Jump to content

Command line tools ( like adb.exe ) fail with Exception code: 0xc0000005 when HIPS is on (Windows)

Go to solution Solved by Marcos,

Recommended Posts

Hi all,

just opened account here to share my experience and many hours wasted trying to figure out why command prompt programs (like adb.exe) would simply not work through command prompt, terminal, powershell (elevated or not) on Windows 11. For example typing adb.exe (in command promt opened in folder where Google platform tools where extracted) would give no output at all.

Checking Application logs gave me "generic" error:

Faulting application name: adb.exe, version:, time stamp: 0xbd7c0bf9
Faulting module name: unknown, version:, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x75591412
Faulting process id: 0x0x1270
Faulting application start time: 0x0x1DA76B7F8BE4DA2
Faulting application path: E:\adbV35\adb.exe
Faulting module path: unknown
Report Id: 77bc79dc-ab8a-4666-be66-d9edf2e37570
Faulting package full name: 
Faulting package-relative application ID: 

Tried everything online. Nothing helped. The system was ok but it seemed like something was preventing program from running. Today I revisited the problem for the nth time. Disabled NOD32 (again) nothing happened.

Disabled Host Intrusion Prevention System (HIPS), restarted computer, tried adb and voila - it worked. Checking HIPS log in Nod32 showed no trace of Nod blocking adb.exe form running but disabling HIPS definitely helped. It would be awesome if Nod would notify user when prevented app from running and I hope they will.

Now, I am not comfortable leaving HIPS disabled hence opening this thread hoping to find consensus on best setting to prevent silent stopping of program execution prevention and also have programs work when you start them. Also this is for all the people trying to find out why all of the sudden programs stopped working.

Please note this was not a problem with adb.exe only but with many command line tools as well. 

I will continue to explore this and edit OP with findings.

Important note: this is not a suggestion to disable HIPS. I do not think HIPS should be disabled. It is a useful tool but it should be more informative when preventing an action.



Link to comment
Share on other sites

  • Administrators

Do you have HIPS in automatic mode with no custom rules created? Does temporarily disabling only Deep Behavior Inspection make a difference?

Link to comment
Share on other sites

HIPS was in automatic mode with no custom rules created.

Restoring HIPS and disabling only Deep Behavior Inspection fix the problem. 

Link to comment
Share on other sites

Yes, enabling HIPS Deep Behavior Inspection ON and adding adb.exe to exclusion list fixed the issue. 

I am adding 2 screenshots that shows that disabling HIPS helped. The best option is to add app it to exclusion list

Just would like to point out that showing notification when HIPS prevent an app from running would be VERY helpful.

HIPS Deep Behavior Inspection ON.jpg

HIPS Deep Behavior Inspection OFF.jpg

Link to comment
Share on other sites

Just adding final screenshot for future reference.


Deep Behavior Inspection ON

adb.exe added to exclusion list


HIPS exclusion.jpg

Link to comment
Share on other sites

  • Administrators

I've reported the issue to developers. If a particular operation is blocked by a HIPS rule, it can be logged in the HIPS log. In this case it's not caused by a HIPS rule.

Please provide logs collected with ESET Log Collector.

Link to comment
Share on other sites

  • Administrators
  • Solution
On 3/15/2024 at 4:38 PM, mdkm said:

Here are log logs collected with ESET Log Collector. Hope it will help. Nothing was logged in HIPS log. When I add adb.exe to HIPS exclusions it works. When I remove it from exception list it does not work. 

Please confirm or deny if uninstalling Windhawk makes a difference.

Link to comment
Share on other sites

I can confirm that uninstalling Windhawk resolved the issue. Installed it again (with no plugins active) and the issue was there. Definitely the culprit was Widhawk. Than you very much. I will mark response above as correct solution.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...