Eset SS 6 - egui.exe crashing and hang

Discussion in 'ESET Smart Security' started by jumanji, Feb 8, 2013.

Thread Status:
Not open for further replies.
  1. jumanji

    jumanji Registered Member

    Joined:
    Nov 2, 2008
    Posts:
    31
    I have two PC's, one with Win7 x64 and one with Win8 x64 and both have the Problem that egui.exe ist randomly crashing.

    This will only happen if the Firewall-mode is set to interactiv. It occurs from time to time.

    If a program tries to have Access to the Internet egui.exe is popping up and asks if the traffic is allowed or not. I have the Feeling that if you answer not fast enough the Problem will occure more often. If the Problem occures, the Popup from egui will get half transparent, also the application which is requesting Internet Access. Only solution:
    On Win8 X64 it is possible to terminate in taskmanager egui.exe. On Win7 X64 it is not possible to terminate in taskmanager egui.exe - so here the only solution is to reboot the pc.

    After the reboot (Win7) or a restart of egui.exe in Win8 - with the same application there is no Problem anymore. It doesn't matter which app you use.

    It seems, that the Problem came in some days ago - don't remember really.

    Both PC's are using Smartsecurity 6 in german Version 6.0.306.3, licenced till 2016.
    Both PC's have latest updates from Microsoft.

    If i look into the Windows protocoll of my Win8 X64 PC i have two Entries:

    First is Event 1001 Windows Error Reporting:

    Code:
    - System 
    
      - Provider 
    
       [ Name]  Windows Error Reporting 
     
      - EventID 1001 
    
       [ Qualifiers]  0 
     
       Level 4 
     
       Task 0 
     
       Keywords 0x80000000000000 
     
      - TimeCreated 
    
       [ SystemTime]  2013-02-08T11:48:40.000000000Z 
     
       EventRecordID 7286 
     
       Channel Application 
     
       Computer xxxxxxxx-pc 
     
       Security 
     
    
    - EventData 
    
       87156752 
       4 
       APPCRASH 
       Nicht verfügbar 
       0 
       egui.exe 
       6.0.306.0 
       50b35eaf 
       combase.dll 
       6.2.9200.16420 
       505a9af2 
       c0000005 
       0000000000015054 
    
    Second Entry is Event 1000 Application Error:

    Code:
    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Application Error" /> 
      <EventID Qualifiers="0">1000</EventID> 
      <Level>2</Level> 
      <Task>100</Task> 
      <Keywords>0x80000000000000</Keywords> 
      <TimeCreated SystemTime="2013-02-08T11:48:40.000000000Z" /> 
      <EventRecordID>7287</EventRecordID> 
      <Channel>Application</Channel> 
      <Computer>xxxxxxx-pc</Computer> 
      <Security /> 
      </System>
    - <EventData>
      <Data>egui.exe</Data> 
      <Data>6.0.306.0</Data> 
      <Data>50b35eaf</Data> 
      <Data>combase.dll</Data> 
      <Data>6.2.9200.16420</Data> 
      <Data>505a9af2</Data> 
      <Data>c000041d</Data> 
      <Data>0000000000015054</Data> 
      <Data>538</Data> 
      <Data>01ce05c4a23dffed</Data> 
      <Data>C:\Program Files\ESET\ESET Smart Security\egui.exe</Data> 
      <Data>C:\Windows\SYSTEM32\combase.dll</Data> 
      <Data>7a7991b0-71e5-11e2-beb0-08606e695ec7</Data> 
      <Data /> 
      <Data /> 
      </EventData>
      </Event>
    A quick solution would be very nice :rolleyes:
    Thanks
    Thorsten
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please supply a dump from the crash to Customer care who will pass it to developers for analysis.
     
  3. jumanji

    jumanji Registered Member

    Joined:
    Nov 2, 2008
    Posts:
    31
    By finding out how to produce the dump i looked arround in egui - suddenly same Crash.
    So it seems it is not related to the function "allow, deny traffic".
    It seems it is related to the gui itself.

    The easiest way to reproduce the Problem is to click arround in egui and from time to time click on the top-right menu and select there "extendet configuration" ("Erweiterte Einstellungen").
     
    Last edited: Feb 8, 2013
  4. jumanji

    jumanji Registered Member

    Joined:
    Nov 2, 2008
    Posts:
    31
    Dump is hopefully out to Support via Online-Form. (Which was a little bit difficult)

    Please note, that i was not able to use Explorer 10 (Windows 8 x64). A click on "Submit" is doing nothing - so i used Firefox.

    By using Firefox after submitting the form it took a while because of the dump Attachement - however suddenly i had the same form (empty) again.

    Can someone verify if the form has sended the Information?
    Thanks Thorsten
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please PM me the download link to the dump. Also enable logging of blocked operations in the advanced HIPS setup and reproduce the problem. Then post here the latest records from your HIPS log as well as information about installed modules.
     
    Last edited: Feb 8, 2013
  6. jumanji

    jumanji Registered Member

    Joined:
    Nov 2, 2008
    Posts:
    31
    So, today i have spent 3 more hours in testing egui.exe.
    German Version 6.0.306.3 test on live System Windows 8 X64
    English Version 6.0.308.0 test on virtual machine Windows 8 X64, install Standard Settings.

    After a restart of both test environments egui.exe Needs round about 5 mb Memory (in taskmanager).

    Both Systems:
    By calling egui from the systray-icon via double-click or via systray menu (advanced Setup) egui Needs more and more Memory and isn't it releasing - after a short time egui needs 16mb - so there seems to be a memory leak.

    German Version:
    By calling egui from systray via double click or systray menu (advanced Setup) and clicking in egui arround and between this clicking in egui on the upper right hook/check end select there "Advanced Setup" egui is crashing very often. egui is the trying to recover this with a new start of egui which will fail every time.

    English Version:
    Doing the same test egui seems not to Crash so easy in this way. However, after 15 Min in clicking arround there was also a Problem:
    Egui Home Screen was opend and by selecting from the systray menu "Advanced Setup..." egui home window was short flickering - but instead showing the Advanced Setup... nothing happened. At this Moment the egui mainscreen was frozen and not responding anymore.

    German Version:
    Hips enabled including Self-defense

    In the taskmanager right click on the process ESET Main GUI and select "End Task". Nothing is Happening - the process is still running, no cpu consumption. Well done!

    Englisch Version:
    Same Test as above. Result: Eset Main Gui is still running but after trying to terminate the process in the first seconds Eset Main Gui Needs 25% Cputime. After a couple of seconds Eset Main Gui Needs 75% (4 processors with 3,5 Ghz). Eset Main Gui is not releasing the Cpu and stick with 75%.

    ( Marcos, i have sended you a link to a screensnapshot)

    Now while the gui is running with 75% Cpu i'm rightclicking in the systray on the Egui-icon and select "Advanced Setup..." = Crash from egui. I'm getting a Windows notification that egui is not working any more and have the Option to search online for a solution or restart the program.
    The Problemdetails are showing:

    Code:
    Problemsignatur:
      Problemereignisname:	APPCRASH
      Anwendungsname:	egui.exe
      Anwendungsversion:	6.0.308.0
      Anwendungszeitstempel:	50d44e50
      Fehlermodulname:	USER32.dll
      Fehlermodulversion:	6.2.9200.16420
      Fehlermodulzeitstempel:	505a9a92
      Ausnahmecode:	c0000005
      Ausnahmeoffset:	00000000000010a0
      Betriebsystemversion:	6.2.9200.2.0.0.256.103
      Gebietsschema-ID:	1031
      Zusatzinformation 1:	a256
      Zusatzinformation 2:	a256ff5b39299de53641575ce8be767f
      Zusatzinformation 3:	b872
      Zusatzinformation 4:	b872f756aabfa8ae023f54e3675ea15c
    
    Clicking on restart is sometimes producing a new Crash or esetgui can't be started.
    Then i start egui again via shortcut from within Windows 8 homescreen.
    Egui is coming up normal.

    However if i terminate Eset main gui now again in the taskmanager the gui is terminating with the Windows notification that egui is not working anymore.

    It seems, that after a new start of egui the self defense is broken.

    Last Test

    I have saved the Eset-configuration from the german System to file and loaded it into the english Version. I tried in the english Version again my first test to Crash egui by clicking arround. I was not able to reproduce a Crash - so it seems, that it nothing has todo with the configuration.

    Music stream is disconnected
    Germansystem:
    I'm listening via Winamp or Windowsmediaplayer a musicstream: http://87.230.103.60:80

    For uploading the screenshot to my Server i have to establish a vpn-connection. At this Moment the Player is stopping playing Music - i guess while the stream is dropped.

    I have restarted the stream.

    After upload i disconnected the VPN - and again the musicstream was dropped.

    I then disabled the eset Firewall, connected VPN and als disconnected VPN - the stream was not dropped!
    This is reproducable.

    Hips Setup - Filtering mode - interactive mode
    It seems, that there is Trouble with connecting via VPN. I also can't select any Options on the networkicon in systray. (Open Network and sharing Center, Problems)
    After Setting Hips to automatic mode it took ca. 1 Minute and all worked like before. I haven't got any notifications from esetgui.
     
  7. jumanji

    jumanji Registered Member

    Joined:
    Nov 2, 2008
    Posts:
    31
    Problem with egui.exe crashing solved - Thanks Marcos and the team behind you for your outstanding Support.
    Problem was a program which i'm using called Roboform (Passwordmanager) which was trying to attach to the egui-window or something like this. Next Update should solve the issue.
     
Thread Status:
Not open for further replies.