Moved to HIPs for better attention - Moderator
Chris.. send me a digitally signed email to brian.berger AT mda.mil - I can help you through this.
FYI.. the term HBSS is only used in the DoD; here on the forums most people are commercial, so they would have no idea what HBSS means.
Note from Moderator - no email addresses should be posted per forum rules, so I "munged" yours. It's still readable but not clickable, which is better safety and security-wise.
I am having the exact same issue, does anyone have a solution to this please?
You could do as the user has suggested in post #2
Thanks, I did try that. Was hoping the solution was known by others and posted in hopes of getting the solution as quickly as possible.
Good, I think maybe it's not for publication here. However I could be wrong.
1 of 1 people found this helpful
i would suggest to anyone having this issue:
1. go to the IPS Rules policy applied to the system(s)
2. locate the "Application Protection Rules" tab, click into it
3. put the dll in this list section
Thanks for the reply greatscott, I tried that yesterday to no avail. I was able to resolve the issue today. We recently installed EMET on all of our workstations, two of them lost Outlook and IE capability and the event logs were showing NTDLL.DLL was the faulting module. There were never any HIPs events generated. When I would turn off HIPs enforcement the problem immediately went away. It turns out the person who installed EMET on those two workstations chose the default configuration instead of the manual configuration option. Uninstalling EMET (and carving out all registry references to it) and then re-installing it with the manual configuration option fixed our problem. Not sure why the default configuration broke NTDLL.DLL when HIPS was enforced.