Internet Explorer 8 Freezing On Startup ~75% Of The Time
Hi,
I've been having a problem whereby a large number of our lab machines, servers, and desktops are all having problems with internet explorer 8 freezing on either browser startup, creation of new tabs, or creation of popup windows. There are at least 50 machines
involved on three highly segregated networks across multiple domains and affecting multiple user accounts. There's at least Windows XP and Windows Server 2003 affected.
I've tried running IE with all extensions off (both with -extoff and manually disabling all add ins, accelerators, and other loaded modules), or disabling a few at a time, as well as resetting my settings, re-registering DLLs, and re-installing Internet
Explorer 8. Not even a fresh install with no addins and -extoff is immune - IE8 still locks up/freezes.
Looking at the problem in more depth, there are three main ways that IE8 shows up in the process list (as seen by process explorer) when this problem is occurring:
1. a single iexplore.exe process with an unusually small (typically ~1600k) private bytes count, and a similarly tiny working set (typically ~4000k)
2. a main iexplore.exe process with standard private bytes and working set sizes of ~12600k and ~22600k respectively, and a single child iexplore.exe process with the same characteristics of the process from #1 above.
3. the same setup as #2, but with at least one other child process that also shares normal private and working set sizes respectively.
#1 and #2 are associated with an instance of IE that doesn't generate any window (it looks like IE silently fails to load) but leaves a trace in the task manager. #3 shows up as a standard, working IE8 window, but with a 'crashed' (more accurately: nonresponsive)
tab, popup, or child window.
If I try and list the threads of the iexplore.exe processes with process explorer I get the usual list of theads (10-15 of them) with start addresses, but attempts to open the thread list of the nonresponsive iexplore.exe processes results in a short pause
(~5 seconds or so) followed by a completely empty thread list. It's almost as if whatever is blocking iexplore.exe interferes with process explorer's attempts to open and query the thread/process as well.
I force crashed a process in state #3 (the only one that will generate a "would you like to report this problem?" dialogue and analyzed it with windbg and the salient output from it is:
Probably caused by : ieframe.dll ( ieframe!CTabWindow::LaunchTabThread+75d )
It definitely feels like internet explorer is deadlocking on something, but for the life of me I can't seem to get it to come back to life (I even tried selectively closing file handles, semaphores, and mutex's on crashed processes in the hope that this
would unblock it, but to no avail!)
Some other useful information: All operating systems are fully patched with all critical and recommended updates, and all are running the latest version of Sophos antivirus with fully updated definitions. I've run multiple adware checkers, multiple rootkit
revealers, examined the system in great depth for anything suspicious, and even ran two other antivirus sweeps with both trend and clamav for win and nothing turned up. None of the affected systems appear to be infected with any known viruses or rootkits or
with anything that is causing any suspicious activity on any concievable system monitoring utility, and none of them have anything out of the ordinary with respect to addins etc (they're all running without accellerators and other than the latest versions
of flash, adobe reader, java, and sophos, they are basically clean - eg, no toolbars or other rubbish installed.)
I've done a ~lot~ of googling and can't seem to find anything relevant or helpful. I'm at a bit of a loss as to where to go from here.
Regards,
Jon.
May 17th, 2010 12:57pm
Additional info: this started happening sometime in the last month, so I tried rolling back any updates or patches applied to IE via windows updates since then - no luck.
I take it from the lack of responses that everyone else is at a loss as to what to do as well :/
Free Windows Admin Tool Kit Click here and download it now
May 18th, 2010 4:12am
It definitely feels like internet explorer is deadlocking on something, but for the life of me I can't seem to get it to come back to life (I even tried selectively closing file handles, semaphores, and mutex's on crashed processes in the hope that this
would unblock it, but to no avail!)
What was it doing? E.g. see how your symptom changes if you use the -nohome switch on your command line.
May 18th, 2010 6:34am
I suggest that you try to reset IE settings.
1. Click Start, please type “inetcpl.cpl” (without quotation marks) in the Start Search bar and press Enter to open the Internet options window.
2. Switch to the Advanced tab.
3. Click the "Reset Internet Explorer Settings" button.
4. Click Reset to confirm the operation.
5. Click Close when the resetting process has finished.
6. Uncheck the "Enable third-party browser extensions" option in the Settings box.
7. Click Apply, click OK.
If the issue still occurs after resetting IE, try to boot in No Add-ons Mode. Click the Start Button, All Programs, Accessories, System Tools, and then click Internet Explorer (No Add-ons). Please check if the issue persists. If the issue does not reoccur,
it may be caused by an IE Add-on. In that case, let’s continue to perform the following steps to narrow down the cause. Check
Check Internet Explorer Add-Ons
=========================
1. Click Tools, and then click Internet Options.
2. Click the "Programs" tab, and then click Manage Add-ons.
3. Select an add-on in the Name list, and then click Disable.
4. Please restart IE with Add-ons and check the issue again. If the issue is resolved, the disabled Add-on was the cause of the issue. If the issue reoccurs, let’s let’s continue to disable the next Add-on using the same method. By doing so, we
can determine which Add-on contributed to the issue. Arthur Xie - MSFT
Free Windows Admin Tool Kit Click here and download it now
May 18th, 2010 8:38am
4. Please restart IE with Add-ons and check the issue again.
Arthur,
Are you just seeing this after the move? Notice that the OP has already taken add-ons into account.
FWIW I agree with the decision to move the thread to Networking. E.g. I have occasionally seen symptoms like this (mostly with WLMail, less frequently with IE) and the symptom then is that the
only activity on the thread (e.g. according to Task Manager) is a periodic incrementing of the I/O Other Bytes statistic by 16 while the I/O Other counter goes crazy. That to me would seem to be indicating more a problem with
the OS than with IE. I was intending on mentioning that after hearing that -nohome idea works (of course--the problem is not IE but the connectivity) but the move happened first. <eg>
FYI
Robert
---
May 19th, 2010 3:21am
I'm also having this problem. What I have found is that it is related to sophos. It wasn't happening until I installed that.
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2010 5:41pm
Using -nohome made no difference. Hard to tell what IE is doing since any attempts to break into the thread from outside also appear to deadlock.
May 26th, 2010 4:53am
Yep, already tried all that, but I did it again just to make sure. Alas, it's still a problem.
As an aside, I'm not sure why this was moved to Windows 7 networking when I mentioned that this was affecting IE8 on XP and 2003 machines. It may affect Windows 7 but I can't verify that as I don't have any Windows 7 machines handy to test this on.
With regards to the process activity: it's completely static. No IO, no CPU, nothing.
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2010 5:02am
I'm also having this problem. What I have found is that it is related to sophos. It wasn't happening until I installed that.
Yep, I'd say we've pretty much confirmed this just now. I took a machine that was affected, uninstalled Sophos, rebooted, and now it's not affected anymore.
I'll get in contact with Sophos about this problem and post anything helpful back here, or report if this turns out not to be the problem.
May 26th, 2010 7:29am
In case anyone's interested (I'm not expecting any deep analysis here since I'm already pretty sure this is a Sophos issue), here's the result of attaching to a deadlocked IE process affected by this issue and running !analyze -v against it:
----------------------------
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
*** wait with pending attach
Symbol search path is: SRV*C:\WINDOWS\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00400000 0049c000 C:\Program Files\Internet Explorer\iexplore.exe
ModLoad: 7c900000 7c9b2000 C:\WINDOWS\system32\ntdll.dll
ModLoad: 7c800000 7c8f6000 C:\WINDOWS\system32\kernel32.dll
ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77e70000 77f02000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll
ModLoad: 7e410000 7e4a1000 C:\WINDOWS\system32\USER32.dll
ModLoad: 77f10000 77f59000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 7c9c0000 7d1d7000 C:\WINDOWS\system32\SHELL32.dll
ModLoad: 774e0000 7761d000 C:\WINDOWS\system32\ole32.dll
ModLoad: 3dfd0000 3e1b8000 C:\WINDOWS\system32\iertutil.dll
ModLoad: 78130000 78263000 C:\WINDOWS\system32\urlmon.dll
ModLoad: 77120000 771ab000 C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 5cb70000 5cb96000 C:\WINDOWS\system32\ShimEng.dll
ModLoad: 6f880000 6fa4a000 C:\WINDOWS\AppPatch\AcGenral.DLL
ModLoad: 76b40000 76b6d000 C:\WINDOWS\system32\WINMM.dll
ModLoad: 77be0000 77bf5000 C:\WINDOWS\system32\MSACM32.dll
ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\VERSION.dll
ModLoad: 769c0000 76a74000 C:\WINDOWS\system32\USERENV.dll
ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\UxTheme.dll
ModLoad: 71590000 71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
ModLoad: 73000000 73026000 C:\WINDOWS\system32\WINSPOOL.DRV
ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL
ModLoad: 00990000 009ce000 C:\PROGRA~1\SOPHOS\SOPHOS~1\SOPHOS~1.DLL
ModLoad: 76bf0000 76bfb000 C:\WINDOWS\system32\PSAPI.DLL
ModLoad: 48000000 48023000 C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
ModLoad: 71ab0000 71ac7000 C:\WINDOWS\system32\WS2_32.dll
ModLoad: 71aa0000 71aa8000 C:\WINDOWS\system32\WS2HELP.dll
ModLoad: 773d0000 774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
ModLoad: 5d090000 5d12a000 C:\WINDOWS\system32\comctl32.dll
ModLoad: 42000000 42047000 C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll
ModLoad: 3d930000 3da16000 C:\WINDOWS\system32\WININET.dll
ModLoad: 00d10000 00d19000 C:\WINDOWS\system32\Normaliz.dll
ModLoad: 62000000 62091000 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
ModLoad: 41000000 4101c000 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
ModLoad: 3e1c0000 3ec53000 C:\WINDOWS\system32\IEFRAME.dll
Break-in sent, waiting 30 seconds...
WARNING: Break-in timed out, suspending.
This is usually caused by another thread holding the loader lock
(12f8.123c): Wake debugger - code 80000007 (first chance)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000005 esi=009c69e8 edi=00000000
eip=7c90e514 esp=0013ec04 ebp=0013ec8c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
0:000> !analyze -v
*******************************************************************************
*
*
* Exception Analysis *
*
*
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\PROGRA~1\SOPHOS\SOPHOS~1\SOPHOS~1.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL -
FAULTING_IP:
+1562faf0111df58
00000000 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
ExceptionCode: 80000007 (Wake debugger)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00000001
BUGCHECK_STR: 80000007
PROCESS_NAME: iexplore.exe
ERROR_CODE: (NTSTATUS) 0x80000007 - {Kernel Debugger Awakened} the system debugger was awakened by an interrupt.
EXCEPTION_CODE: (HRESULT) 0x80000007 (2147483655) - Operation aborted
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
CRITICAL_SECTION: 009c69e8 -- (!cs -s 009c69e8)
BLOCKING_THREAD: 0000123c
LOADERLOCK_OWNER_API: LoadLibraryExW:LdrLoadDll:LdrpLoadDll:LdrpRunInitializeRoutines:LdrpCallInitRoutine:
LOADERLOCK_BLOCKED_API: GetModuleHandleForUnicodeString:LdrGetDllHandle:LdrGetDllHandleEx:LdrLockLoaderLock:
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
-- --- ------- --------------------------
x 0 12f8.123c Critical Section -->
x 1 12f8.1f70 Critical Section --^
WAIT_CHAIN_COMMAND: ~0s;k;;~1s;k;;
DEFAULT_BUCKET_ID: APPLICATION_HANG_DEADLOCK_CrossThreadBoundaryInDLLMain
PRIMARY_PROBLEM_CLASS: APPLICATION_HANG_DEADLOCK_CrossThreadBoundaryInDLLMain
LAST_CONTROL_TRANSFER: from 7c90df5a to 7c90e514
STACK_TEXT:
00c3f76c 7c90df5a 7c91b24b 00000040 00000000 ntdll!KiFastSystemCallRet
00c3f770 7c91b24b 00000040 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
00c3f7f8 7c901046 0197e178 7c914a53 7c97e178 ntdll!RtlpWaitForCriticalSection+0x132
00c3f800 7c914a53 7c97e178 00000000 00c3f900 ntdll!RtlEnterCriticalSection+0x46
00c3f83c 7c9168f0 00000000 00000000 00c3f880 ntdll!LdrLockLoaderLock+0x146
00c3f8b0 7c9166b8 00000001 00160920 00000000 ntdll!LdrGetDllHandleEx+0x8b
00c3f8cc 7c80e713 00160920 00000000 00c3f950 ntdll!LdrGetDllHandle+0x18
00c3f91c 7c80e64b 00c3f950 00400000 009c6a00 kernel32!GetModuleHandleForUnicodeString+0x49
00c3fda0 7c80e4fc 00000001 00000002 009e5930 kernel32!BasepGetModuleHandleExW+0x18e
00c3fdb8 009987fb 009e5930 0099a2df 009c69e4 kernel32!GetModuleHandleW+0x29
WARNING: Stack unwind information not available. Following frames may be wrong.
00c3fdc0 0099a2df 009c69e4 009e5930 00400000 SOPHOS_1+0x87fb
00c3fdf0 00998081 00000001 7c80acaf 00001f70 SOPHOS_1!Detoured+0xddf
00000000 00000000 00000000 00000000 00000000 SOPHOS_1+0x8081
FOLLOWUP_IP:
IEFRAME!_CRT_INIT+281
3e1c8114 8945e4 mov dword ptr [ebp-1Ch],eax
SYMBOL_STACK_INDEX: b
SYMBOL_NAME: IEFRAME!_CRT_INIT+281
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: IEFRAME
IMAGE_NAME: IEFRAME.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4b8617a2
STACK_COMMAND: ~1s ; kb
BUCKET_ID: 80000007_IEFRAME!_CRT_INIT+281
WATSON_IBUCKET: 1188882954
WATSON_IBUCKETTABLE: 1
FAILURE_BUCKET_ID: APPLICATION_HANG_DEADLOCK_CrossThreadBoundaryInDLLMain_80000007_IEFRAME.dll!_CRT_INIT
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/iexplore_exe/8_0_6001_18702/49b3ad2e/unknown/0_0_0_0/bbbbbbb4/80000007/00000000.htm?Retriage=1
Followup: MachineOwner
---------
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2010 10:40am
and the wait chain follow up:
-------
0:000> ~0s;k;;~1s;k;;
eax=00000000 ebx=00000000 ecx=00000000 edx=00000005 esi=009c69e8 edi=00000000
eip=7c90e514 esp=0013ec04 ebp=0013ec8c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
ChildEBP RetAddr
0013ec00 7c90df5a ntdll!KiFastSystemCallRet
0013ec04 7c91b24b ntdll!ZwWaitForSingleObject+0xc
0013ec8c 7c901046 ntdll!RtlpWaitForCriticalSection+0x132
0013ec94 0099a28c ntdll!RtlEnterCriticalSection+0x46
WARNING: Stack unwind information not available. Following frames may be wrong.
0013ecc0 00998081 SOPHOS_1!Detoured+0xd8c
0013ecf0 3e2624db SOPHOS_1+0x8081
0013f13c 3e2f7464 IEFRAME!LoadMUILibraryW+0x5b
0013f478 3e1c9b67 IEFRAME!LoadMUI+0x90
0013f47c 3e1c9487 IEFRAME!InitSearchActivityProvider+0xe
0013f5b4 3e1c8030 IEFRAME!_ProcessAttach+0x435
0013f5c4 3e1c8114 IEFRAME!DllMain+0x27
0013f624 7c90118a IEFRAME!_CRT_INIT+0x281
0013f644 7c91c4fa ntdll!LdrpCallInitRoutine+0x14
0013f74c 7c916371 ntdll!LdrpRunInitializeRoutines+0x344
0013f9f8 7c9164d3 ntdll!LdrpLoadDll+0x3e5
0013fca0 7c801bbd ntdll!LdrLoadDll+0x230
0013fd08 7c801d72 kernel32!LoadLibraryExW+0x18e
0013fd1c 7c801da8 kernel32!LoadLibraryExA+0x1f
0013fd38 715b9f3a kernel32!LoadLibraryA+0x94
0013fd70 004022c5 AcLayers!NS_IgnoreLoadLibrary::APIHook_LoadLibraryA+0xe1
0013fdcc 004021f6 iexplore!__delayLoadHelper2+0xfc
0013ff2c 0040128e iexplore!_tailMerge_IEFRAME_dll+0xd
0013ffc0 7c817077 iexplore!_initterm_e+0x1b1
0013fff0 00000000 kernel32!BaseProcessStart+0x23
eax=0049a700 ebx=00000000 ecx=7c80a095 edx=0000c000 esi=7c97e178 edi=00000000
eip=7c90e514 esp=00c3f770 ebp=00c3f7f8 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
ChildEBP RetAddr
00c3f76c 7c90df5a ntdll!KiFastSystemCallRet
00c3f770 7c91b24b ntdll!ZwWaitForSingleObject+0xc
00c3f7f8 7c901046 ntdll!RtlpWaitForCriticalSection+0x132
00c3f800 7c914a53 ntdll!RtlEnterCriticalSection+0x46
00c3f83c 7c9168f0 ntdll!LdrLockLoaderLock+0x146
00c3f8b0 7c9166b8 ntdll!LdrGetDllHandleEx+0x8b
00c3f8cc 7c80e713 ntdll!LdrGetDllHandle+0x18
00c3f91c 7c80e64b kernel32!GetModuleHandleForUnicodeString+0x49
00c3fda0 7c80e4fc kernel32!BasepGetModuleHandleExW+0x18e
00c3fdb8 009987fb kernel32!GetModuleHandleW+0x29
WARNING: Stack unwind information not available. Following frames may be wrong.
00c3fdc0 0099a2df SOPHOS_1+0x87fb
00c3fdf0 00998081 SOPHOS_1!Detoured+0xddf
00000000 00000000 SOPHOS_1+0x8081
May 26th, 2010 10:42am
reference for sophos_detoured.dll (part of Sophos's buffer overflow protection):
http://www.sophos.com/support/knowledgebase/article/36501.html
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2010 11:01am
arthur or irfan,
please can you move this topic back to Internet Explorer where it is relevant (IE under Win7 does not seem to be impacted).
thanks,
rik
May 27th, 2010 5:03am
As an aside, I'm not sure why this was moved to Windows 7 networking
It's even worse than that. Originally it was under the Answers "brand". Now it's under the TechNet "brand" and now there is no way to move it back even to a more appropriate Answers "brand" forum. <eg>
BTW I still think that an OS or Networking forum rather than an IE forum is more appropriate for discussing this symptom. You would certainly never get the sort of task analysis done there that you are doing here. Also, FWIW I'm unclear
on what you have found out about your Saphos factor.
Otherwise, to continue gathering a symptom description from an IE user's point of view...
You say "completely static". Did you specifically check those TM statistics that I mentioned?
Also, "-nohome made no difference" is not giving me a clear idea of what you are seeing when you try that. If necessary you may also have to use -extoff (to try to force IE to open a new main control task). E.g. check
with W7 TM's (or ProcExp) Command line column that the new iexplore.exe task you are starting is independent of all of the old ones. I suppose you could also try experimenting with TabProcGrowth=0 (e.g. disable both LCIE
and Protected Mode) or TabProcGrowth=1 (just disable LCIE) to try to get more independence for your new IE tasks.
HTH
Robert
---
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2010 7:06pm
Hi Robert,
Also, FWIW I'm unclear on what you have found out about your Saphos factor.
So the latest from Sophos is that they got me to try removing the Sophos_detoured.dll file from the AppInit_DLLs registry entry. Here's what mine looked like before the change:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\]
"AppInit_DLLs"="C:\PROGRA~1\SOPHOS\SOPHOS~1\SOPHOS~1.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL"
And after:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\]
"AppInit_DLLs"="C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL"
Then I rebooted and tried to get Internet Explorer 8 to deadlock again. I couldn't. I'd say that's fairly conclusive proof that Sophos' Buffer Overflow Protection technology is deadlocking Internet Explorer 8.
You say "completely static". Did you specifically check those TM statistics that I mentioned?
Yep, I checked all the statistics using process explorer, and none of the values on any of the tabs changed one iota after the process deadlocked.
Also, "-nohome made no difference" is not giving me a clear idea of what you are seeing when you try that. If necessary you may also have to use -extoff (to try to force IE to open a new main control task).
What I meant by no difference was that the behavior of starting 50 internet explorer windows with "iexplore.exe" vs "iexplore.exe -nohome" was identical: in the case of the day I did those tests on, in both cases approximately 10% of the launched processes
were deadlocked (or the child iexplore.exe process was deadlocked.) Since this isn't a 100% deadlock situation, I can't give you anything but overall statistics, and the behavior of the actual processes that are deadlocked, and as far as I can tell, there
was no statistical difference between -nohome or not, and no difference in the behavior or stack call tree of the deadlocked processes. So, yeah... "no difference." :)
As for -extoff, I also used that in my tests and again "no difference" (note: I thought -extoff disabled extensions, not forced a new main control task to open...)
E.g. check with W7 TM's (or ProcExp) Command line column that the new iexplore.exe task you are starting is independent of all of the old ones.
They generally were. What I'd typically see is a series of iexplore.exe processes with an iexplore.exe child. In some cases, there was just the iexplore.exe main process: that always meant the main process had deadlocked, rather than the child. In both the
parent and child deadlock scenarios, the actual deadlocked process looked the same regardless of whether it was the child or not.
If I opened a bunch of new tabs, that seemed to spawn a bunch more iexplore.exe child processes, some of which would deadlock as they were spawned. Again, those deadlocked processes looked the same as all the other deadlocked ones.
I suppose you could also try experimenting with TabProcGrowth=0 (e.g. disable both LCIE and Protected Mode) or TabProcGrowth=1 (just disable LCIE) to try to get more independence for your new IE tasks.
Is this a debugging suggestion, or a workaround? If a workaround, I was previously just watching process explorer as I started IE8, and killing any runt iexplore.exe processes (as they invariably were the deadlocked ones) until I got a good IE process running.
An even better workaround now is to remove the AppInit_DLLs entry for Sophos, as this leaves you with virus protection (sans BOP), and a working Internet Explorer. If debugging, I'll look into it if Sophos gives me the runaround, but for now I think I'd prefer
it if Sophos fixed their product :)
Thanks for the detailed and insightful reply, Robert, your assistance is much appreciated.
Regards,
Jon.
May 28th, 2010 6:24am
Hi Technocrate,
Please don't respond to threads unless you can add something intelligent (or at least demonstrate that you've read past the subject line.)
Regards,
Jon.
Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2010 10:09am
I'm experiancing exactly the same accross about 10 machines, uninstall sophos and the problem goes away, reinstall sophos and it comes back. installing free avg does not cause the problem. The problem occurs on some machine more than others and seems to
be (in my opinion) part of the end point application or data scanning checks that are also when IE/a new tab is launched.
I've rollback and forth between ie 7 & 8 but little change, even starting in no addons mode can experiance the issue - though rarer.
I'm speaking to sophos for a few days now but no solution responce other than me passing them logs etc.Stuart
June 4th, 2010 11:44am
Hi Stuart,
I started a Sophos forum thread which might help you - it contains a condensed form of the options for working around this problem with Sophos' Buffer Overflow Prevention System:
http://community.sophos.com/t5/Sophos-Endpoint-Security-and/Sophos-9-s-Buffer-Overflow-Protection-System-BOPS-and-Internet/td-p/3208
Regards,
Jon.
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2010 5:07am