I'm afraid there is the same info, but I couldn't find one in short browsing, so I post here.
When MS Windows Security/Defender(MSWS) validates heap integrity, the agent crashes. And when MSWS does not validate, the agent runs without an error. The agent is run as admin. The MSWS settings are the following. In "App & browser control", in "Exploit protection settings", the "System settings" are all set as "On by default". Where the "System settings" are: Control flow, Data Execution, Force randomization, Radomize memory, High-entropy, Validate exception, Validate heap. In "Program settings", one program is added to customize. The only customized program is C:/Program Files (x86)/ossec-agent/win32ui.exe. By "Edit", many settings can be selected by square checkboxes. Where only one check box is selected - "Validate heap integrity". The default system settings are "On" by the "System settings" stated above. When the slide button is left-side "Off", win32ui.exe runs without an error. The normal agent window appears. When the slide button is right-side "On", win32ui.exe crashes. MS Diagnostic Data Viewer reports as follows. (--- win32ui.exe Description Faulting Application Path: C:\Program Files (x86)\ossec-agent\win32ui.exe Creation Time: 1/29/2021 5:20:39 PM Problem: Stopped working Status: Report sent Problem signature Problem Event Name: APPCRASH Application Name: win32ui.exe Application Version: 0.0.0.0 Application Timestamp: 5e6e6eec Fault Module Name: StackHash_cee3 Fault Module Version: 10.0.19041.662 Fault Module Timestamp: 5f641e44 Exception Code: c0000374 Exception Offset: PCH_A5_FROM_ntdll+0x00071BDC Extra information about the problem Bucket ID: e0bfa8051f9ebad1ac54b45abee71e8d (2041454832948551309) ---) Windows 10 Home, version 20H2, build 19042.746 ossec-agent-win32-3.6.0-12032.exe 1,604,775 bytes win32ui.exe 171,709 bytes -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/482e6e57-5abb-40c8-aa04-acd695c7f30bn%40googlegroups.com.