none
Complete System Freeze

    Question

  • I just installed EMET 4.0 on a netbook running Win7 x86 SP1 with all Windows updates and security patches. All settings were at default. Only a few applications not part of the default set were added and they started and seemed to work fine.

    After 30 minutes or so the system hard freezes and requires a power cycle in order to boot back up. When I try to execute a User Initiated Crash Dump nothing happens. (UICD has been tested and works properly.) I can find nothing in the event logs of interest. Right now I am stuck trying to figure out where and how to start troubleshooting this problem.

    Does anyone have a suggestion on where and how I should start troubleshooting this? Also is there a way to disable EMET without uninstalling it altogether?


    Best regards, FlyingHorse

    Wednesday, June 26, 2013 3:55 AM

All replies

  • Can nobody help me out here? Aren't some MS folks reading these forums? If I can't get support here where can I get official support for EMET?

    Best regards, FlyingHorse

    Friday, July 12, 2013 3:52 AM
  • Hi FlyingHorse,

    Welcome to the EMET Support forum. I am sorry to learn that you are experiencing this system freeze after you have installed and configured EMET 4.0.

    First of all, I am not affiliated with or an employee of Microsoft, I am simply a volunteer contributor on this forum. If you are an enterprise customer and have access to Microsoft Services Premier and Professional Support you are entitled to receive technical support for EMET as mentioned the following blog post:

    http://blogs.technet.com/b/srd/archive/2013/02/12/emet-3-0-support-is-now-available-for-enterprise-customers.aspx

    Since the system is freezing after roughly 30 minutes of use, it may not be EMET causing this. Have you noticed that the system will freeze if you are carrying out a specific task or launching a specific application?

    You mentioned that you could find nothing in your event logs of interest, did you also check them for events related to EMET as mentioned in the following thread?

    http://social.technet.microsoft.com/Forums/security/en-US/562e2284-e3ff-4621-a1a6-bc02b5388c12/incompatibility-or-exploit

    Are there any memory dumps present in the following locations of your computer?

    C:\Windows\Minidump (a folder)
    
    c:\windows\LiveKernelReports\WatchDog (a folder)
    
    C:\Windows\memory.dmp (a file)

    These can be useful when analysed with WinDbg or BlueScreenView to determine the cause of a crash. Note that crashes do not always generate such files Blue Screens of Death (BSOD) almost always create them.

    For your information, EMET can be totally disabled without uninstalling it as follows:

    1. Open EMET

    2. From the Quick Profile Name drop down menu box at the top of the EMET window, choose Recommended security settings and click OK when you are asked about restarting your computer for these settings to take effect.

    Direct Link to Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Microsoft_EMET_40_Rec_Settings.png

    3. Next click the Apps button at the top of the EMET window.

    Direct Link to Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Microsoft_EMET_40_Apps.png

    4. Please note: To save you from having to re-populate the list of configured apps, use the Export button at the top of the EMET window and save the XML file to a location of your choice. You can import these settings by using the Import button that appears on the main EMET window when you first EMET.

    Direct Link to Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Microsoft_EMET_40_Export.png

    5. For all entries in the list that appears (after you have clicked the Apps button), we need to remove them. Left click any entry in the list and then press Ctrl + A (i.e. the Control (Ctrl) key and the letter “a” together). All entries in the list should now be highlighted, click the Remove Selected button from the top of the EMET window and then choose OK at the bottom of the window.

    Direct Link to Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Microsoft_EMET_40_Remove_App.png

    6. Restart your computer

    EMET will now still be installed but will not affect any running program. Windows system wide security settings will also not be affecting your programs (we turned these off in step 2 above).

    If your system is still experiencing this issue after fully disabling EMET (as mentioned above), I would suggest testing your hardware as discussed below.

    I would suggest testing your computers memory and CPU using the following programs:

    MemTest86

    Prime 95

    The memory test involves creating a bootable CD or USB drive and allowing the test to complete 1 to 3 passes of your memory. This can take from a few minutes to a few hours.

    For any error that is detected by this program, it may mean that your memory (RAM) is faulty or its settings are not correct (memory timings i.e. CAS (Column Address Strobe) latency e.g. 9-9-9-24-2T (timings too fast or too slow), voltage settings e.g. 1.5 V (too much or too little voltage) or speed settings (expressed in MHz e.g. 1600 MHz)(speed usually too high). Such settings are usually provided by the manufacturer of your computer or by the manufacturer of your memory and you would need to consult these manufacturers for the correct settings your memory.

    For the Prime 95 CPU Stress Test, your CPU will get very hot very quickly, use this program at your own risk. If your CPU is adequately cooled (and the vast majority are) you will be fine running this test. I would suggest running it for 5 to 10 minutes. If its temperature is OK you could allow it run this test for a few hours to ensure it is totally stable.

    Good CPU temperature monitoring programs are:

    CoreTemp
    RealTemp

    For you information, I have EMET 4.0 installed on Windows 8 64 bit, 2x Windows 7 SP1 64 bit and 1x Windows Vista SP2 64 bit PCs. I am not experiencing any issues.

    If I can provide any further assistance or answer any other questions, please let me know. Thank you and have a good day.

    • Edited by JamesC_836 Sunday, July 14, 2013 8:17 PM Another minor correction
    Sunday, July 14, 2013 4:23 PM
  • i stumbled across this post kinda by mistake but happy that i did.

    ive been dealing with a same issue for over a week now and i have tried uninstalling and reinstalling everything even refreshing windows to factory defaults (windows 8 x64) and about few hours ago i figured with root of the problem, EMET 4!

    symptoms: system half-freezes about 20  minutes through after load up. opening new process's not possible and system wont shut down or restart and already open apps most of the times work. also after 5 minutes of opening the browser i could no longer open HTTPS websites which made  me interested in looking at emet settings. turns out "certificate pinning" which is something new in EMET 4 is the cause of both crashing and https connections issue.

    disable it and restart your machine and you should be good to go.

    hope this helps you and anyone who comes across this post.

    Friday, July 26, 2013 9:25 PM