cancel
Showing results for 
Search instead for 
Did you mean: 
Blackspot
Level 7

HIPS 8.0 - explorer.exe - Application Error

Hi,

We have deployed HIPS 8.0 to a few test machines basically straight out of the box, with High Threats blocked and Medium and low threats set to log (just to see what we get) but yesterday a couple of these test machines started having an error where explorer.exe continually crashes with the following popup box message

explorer.exe - Apllication Error

The intstruction at "0x05ac10f0" referenced memory at "0x0000000". the memory could not be written

press OK blah..blah....

In the HIPS logs on ePO (4.6.1) we have loads of buffer overflow messages associated with these errors. (thinking this is a buffer overflow problem, we have put the AV 8.8 buffer overlow protection policy in warning mode, but that didnt stop it from happening)

The events logs in EPO show BlueCoat Proxy client as the recipient or instigator of ths problem (i'm unsure which, yet)

Disabling HIPS stops these errors

I have two questions really,

1)     is this normally behaviour for HIPS (i'm sure not, but just want confirmation)

2)     I'm am not using adaptive mode of HIPS, would it be an idea to switch it on and see if we can create an exception to whatever is happening here. (i'm fairly new to HIPS)

plus any other pointer would be gratefully received

Thanks

0 Kudos
4 Replies
McAfee Employee

Re: HIPS 8.0 - explorer.exe - Application Error

A compatibility issue has been recently discovered between Host IPS 8.0 and Bluecoat Proxy software.  Please contact McAfee Support for more details.

0 Kudos
tyomni
Level 9

Re: HIPS 8.0 - explorer.exe - Application Error

And if You solve the issue let us know here I'm interested and it would be nice to have a solution here in forum.

0 Kudos
andrep1
Level 14

Re: HIPS 8.0 - explorer.exe - Application Error

Any known workarounds at this point ?

0 Kudos
McAfee Employee

Re: HIPS 8.0 - explorer.exe - Application Error

Disabling the Buffer Overflow engine might workaround the issue, but I would recommend against it.

0 Kudos