PX3SOL(171),Trustee Rapport & IE8 0n Vista Home PremSP2

Discussion in 'Prevx Releases' started by horseman, Jun 18, 2010.

Thread Status:
Not open for further replies.
  1. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    Just a preliminary sanity check but I'm getting a consistent IEFRAME dll exception on one installation of IE8 on Vista(32) Home Premium SP2 installation.

    Since user had prolific amount of IE add-ins I've only had time so far to narrow this down to possible Trustee Rapport, Prevx SOL 3.0.5.171 conflict, and now temporarily running with SOL disabled.

    IE8 has been re-installed but no time yet to recreate this PXSOL, TR scenario on other windows testbeds.

    Just thought I'd enquire before re-inventing another wheel.... ;)
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We've found the cause which is due to a bug in Trusteer but we've worked around it and will have a new test version available shortly for it :) In the meantime I'll send you a link to the pre-release version which works without a hassle.

    If anyone else is having this problem (we've had a handful of users in our inbox), please send me a PM.
     
  3. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    Oh gee...... could you fix all MS Operating systems while your at it? ;) Never failing to stupify me into silence with somewhat exemplary response as usual... yes - prelim results.174 beta fixes this on XP Pro SP3...just waiting for test opportunity on Vista/Windows 7 ...... followed by usual tedious regression testing.

    That's a lot of "atta-boy" points you've accumulated over the years? ;)
     
  4. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    UPDATE -Negative Prelim test on Win Vista Home Premium Home Premium SP2 - Mixed results with 174 beta as invoking Windows Live Mail appears to still cause same IEFrame.dll exception.....
    Investigation ongoing - Win7(Ultimate) test still outstanding.
    -------------------------------------------------
    Log Name: Application
    Source: Application Error
    Date: 18/06/2010 23:04:53
    Event ID: 1000
    Task Category: (100)
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: TBVistaHPrem
    Description:
    Faulting application iexplore.exe, version 8.0.6001.18928, time stamp 0x4bdfa327, faulting module IEFRAME.dll, version 8.0.6001.18928, time stamp 0x4bdfb700, exception code 0xc0000005, fault offset 0x0012bf93, process id 0x1140, application start time 0x01cb0f323baf4869.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-06-18T22:04:53.000Z" />
    <EventRecordID>11908</EventRecordID>
    <Channel>Application</Channel>
    <Computer>TBVistaHPrem</Computer>
    <Security />
    </System>
    <EventData>
    <Data>iexplore.exe</Data>
    <Data>8.0.6001.18928</Data>
    <Data>4bdfa327</Data>
    <Data>IEFRAME.dll</Data>
    <Data>8.0.6001.18928</Data>
    <Data>4bdfb700</Data>
    <Data>c0000005</Data>
    <Data>0012bf93</Data>
    <Data>1140</Data>
    <Data>01cb0f323baf4869</Data>
    </EventData>
    </Event>
    -------------------------------------------------
     
    Last edited: Jun 18, 2010
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you let me know if you've rebooted your PC after applying the upgrade and if you are actually running v174 on that PC as well?

    Thanks! :)
     
  6. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    Yes+Yes
    Answer to your next predictable offer - unfortunately we can't do a remote this time cos it's my remote Vista testbed and user is absent.... even though a warm body at local keyboard in this context will be even more of a hindrance than my usual puerile (half)wit & repartee.... ;)

    Currently flavour of testing is now pointing at a corrupt Trusteer Rapport install ..... as attempting to stop it's service via TR consol sends my link into the Twilight zone... o_O

    I may have to convert it's backup image on my server and see if I can reproduce again locally here, on my VM. Meanwhile good 'ol PX licensing database has conveniently dropped my Win 7 ultimate PXSOL key..... (would have thought with 6 bl**dy licenses and only 4 seats active it could have left me the one I needed!) ho hum.... could be worse and England might have lost I suppose.....
    :rolleyes:
    Thanks anyway..
     
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Can you send PrevxHelp your license key and he can reset it for you or you can contact the Prevx support inbox http://info.prevx.com/service.asp and they will be happy to reset it for you!

    TH
     
  8. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    Thank you TH for the very sensible interjection ....but after 5 years and several remote sessions to pathologically extreme failure scenarios on various under resourced machines i suspect both Chicago and Derby know it off by heart... ;)

    I'll flip a few more "de/reactivation" bits via MyPrevx console before I waste their time further..... thanks.
     
  9. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Not a problem have a great night! ;)

    TH
     
  10. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    Update - confirmed .174 works on Win7 (32) Ultimate with TR installed after PXSOL.
    However I noticed that SOL does have all the SOL subitems enabled in it's status/config screen. That's different from my XP and Vista installs that had last 4 or so items automatically disabled when PXSOL was updated on a pre-existing TR installation.?

    So 2 out 3 working more or less as designed but attempting to disable TR on the original problem Vista HP account via safemode has totally cratered my remote link so I'll have to pick it up and fix locally this week..... watch this space.

    OT: Which leaves the minor annoyance of why I had to disable my 6th license key which then magically re-enabled my Win7 testbed PXSOL....
    Last time (couple of months ago) it took PX TS about 3 attempts to get all 6 licenses up and allocated concurrently.

    Somewhere I must have a rogue PC install that's not being reflected in MyPX dashboard...... either that or suddenly PX licensing server has trouble counting over 5 !!! ;) Hopefully PX will resolve that by time PX4 hits the shops or 972 days when I have to renew!
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This may be a case of an only partially incompatible installation. Either way, SafeOnline's configuration screen is accurate as to what protection is loaded so you're probably fine to go :)

    Is there any chance that two of your PCs have the same hostname? This could indeed cause confusion - if not, it might be worth checking to see what PC did have the license in place and fully uninstalling/reinstalling to ensure it forgets the license that it had.
     
  12. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    I appreciate the albeit somewhat ambiguous answer(or no doubt my lack of comprehension) but which scenario reflects the possible "partial incompatability"? Presumably the Win7 one with all SOL items enabled?

    Anyway the problem PC is Vista and methinks the fault is firmly in TR's scope and PXSOL is a relatively innocent bystander in this case....

    Easier said than done. Since 6 licenses are spread on 4 WINTEL PC's but 2 MACbooks share various (and numerous) testbed images either running locally or accessed via server and run on a Virtual Machine then despite my best efforts THERE's every possibilty that I've inadvertently used same hostname on two of those images.... :( ;)

    Since I only use those images to test various Prevx iterations againsts other concurrent AntiMalware products sporadically (and not generally for any other productive use) and in order to comply with the "spirit" of the Prevx licensing I increased the license count from 4 to 6 earlier this year....

    Thanks again for your usual invaluable assistance.
     
  13. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    UPDATE: Just got local access to PC - once I stopped TR service then I renabled SOL and low and behold last 4 SOL subitems were disabled and no more IE exceptions with WLM.!

    However now, the TR service will not (perhaps unsurprisingly) restart....

    I just need to dump another backup image of this scenario before doing the obvious TR re-installation attempts as I can't seem to find any relevant consol logs with anything usefull yet....

    EDIT: I actually upgraded TR 9xx to Emerald (a real jewel -NOT!!!!) 1004.17 and not surprisingly IE8 threw an exception. To recover IE8 stability (aside from running with no add-ins) I had to remove PX protection, stop TR service and re-enable PX again.

    EDIT2: Poor excuse perhaps but I facing time constraints on this as I don't currently have a converted local Vista image to run as guest on my VM and I have to return PC with TR enabled as it's a pre-req for banking access. If there are any pointers to IE console traces &/or TR/PX logs I haven't yet discovered it would be enormously helpfull and earn the obvious "ATTA-BOY" awards... Otherwise I'm going to have to follow TR and PX clean re-installation attempts and probably loose any forensics on this image at least! ;)


    Watch this space.
     
    Last edited: Jun 22, 2010
  14. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    UPDATE: Finally I appear to have IE8 stable with WLM/toolbar AND with TR enabled running on users standard (as opposed to Admin) account but only by disabling SOL completely. :(

    As there appears to be loosely related SOL issues reported by others that are being addressed by PX in impending beta's shortly to be released then this is probably an acceptable compromise for me to return PC to user as is with current .174 release.

    Until a new beta appears I'll divert effort to attempting to run users VistaHP image on my VM (although I have to be carefull not to upset PX licensing server with duplicate hostnames as already posted<vbg>).
     
  15. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    YET ANOTHER UPDATE: Ok the plan to convert physical PC image to software guest image suitable for VMFusion on Apple Mac failed miserably due to fact my Mac proc power and hdd space was way under the minimum.....
    I reconciled server dasd to get 180GB I needed but after 6 hours the VM PCMac Converter spat out an eta of 399hrs (16 days+) to process my phys image.. !!!!
    Now as much as I'm a committed/long term Px fan...and yet just luv trying to break it...even that's a tad too long for my tenacious yet limited abilities!

    So I reverted to playing with TR & PXSOL fine tuning and (not) surprisingly found that by incrementing SOL from disabled datum and incrementally enabling each sub-item I could get a functional IE8 still.........for a short while that is.... :(

    So circumstantially whatever API/kernels TR and PXSOL are hooking there's some race/deadlock between the two..... or more likely other RTM/AV like AVG free and MS Security essentials are "queering-the-pitch"!?

    intriguing..... now these observations may be heading in a direction that PXHelp would prefer did not encourage too much discussion/detail.... but I'm sure he can "generalise" and "de-sensitise" these into plain laymans terms and comment far more authoritatively than my wild-*ss speculation.... ?
     
  16. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    SafeOnline and Trusteer do have some surface area in which they fight because both try to unhook hooks. We've reproduced the incompatibilities and should have them solved soon :)

    Thanks for the assistance!
     
  17. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    You're welome (although I'm not actually convinced I contributed anything apart from speculative confusion! ;) )
     
  18. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    Just re-tested with .179 beta and still same problem.
    Admittedly I didn't see any fixes for outstanding TR issues in the changelog either.

    So presumably this issue is still wip...?
    (...and after 234 years you didn't need an Englishman to tell you that! ;) - Have a nice day! )
     
    Last edited: Jul 4, 2010
  19. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    As far as we can tell, everything has been fixed a few builds ago. Could you try uninstalling Prevx entirely, rebooting, and then reinstalling .179 fresh? It's possible that one of the components could be hanging around - let me know what you find :)
     
  20. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    Thanks, I did usual un/re-install back on .174 beta initially.
    Thus appears to point to m/c specific prob as you presumably have no other reports. I'll try again with .179 and if that fails then uninstall (rather than disable) TR and all other products and feed back later in week.

    UPDATE: Before doing that I thought I'd quickly recheck on Admin id and then logoff/on to user's (non admin) ID only to find PXSOL was completely disabled!? Strange - re-enabled .179 and problem has apparently "healed-up"!
    Retested with multiple logon's between admin/user accounts and several restarts and I can't replicate the error symptoms. PXSOL now remainss enabled correctly on desktop initialisation and running with TR,MS Security Centre,AVG Free.... so all looks ok.

    Methinks some marginal "race" condition but will continue to test for a couple of days.... D*mn! thought I'd actually managed to break PX! ;)
     
    Last edited: Jul 5, 2010
  21. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    Re: PX3SOL(179),Trustee Rapport & IE8 0n Vista Home PremSP2

    Well approaching end of the week and I didn't manage to break PX nor replicate further IE8 crashes..... more importantly the user hasn't yet managed to break anything either.... yet! ;)
     
Thread Status:
Not open for further replies.