6 Replies Latest reply on Sep 17, 2012 10:57 AM by Hayton

    Buffer overflow prevented

      Could someone explain what that means?  I'm getting c:\program files\internet Explorer\iexplore.exe  on my mcAfee.  I'm using McAfee antivirus plus 2012

       

      and my computer is running windows 7 on a system I built if that helps.

       

       

      Thank you

        • 1. Re: Buffer overflow prevented
          tomica

          Hi musiclover,

           

          Afteryesterday's "upgrade" (ha! ha!) I (Vista SP2 and Office 2003 user) gotthe same message on three occasions…

           

          if theExcel Add-in eurotool.xla is activated (it has been for years, now McAfee hastaken exception to it). If I deactivate the Add-in, Excel works OK again.

           

          When anExcel file with a Workbook_Open macro is opened. It has worked perfectly foryears, now today McAfee has taken exception to it. An individual McAfee scan ofthe file is negative. If I deactivate the Workbook_Open macro the file can beopened OK again.

           

          The same witha Workbook_Open macro in a Word file.

           

          The fileswork perfectly on another  Vista computer with, luckily another antivirus software;so does Excel with the eurotool.xla Add-In activated.

           

           

          McAfee stillhasn't done anything about the "mfehidik" error message in EventManager.

           

          You can't even deactivate McAfee with a button click like most other products, so have to go through some subscription procedure.

          • 2. Re: Buffer overflow prevented
            Peter M

            Tomica I explained in your other thread about how to disable it.

             

            Brad I suggest opening a case with Technical Support, it's free via phone or online chat and linked under Useful Links at the top of this page.

             

            'Buffer overflow prevented' simply means something tried to use too much memory and was prevented from doing so.

             

            But support might be able to troubleshoot why it happened.

             

             

             

             

             

            .

             

            Message was edited by: Ex_Brit on 15/08/12 6:46:33 EDT AM
            • 3. Re: Buffer overflow prevented
              Hayton

              The "Buffer Overflow Prevented" message is something that's been discussed here in the past, but in the Business section. Preventing buffer overflows is an essential guard against many malware attacks, since any piece of code (in an application or an operating system) that fails to check rigorously the user input into a field on a form can allow an attacker to overwrite memory and either crash the app (or the system) or execute malicious code. So McAfee is doing its job here.

               

              If the message refers to a particular application it would be helpful to know what it is. The regular McAfee Security Advisories I receive mention this prevention very frequently.

               

              See https://en.wikipedia.org/wiki/Buffer_overflow

              • 4. Re: Buffer overflow prevented
                tomica

                Hi Hayton,

                 

                Thanks for your informative reply. I appreciate the very useful jobMcAfee Antivirus does, but there are occasions when false positives occur – andI am convinced this happened here.

                 

                In my case (Vista SP2, Office 2003 user), McAfee had just done one ofits automatic updates; this one was an “upgrade” requiring a reboot to make iteffective. After the reboot, I wanted to call up an Excel file I’ve been usingfor years (finance.xls), and after nothing happened the McAfee warning windowappeared advising of the buffer overflow prevention.

                 

                As attempts to restart Excel failed, I rebooted and a message appearedsaying there was a serious problem with the Excel Add-in eurotool.xla (I livein Germany).So with the Add-in deactivated, Excel worked OK with other files, but the samething happened when I wanted to open finance.xls – buffer overflow. As thisfile has a Workbbok_Open macro in the “This Workbook” part of the macro section(Alt + F11 - the macro is activated when the file is opened) I deactivated themacro and everything was OK again. A McAfee virus scan of the file wasnegative.

                 

                With the file open, I ran the macro manually and Excel closed on me and– you’ve got it – McAfee buffer overflow prevention. I moved the macro from“This Workbook” to a Module and it ran with no problem.

                 

                So for apparently no reason (there was no change in the PC configurationor any file) McAfee – after the Tuesday August 14 upgrade - took exception to

                 

                the Excel Add-in eurotool.xla

                and

                a macro in “This Workbook”

                 

                Deactivating the McAfee real-time scan and/or the buffer overflowexploits options made no difference

                 

                Out of curiosity, as a test in Word, I activated a short macro in “ThisDocument” and exactly the same thing happened – buffer overflow message. Thistime I clicked the right-hand option “Don’t prevent buffer overflow…” Afterthat everything returned to normal – and there was no crash because of a bufferoverflow.

                 

                My only worry now is what if a really real buffer overflow impends. Didthe right-hand click deactivate buffer overflow checks forever? The bufferoverflow exploits option is activated.

                 

                I’d be grateful for your thoughts.

                 

                 

                PS any news on "Mfehidik" in the Event Manager

                • 5. Re: Buffer overflow prevented

                  Hello Hayton,

                   

                  A few days ago I started receiving this (Buffer Overflow Prevented) alert message from McAfee. The message usually appears after coming back from sleep mode.

                   

                  I'm currently running Windows Vista.

                   

                  McAfee has identified Explorer.EXE. as the cause.

                   

                  Please assist.

                   

                  Thanks

                   

                  Message was edited by: fra764 on 16/09/12 8:26:59 PM
                  • 6. Re: Buffer overflow prevented
                    Hayton

                    If a scan doesn't pick anything up then this is probably Vista tripping up when writing back to memory everything it stored on disk before going into Sleep mode - although with explorer.exe you have to consider the possibility that some malware has injected extra code into the executable (a common practice).

                     

                    Explorer.exe should have a file size in Vista of about 3Mb - see the table of known file sizes at http://jack.is/tech-support/tech-tips/explorer.php. Check the size of the file on your system against the entries there.

                     

                    Scan with McAfee and Stinger, and if they come up clean but you still have doubts you can always run 'sfc /scannow' from a command-line prompt. If the exe file has changed at all this will replace it with a backup copy.