7 Replies Latest reply on Apr 29, 2009 3:31 AM by DiegoGonzalez

    BO:Writable BO:Heap issue with VSE 8.5.0i

      I've just started to get VirusScan Alerts that say my Windows Media Player is getting BO:Writable BO:Heap overflow error messages. This also happens when I go to windows explorer and try to view thumbnails of images on my system.

      I'm running XP Professional with all the latest upgrades and VirusScan Enterprise 8.5.0i

      Installed patches says "NONE" on the About VirusScan Enterprise screen

      I've run spyware removers SpyBot, VSE and Adaware and VirusScan in Safe mode and it found nothing....

      Why is this happening and what can I do to get it to stop? Is there a patch for this version, and if so, where do I get it? I ran McAfee Virtual technician and it didn't have any updates to the VSE.

      Please help! Thanks

      Tom.
      Hayward, CA
        • 1. RE: BO:Writable BO:Heap issue with VSE 8.5.0i
          First, install the correct patch which at this time is Patch #4. You may need to manually add the patch. To get the patch, use your corporate Grant Number at the link below to create a new user account and download the patch.. (The Grant Number is required.)

          https://mysupport.mcafee.com/eservice_enu

          Next, try adding the media player executable as an Exclusion in the "Acess Protection" section of the VirusScan Console.

          Exclude it by opening the VirusScan console and right click Access Protection. Choose View Log. Check to see the exact file name and rule for the block. The process that is being blocked will be the program you need to remember. Add this to the exceptions by right clicking Access Protection again and choosing Properties, then highlight the "User Defined Rules" item, select "New", then create a "Port Blocking" rule or the "File or Folder Blocking" rule and add the exclusion.

          Hope this helps.

          Grif
          • 2. BO:Writable BO:Heap issue with VSE 8.5.0i
            Just yesterday I started having this problem with IE7. I was able to download patch 4 but am still getting the error.

            I'm trying the second part - creating the exception - but can't seem to get that to work either.

            Here's my settings for the exception:

            Rule name: IE Buffer Overload
            Process to include: blank
            Process to exclude: BO:Writable BO:Heap
            File or folder: C:\Program Files\Internet Explorer\iexplore.exe

            File actions to prevent: If i don't check any of the boxes, I can't "OK" the rule. If I check any combination of the boxes, the exception doesn't work (I still get the BO error.)

            Any ideas? I really really don't want to resort to rebuilding this machine because the user has so much software that is not standard to our company installed.

            What happens if I simply disable Buffer Overflow Protection?

            Thanks,

            Scott
            • 3. RE: BO:Writable BO:Heap issue with VSE 8.5.0i
              Disabling Buffer Overflow Protection should make the error go away but it also lessens your security.. Usually, placing an exclusion to "iexplore.exe" in that section should fix the problem.

              One other thought.. Try using the instructions below to scan your computer for other types of spyware/malware, just to make sure it's clean. Infected computers can also throw the type of error you're seeing.

              Please download Malwarebytes' Anti-Malware from Here

              Double Click mbam-setup.exe to install the application.

              * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
              * If an update is found, it will download and install the latest version.
              * Once the program has loaded, select "Perform Quick Scan", then click Scan.
              * The scan may take some time to finish,so please be patient.
              * When the scan is complete, click OK, then Show Results to view the results.
              * Make sure that everything is checked, and click Remove Selected.
              * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
              * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

              Extra Note:
              If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

              Hope this helps.

              Grif
              • 4. RE: BO:Writable BO:Heap issue with VSE 8.5.0i
                Thanks for the advice.

                However, I'm still having problems creating an exclusion. I followed your instructions listed previously but no matter how I configure the exclusion, I still get the error.

                Can you look at my previous post and let me know what I'm doing wrong in setting up the exclusion?

                We had another staff member report this problem today. Can you tell me what triggers this? Is it an actual virus, trojan attack or something else?

                Thanks,

                Scott
                • 5. RE: BO:Writable BO:Heap issue with VSE 8.5.0i
                  SuperDAT
                  install winXP sp3 if you have not, it has been seen to correct BOP detections with iexplore.exe
                  • 6. RE: BO:Writable BO:Heap issue with VSE 8.5.0i
                    I just had this problem yesterday with two Win XP machines (our company has over 1,000 PC's). I ran a full system scan, anti-spyware scan, updated to XP SP3, and still the same problem. Oh, I'm also running the latest patch 6 for Virus Scan 8.5. I finally disabled Buffer Overflow in the EPO 4.0 console. Anyone else have an idea of how to fix these two machines?
                    • 7. RE: BO:Writable BO:Heap issue with VSE 8.5.0i
                      I had the same problem today. In this case I could trace it back to a corrupted file.
                      The problem happened when trying to load a corrupted .gif file. In this case
                      it was enough that you opened from powerpoint the directory where the file was
                      placed and immediately the BO:writeable BO:heap message appeared, after which
                      the program was hanging.

                      D.