Video Screencast Help

SEP 12.1RU2 Vulnerability Protection Browser Add-on Crashing IE-8

Created: 29 Jan 2013 | 11 comments

Testing 12.1.2 (2015.2015) in Citrix-based Windows 7 desktop environment. When Vulnerability Protection browser add-on (IPSBHO.dll) is enabled within Internet Explorer 8 (8.0.7601.17514), the IE-8 browser crashes upon launch, displaying "Internet Explorer has stopped working" pop-up. Problem details show:

Problem signature:

  Problem Event Name: BEX

  Application Name:        iexplore.exe

  Application Version:    8.0.7601.17514

  Application Timestamp:             4ce79912

  Fault Module Name:    StackHash_0a9e

  Fault Module Version:                0.0.0.0

  Fault Module Timestamp:         00000000

  Exception Offset:          63b8c9c0

  Exception Code:             c0000005

  Exception Data:              00000008

  OS Version:      6.1.7601.2.1.0.16.7

  Locale ID:          1033

  Additional Information 1:          0a9e

  Additional Information 2:          0a9e372d3b4ad19135b953a78882e789

  Additional Information 3:          0a9e

  Additional Information 4:          0a9e372d3b4ad19135b953a78882e789

 ----------------------------------------------------------------------------------------

If we disable this add-on within Internet Explorer "Manage Add-ons" panel, the browser launches without a problem.

There are no log records stored within SEP that correlate to this error.

 

Previously we were using SEP 12.1.1101.401 and did not run into this problem.  32/64 bit does not seem to matter.

Any suggestions on what may be causing this problem within the add-on?

 

Comments 11 CommentsJump to latest comment

.Brian's picture

You're likely going to need to open a case with Symantec and provide logs, dumps, etc for them to look at.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Any chance you have similar windows 7 configuration but with IE 9 where you could check if the problem is occuring as well?

JR17520's picture

Brian81 & SebastianZ: thanks for the feedback.  Unfortunately, going with IE 9 is not feasible, even if it would work, due to application dependencies on IE 8.

.Brian's picture

I'm testing this now with same setup as you. Give me 10 minutes.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

I'm not having any issues thus far. Seems to be opening and browsing just fine. I would suggest a call to support.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

I would suggest you to disable the Download Insight in order to reduce the memory usage of iexplore.exe

Secondly, did you check this Article:

Best Practices for Symantec Endpoint Protection on Citrix and Terminal Servers

http://www.symantec.com/docs/TECH91070

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

cus000's picture

My only suggestion is to disable any other add-on than Symantec in IE then see if it still crash or not..

 

At the same time you will still need to log a case to Support

IvanBastos's picture

Thanks a lot for your help, but I think this issue concerns the CITRIX environment, dont it?

In our case the problem presents in IE of desktops/notebooks.

Anyway I appreciate your interest. Greetings.

JR17520's picture

I opened a case with support on this issue. Support also provided the "Best Practices" information and we used the Symantec Endpoint Protection Support Tool. The root cause of the problem was not determined.

We elected to go with the workaround of removing the use of the vulnerability protection browser plugin as the resulting risk was considered low.

IvanBastos's picture

I did the same. The answer was the same too. The workaround is to disable the add-on or disable IPS policy that the add-on is also automatically disabled.
For now I'm waiting for a Symantec solution to the problem.