Google Chrome crashes when launched, because of HIPS

[simplepinoi177 0]

Hello. I'm new to the forum and also to using an ESET product. Please be gentle...   Also, apologies if this has been discussed elsewhere before. I attempted to search and only found one thread from 2014 (Smart Security Version 7) and it wasn't quite the same problem. 

I am using ESET Smart Security 9.0.377.0. My computer specs are in the attached dxdiag.txt file. 

 

Problem: With HIPS activated, I launch Google Chrome, no chrome window pops up, but Windows Error Reporting comes up asking to send information to Microsoft while Google Chrome alerts that it has crashed. Both windows eventually close and that's it. I can see chrome.exe pop up in Task Manager, but half a second later disappear, alerts that it has crashed, and then no other instance of chrome.exe stays.

 

How I know it's ESS HIPS: When I turn HIPS off and restart, chrome will work. When I turn it on, chrome will crash. Chrome will work up to the point until when I merely turn the switch on and click OK, then it will crash. Definitely crashes when I enable HIPS and restart.

 

Pertinent notes: Other browsers work flawlessly. I have everything enabled in the “Basics” section other than Advanced Memory Scanner. Filtering mode is set to “Learning mode.” In Event Viewer, this is some of the information that is shown {

Log Name:      Application

Source:        Application Error

Date:          5/11/2016 12:44:22

Event ID:      1000

Task Category: (100)

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      Michael-THINK

Description:

Faulting application name: chrome.exe, version: 51.0.2704.36, time stamp: 0x57294d97

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000000000007009c

Faulting process id: 0x24ec

Faulting application start time: 0x01d1ab58c7646ae5

Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Faulting module path: unknown

Report Id: 2cbe82b2-174c-11e6-ae24-e006e6b7659e

} A full copy of the details in text is in the attached Event Viewer Data.txt file.

 

Attempts at a Solution: I've tried uninstalling and installing chrome. I even removed the “User” folder in chrome’s application data folder so to start the program from scratch. I tried opening it regularly and incognito. { I’ve created a rule in the “Basics” section where the Action is set to “Allow” with Operations affecting Files, Applications, and Registry entries. Enabled, Log, and Notify User is also checked. Source applications is set to chrome.exe. It is further set/check-enabled to the settings All file operations, all files, All application operations, All applications, All registry operations, and All entries. If you must know how I set the “Advanced Setup” section, let me know and I will post that information. } I have uninstalled SSE and reinstalled it. Right-click on chrome icon, and select “Run as Administrator.”

 

I would really love to take advantage of the security that enabling HIPS offers and would hate that the program always showing an alert that HIPS is disabled.

 

Please, anyone, help me! If anything, to be pointed in the right direction and/or directed to the right people to try and get this resolved. Thank you so much in advanced.

 

DxDiag.txt

Event Viewer Data.txt

[Marcos 5,072]

Does the problem persist after uninstalling ESS and installing it from scratch without changing any setting?

[simplepinoi177 0]

Does the problem persist after uninstalling ESS and installing it from scratch without changing any setting?

 

First of all, thank you for your attention on this.

And yes, it still persists. And it happens from scratch as well as loading my saved configuration file.

[Marcos 5,072]

Does the problem persist after temporarily disabling self-defense and restarting the computer?

Please enable logging of blocked operations in the advanced HIPS setup, clear your HIPS log, reproduce the issue and then post the records from your HIPS log here.

[simplepinoi177 0]

Does the problem persist after temporarily disabling self-defense and restarting the computer?

Please enable logging of blocked operations in the advanced HIPS setup, clear your HIPS log, reproduce the issue and then post the records from your HIPS log here.

I apologize for the late response. Some things came up today. Also, I had other issues with HIPS halting/delaying/stopping multitudes of startup Windows processes that made troubleshooting take very long and put off time looking at it.

the problem does persist after temporarily disabling self-defense and restarting the computer.

That is a great idea! Checking the HIPS log as I reproduce the issue. Unfortunately, the best I could do was reproduce the issue and export the record log. I was not able to clear the HIPS log, because my other issue with HIPS made it very difficult to get to the log and clear it. Either way, I attached the HIPS log.

It seems that HIPS would interfere with chrome modifying my video card software   . I don't know...what do you make of it?

Again, thank you (and anyone else who may help) so very much for your attention to this.

 

EDIT: I just looked over the HIPS log and see that there's too much information. So I will add the pertinent information that is in the file. If anything, one can search for chrome in the HIPS log and find these entries:

-<RECORD>

<COLUMN NAME="Time">5/13/2016 10:32:28 AM</COLUMN>

<COLUMN NAME="Application">C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</COLUMN>

<COLUMN NAME="Operation">Get access to file</COLUMN>

<COLUMN NAME="Target">C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin</COLUMN>

<COLUMN NAME="Action">some access allowed</COLUMN>

<COLUMN NAME="Rule">Chrome</COLUMN>

<COLUMN NAME="Additional information">Write to file</COLUMN>

</RECORD>

-<RECORD>

<COLUMN NAME="Time">5/13/2016 10:32:15 AM</COLUMN>

<COLUMN NAME="Application">C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</COLUMN>

<COLUMN NAME="Operation">Get access to file</COLUMN>

<COLUMN NAME="Target">C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin</COLUMN>

<COLUMN NAME="Action">some access allowed</COLUMN>

<COLUMN NAME="Rule">Chrome</COLUMN>

<COLUMN NAME="Additional information">Write to file</COLUMN>

</RECORD>

HIPS Log Files.xml

Edited May 15, 2016 by simplepinoi177

[simplepinoi177 0]

hmmm....nobody has a clue or hint why HIPS is only giving chrome "some access allowed" to NVIDIA my graphics card; specifically the nvdrssel.bin file???

[Marcos 5,072]

You have a custom HIPS rule named "Chrome" in place. I asked you to uninstall ESS and install it from scratch while using default settings, ie. without importing any configuration or creating custom rules. Please do as we instructed you so that no custom HIPS rules exist.

[simplepinoi177 0]

You have a custom HIPS rule named "Chrome" in place. I asked you to uninstall ESS and install it from scratch while using default settings, ie. without importing any configuration or creating custom rules. Please do as we instructed you so that no custom HIPS rules exist.

 

I did the custom rule after-the-fact in attempts of troubleshooting. I had uninstalled ESS previously (before the rule; as you can see in my original post under "Attempts at a Solution" section) and installed it from scratch with default settings and it had still caused the chrome issue.

Edited May 18, 2016 by simplepinoi177

[itman 1,659]

I would try the following:

 

1. Disable Eset's advanced memory scanning. Try to open Chrome.

2. Disable Eset's exploit blocker. Try to open Chrome. 

 

If Chrome runs successfully with either of the above disabled, we have identified the source of problem. Next, as an interim solution disable Chrome's sandbox feature.

 

Important: make sure to re-enable Eset's advanced memory scanning and exploit protection.

 

Finally, start Chrome with the sandbox disabled and see if runs OK with Eset's AMS and exploit protection enable.

Edited May 18, 2016 by itman

[StrychNinX 0]

I have the same issue, but i dont know why ESS haven't updated any fix such as this.

[simplepinoi177 0]

I have the same issue, but i dont know why ESS haven't updated any fix such as this.

Could you please set your Minimum Logging Verbosity to Informative and recreate the issue. See what the log produces and says. Also, if you would please also post up the log here so I can compare it and see if there is a similarity or common cause...

[ferraris 0]

I have a similar issue with all Chrome extension crashing on Windows start-up (see separate thread).  Turning off HIPS resolved it.

[simplepinoi177 0]

I have a similar issue with all Chrome extension crashing on Windows start-up (see separate thread).  Turning off HIPS resolved it.

Me too. That was the only solution I could do to get my chrome and computer back in working order. Isn't it a shame that we can't have the added security of HIPS. I mean, we all payed a substantial amount and for us to be missing out on a significant part of the program is rather disappointing to say the least.