simplepinoi177 0 Posted May 11, 2016 Share Posted May 11, 2016 Hello. I'm new to the forum and also to using an ESET product. Please be gentle... Also, apologies if this has been discussed elsewhere before. I attempted to search and only found one thread from 2014 (Smart Security Version 7) and it wasn't quite the same problem. I am using ESET Smart Security 9.0.377.0. My computer specs are in the attached dxdiag.txt file. Problem: With HIPS activated, I launch Google Chrome, no chrome window pops up, but Windows Error Reporting comes up asking to send information to Microsoft while Google Chrome alerts that it has crashed. Both windows eventually close and that's it. I can see chrome.exe pop up in Task Manager, but half a second later disappear, alerts that it has crashed, and then no other instance of chrome.exe stays. How I know it's ESS HIPS: When I turn HIPS off and restart, chrome will work. When I turn it on, chrome will crash. Chrome will work up to the point until when I merely turn the switch on and click OK, then it will crash. Definitely crashes when I enable HIPS and restart. Pertinent notes: Other browsers work flawlessly. I have everything enabled in the “Basics” section other than Advanced Memory Scanner. Filtering mode is set to “Learning mode.” In Event Viewer, this is some of the information that is shown { Log Name: Application Source: Application Error Date: 5/11/2016 12:44:22 Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: Michael-THINK Description: Faulting application name: chrome.exe, version: 51.0.2704.36, time stamp: 0x57294d97 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000000000007009c Faulting process id: 0x24ec Faulting application start time: 0x01d1ab58c7646ae5 Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module path: unknown Report Id: 2cbe82b2-174c-11e6-ae24-e006e6b7659e } A full copy of the details in text is in the attached Event Viewer Data.txt file. Attempts at a Solution: I've tried uninstalling and installing chrome. I even removed the “User” folder in chrome’s application data folder so to start the program from scratch. I tried opening it regularly and incognito. { I’ve created a rule in the “Basics” section where the Action is set to “Allow” with Operations affecting Files, Applications, and Registry entries. Enabled, Log, and Notify User is also checked. Source applications is set to chrome.exe. It is further set/check-enabled to the settings All file operations, all files, All application operations, All applications, All registry operations, and All entries. If you must know how I set the “Advanced Setup” section, let me know and I will post that information. } I have uninstalled SSE and reinstalled it. Right-click on chrome icon, and select “Run as Administrator.” I would really love to take advantage of the security that enabling HIPS offers and would hate that the program always showing an alert that HIPS is disabled. Please, anyone, help me! If anything, to be pointed in the right direction and/or directed to the right people to try and get this resolved. Thank you so much in advanced. DxDiag.txt Event Viewer Data.txt Link to comment Share on other sites More sharing options...
Administrators Marcos 4,720 Posted May 13, 2016 Administrators Share Posted May 13, 2016 Does the problem persist after uninstalling ESS and installing it from scratch without changing any setting? Link to comment Share on other sites More sharing options...
simplepinoi177 0 Posted May 13, 2016 Author Share Posted May 13, 2016 Does the problem persist after uninstalling ESS and installing it from scratch without changing any setting? First of all, thank you for your attention on this. And yes, it still persists. And it happens from scratch as well as loading my saved configuration file. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,720 Posted May 13, 2016 Administrators Share Posted May 13, 2016 Does the problem persist after temporarily disabling self-defense and restarting the computer? Please enable logging of blocked operations in the advanced HIPS setup, clear your HIPS log, reproduce the issue and then post the records from your HIPS log here. Link to comment Share on other sites More sharing options...
simplepinoi177 0 Posted May 14, 2016 Author Share Posted May 14, 2016 (edited) Does the problem persist after temporarily disabling self-defense and restarting the computer? Please enable logging of blocked operations in the advanced HIPS setup, clear your HIPS log, reproduce the issue and then post the records from your HIPS log here. I apologize for the late response. Some things came up today. Also, I had other issues with HIPS halting/delaying/stopping multitudes of startup Windows processes that made troubleshooting take very long and put off time looking at it. the problem does persist after temporarily disabling self-defense and restarting the computer. That is a great idea! Checking the HIPS log as I reproduce the issue. Unfortunately, the best I could do was reproduce the issue and export the record log. I was not able to clear the HIPS log, because my other issue with HIPS made it very difficult to get to the log and clear it. Either way, I attached the HIPS log. It seems that HIPS would interfere with chrome modifying my video card software . I don't know...what do you make of it? Again, thank you (and anyone else who may help) so very much for your attention to this. EDIT: I just looked over the HIPS log and see that there's too much information. So I will add the pertinent information that is in the file. If anything, one can search for chrome in the HIPS log and find these entries: -<RECORD> <COLUMN NAME="Time">5/13/2016 10:32:28 AM</COLUMN> <COLUMN NAME="Application">C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</COLUMN> <COLUMN NAME="Operation">Get access to file</COLUMN> <COLUMN NAME="Target">C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin</COLUMN> <COLUMN NAME="Action">some access allowed</COLUMN> <COLUMN NAME="Rule">Chrome</COLUMN> <COLUMN NAME="Additional information">Write to file</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">5/13/2016 10:32:15 AM</COLUMN> <COLUMN NAME="Application">C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</COLUMN> <COLUMN NAME="Operation">Get access to file</COLUMN> <COLUMN NAME="Target">C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin</COLUMN> <COLUMN NAME="Action">some access allowed</COLUMN> <COLUMN NAME="Rule">Chrome</COLUMN> <COLUMN NAME="Additional information">Write to file</COLUMN> </RECORD> HIPS Log Files.xml Edited May 15, 2016 by simplepinoi177 Link to comment Share on other sites More sharing options...
simplepinoi177 0 Posted May 18, 2016 Author Share Posted May 18, 2016 hmmm....nobody has a clue or hint why HIPS is only giving chrome "some access allowed" to NVIDIA my graphics card; specifically the nvdrssel.bin file??? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,720 Posted May 18, 2016 Administrators Share Posted May 18, 2016 You have a custom HIPS rule named "Chrome" in place. I asked you to uninstall ESS and install it from scratch while using default settings, ie. without importing any configuration or creating custom rules. Please do as we instructed you so that no custom HIPS rules exist. Link to comment Share on other sites More sharing options...
simplepinoi177 0 Posted May 18, 2016 Author Share Posted May 18, 2016 (edited) You have a custom HIPS rule named "Chrome" in place. I asked you to uninstall ESS and install it from scratch while using default settings, ie. without importing any configuration or creating custom rules. Please do as we instructed you so that no custom HIPS rules exist. I did the custom rule after-the-fact in attempts of troubleshooting. I had uninstalled ESS previously (before the rule; as you can see in my original post under "Attempts at a Solution" section) and installed it from scratch with default settings and it had still caused the chrome issue. Edited May 18, 2016 by simplepinoi177 Link to comment Share on other sites More sharing options...
itman 1,543 Posted May 18, 2016 Share Posted May 18, 2016 (edited) I would try the following: 1. Disable Eset's advanced memory scanning. Try to open Chrome. 2. Disable Eset's exploit blocker. Try to open Chrome. If Chrome runs successfully with either of the above disabled, we have identified the source of problem. Next, as an interim solution disable Chrome's sandbox feature. Important: make sure to re-enable Eset's advanced memory scanning and exploit protection. Finally, start Chrome with the sandbox disabled and see if runs OK with Eset's AMS and exploit protection enable. Edited May 18, 2016 by itman Link to comment Share on other sites More sharing options...
StrychNinX 0 Posted June 20, 2016 Share Posted June 20, 2016 I have the same issue, but i dont know why ESS haven't updated any fix such as this. Link to comment Share on other sites More sharing options...
simplepinoi177 0 Posted June 21, 2016 Author Share Posted June 21, 2016 I have the same issue, but i dont know why ESS haven't updated any fix such as this. Could you please set your Minimum Logging Verbosity to Informative and recreate the issue. See what the log produces and says. Also, if you would please also post up the log here so I can compare it and see if there is a similarity or common cause... Link to comment Share on other sites More sharing options...
ferraris 0 Posted June 22, 2016 Share Posted June 22, 2016 I have a similar issue with all Chrome extension crashing on Windows start-up (see separate thread). Turning off HIPS resolved it. Link to comment Share on other sites More sharing options...
simplepinoi177 0 Posted June 23, 2016 Author Share Posted June 23, 2016 I have a similar issue with all Chrome extension crashing on Windows start-up (see separate thread). Turning off HIPS resolved it. Me too. That was the only solution I could do to get my chrome and computer back in working order. Isn't it a shame that we can't have the added security of HIPS. I mean, we all payed a substantial amount and for us to be missing out on a significant part of the program is rather disappointing to say the least. Link to comment Share on other sites More sharing options...
Recommended Posts