Jump to content


Photo

Latest update: EMET prevents RM 7 from starting


  • Please log in to reply
No replies to this topic

#1 n2ubp

n2ubp

    Member

  • Members
  • PipPip
  • 12 posts

Posted 07 June 2017 - 12:19 PM

Received a message to install RM 7 update today.

Now RM 7 is prevented from starting by Microsoft EMET security program.

Windows 7 Pro 64 bit.

 

I will disable RM 7 entries in EMET to get arounf this. Just thought I would let you know.

 

EMET version 5.5.5871.31892
EMET detected SimExecFlow mitigation and will close the application: RootsMagic.exe

SimExecFlow check failed:
  Application     : C:\Program Files (x86)\RootsMagic 7\RootsMagic.exe
  User Name     : The_Big_Tower\Steven
  Session ID     : 1
  PID         : 0x1EC8 (7880)
  TID         : 0x1FFC (8188)
  CodeAddress     : 0x00434D50
  CodeStackPtr     : 0x18FE54
  CalledAddress     : 0x76C242FF
  API name     : kernel32.VirtualProtect
  StackPtr     : 0x0018FE40
  FramePtr     : 0x18FE60

 

---

EMET version 5.5.5871.31892 EMET detected SimExecFlow mitigation and will close the application: RootsMagic.exe SimExecFlow check failed: Application : C:\Program Files (x86)\RootsMagic 7\RootsMagic.exe User Name : The_Big_Tower\Steven Session ID : 1 PID : 0x1EC8 (7880) TID : 0x1FFC (8188) CodeAddress : 0x00434D50 CodeStackPtr : 0x18FE54 CalledAddress : 0x76C242FF API name : kernel32.VirtualProtect StackPtr : 0x0018FE40 FramePtr : 0x18FE60

---

Faulting application name: RootsMagic.exe, version: 7.2.4.0, time stamp: 0x5935d789
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000001d
Fault offset: 0x00000000
Faulting process id: 0x1ec8
Faulting application start time: 0x01d2dfb8dee72607
Faulting application path: C:\Program Files (x86)\RootsMagic 7\RootsMagic.exe
Faulting module path: unknown
Report Id: 1cd4e934-4bac-11e7-80ce-001bdc0fc8dc

--

Fault bucket 1593635882, type 25
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: RootsMagic.exe
P2: 7.2.4.0
P3: 5935d789
P4: StackHash_0d2d
P5: 0.0.0.0
P6: 00000000
P7: c000001d
P8: 00000000
P9:
P10:

Attached files:
D:\temp\WER5B13.tmp.WERInternalMetadata.xml

These files may be available here:
C:\Users\Steven\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_RootsMagic.exe_11d71796d4cd50d4bfb9aabb68aadd8c55fe5634_187e5e2e

Analysis symbol:
Rechecking for solution: 0
Report Id: 1cd4e934-4bac-11e7-80ce-001bdc0fc8dc
Report Status: 0