt and tries to read the website that was opened in a tab, but since the website was not in a tab/address bar, no data is presented to the programs - which results in a crash. This also could be ESET trying to close the Edge browser window that needed to be redirected but also does not exist. It looks like the product needs some improvement with compatibility with whatever Edge/Chromium is doing now as well as some additional validation (corrected coding/programming) to prevent redirection failure. The current work around is to disable the Automatic Redirection if enabled under the Secure browser settings. See the image below from ESET Endpoint Security, under Web and Email, Secure Browser Settings. Note: The list is maintained by ESET so it may be possible for them to fix or disable the feature in an automatic module update (Secure Browser module, v1294, Jan 10, 2023). FRiC 1 Link to comment Share on other sites More sharing options...
jatclake999 0 Posted February 12 Share Posted February 12 Same issue today with Edge crashing. Followed the above solution and this has solved it. ESET need to advise when fix is available as running with redirection turned off Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,083 Posted February 13 ESET Moderators Share Posted February 13 Hello guys, The dev team is on it. I can confirm that we see multiple reports of the issue, but the scenario does lead to crash in all cases. I’m unable to reproduce it with MS Edge 110.0.1587.41 myself. Link to comment Share on other sites More sharing options...
ESET Moderators Solution Peter Randziak 1,083 Posted February 13 ESET Moderators Solution Share Posted February 13 The dev team decided to disable Protected websites redirection feature for Chrome and MS Edge browsers, until the issue is resolved in order to prevent the browsers crashes. The change will be distributed via an Rapid response module update (probably with version 21778). After the automatic update, the Chrome and MS Edge won't crash anymore, but the Protected websites redirection feature will not work until we release the full fix. Disabling the Protected websites redirection feature resolves the issue. Another way to resolve the issue is to use the Secure all browsers option. We apologize for the inconvenience caused by this issue. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,083 Posted February 14 ESET Moderators Share Posted February 14 The issue is fixed in the Banking & payment protection module 1296. As of now it is available on pre-release update channel, full release is expected during the next week if no issues will be reported. The Protected websites redirection feature for Chrome and MS Edge browsers will be enabled back with the module update. The browsers restart is required after the module update to apply the fix. Peter on behalf of the teams involved FRiC 1 Link to comment Share on other sites More sharing options...
dg1113 0 Posted March 22 Share Posted March 22 Where can I find "Protected websites redirection feature" to disable? I cannot find it. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted March 23 Administrators Share Posted March 23 1 hour ago, dg1113 said: Where can I find "Protected websites redirection feature" to disable? I cannot find it. This was done automatically for the affected version of Chrome and Edge. In general, redirection is disabled by default by enabling Secure all browsers: Link to comment Share on other sites More sharing options...
Recommended Posts