cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 4

VSE 8.0 buffer overflow conflict with .NET remoting

We are a small ISV and having issues with our product and VirusScan Enterprise 8.0. Our managed browser extension runs in Internet Explorer and communicates through .NET remoting with our logger application to log request/response information. Both: the IE extension and logger are written in .NET 1.1. The logger creates a remoting COA object and the IE extension communicates to this object using tcp channels by sending several different calls on every HTTP request/response.

We successfully tested this on many machine with different types of security software and received conflict only with Mcafee. After several HTTP requests IE sporadically crashes. On every IE crash VirusScan logs the Buffer Overflow Protection events as follows:
C:\Program Files\Internet Explorer\iexplore.exe::recv bo:heap
C:\Program Files\Internet Explorer\iexplore.exe::send bo:heap
When we disable Buffer Overflow Protection then the crashes stop.

While debugged the IE process we noticed that:
1. crashes happen only during one of the several remoting calls.
2. crashes are caused by a Win32 exception 0xC0000005 Access Violation inside ntdll.dll.
3. the stack trace shows that either System.Net.Sockets.Socket.Send() or System.Net.Sockets.Socket.Receive() is on top of the stack. This is consistent with Mcafee BO log information.

The managed code of our logger and IE extension is straight forward and we send very little data between them. It looks like there is a conflict between McAfee and .NET sockets and remoting.

Any help will be greatly appreciated. Also, please advice if this message should be posted on a different forum.

Thanks

Max
Labels (1)
3 Replies
Highlighted
Level 10
Report Inappropriate Content
Message 2 of 4

RE: VSE 8.0 buffer overflow conflict with .NET remoting

So you've tried?

1. Updating to Patch #14 or later on VS 8.0i?

2. Installed the most recent version of Sun Java instead of MS java?

3. Added Internet Explorer as an exclusion in Buffer Overflow or Access Protection?



Hope this helps.

Grif
Highlighted
Level 7
Report Inappropriate Content
Message 3 of 4

RE: VSE 8.0 buffer overflow conflict with .NET remoting

Thanks for your help, Grif.

We re-tested to make sure that #1 (Patch #14 and later) and #2 (Sun Java) is installed. It may slightly reduce the frequency of IE crashes, but not completely fixed the problem. As far as #3 (add IE as an exclusion), this option always eliminates crashes when it is available. Unfortunately some of our corporate users whose companies centrally manage VS 8.0i are restricted from changing the exclusion list.

Is there anything else that we can try? Also, is there a procedure when ISV can submit an inquiry to determine whether it is a problem with our software or false identification of the thread by VS?

Max
Highlighted
Level 13
Report Inappropriate Content
Message 4 of 4

RE: VSE 8.0 buffer overflow conflict with .NET remoting

This may be of some help to you.

From the Mcafee Avert site:

Do you want to report a security vulnerability in a McAfee product, site or service? Please send an e-mail detailing your findings to: [EMAIL="Security-alerts@mcafee.com"]Security-alerts@mcafee.com.
Are you a software vendor with an inquiry or appeal from Vendors regarding detection of your software? Please send an e-mail to to vendor_questions@mcafee.com. Include details of the McAfee product you are using, engine and DAT versions, and samples or links to the file(s) you believe are being incorrectly identified.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community