On Fri, Jan 29, 2021 at 6:39 AM lapin noel <sholapin...@gmail.com> wrote: > > I'm afraid there is the same info, but I couldn't find one in short browsing, > so I post here. > > When MS Windows Security/Defender(MSWS) validates heap integrity, the agent > crashes. > And when MSWS does not validate, the agent runs without an error. > > The agent is run as admin. > > The MSWS settings are the following. > In "App & browser control", in "Exploit protection settings", the "System > settings" are all set as "On by default". > Where the "System settings" are: Control flow, Data Execution, Force > randomization, Radomize memory, High-entropy, Validate exception, Validate > heap. > In "Program settings", one program is added to customize. > The only customized program is C:/Program Files (x86)/ossec-agent/win32ui.exe. > By "Edit", many settings can be selected by square checkboxes. > Where only one check box is selected - "Validate heap integrity". > The default system settings are "On" by the "System settings" stated above. > > When the slide button is left-side "Off", win32ui.exe runs without an error. > The normal agent window appears. > > When the slide button is right-side "On", win32ui.exe crashes. > MS Diagnostic Data Viewer reports as follows. > (--- > win32ui.exe > > Description > Faulting Application Path: C:\Program Files (x86)\ossec-agent\win32ui.exe > Creation Time: 1/29/2021 5:20:39 PM > Problem: Stopped working > Status: Report sent > > Problem signature > Problem Event Name: APPCRASH > Application Name: win32ui.exe > Application Version: 0.0.0.0 > Application Timestamp: 5e6e6eec > Fault Module Name: StackHash_cee3 > Fault Module Version: 10.0.19041.662 > Fault Module Timestamp: 5f641e44 > Exception Code: c0000374 > Exception Offset: PCH_A5_FROM_ntdll+0x00071BDC > > Extra information about the problem > Bucket ID: e0bfa8051f9ebad1ac54b45abee71e8d (2041454832948551309) > ---) > > Windows 10 Home, version 20H2, build 19042.746 > ossec-agent-win32-3.6.0-12032.exe 1,604,775 bytes > win32ui.exe 171,709 bytes >
Hi! I've seen similar crashes, but don't have a reliable windows machine to try and debug them (and I don't know how to do that on Windows). It's just been the gui interface that didn't work for me though, the agent itself ran if I configured it manually. Dan > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/482e6e57-5abb-40c8-aa04-acd695c7f30bn%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMp58WWcWnHunJqVpWWvzmou7kjK05fQbuwa2m1mD2NOPg%40mail.gmail.com.
