MS Office programs hanging

Started by shmu26, August 31, 2020, 08:11:28 PM

Previous topic - Next topic

shmu26

I installed ReHIPS 2.4.0 in a Windows 7 virtual machine.
I have MS Office Standard 2016 on the VM, and the Office apps hang, they don't finish launching. This happens whether or not I use the main desktop.
AV is ESET, default settings.
I disabled Hard_Configurator, which is my other security program, but that didn't help.


shmu26


Statistically long odds

Do your programs just hang and do nothing except appearing in the task manager? Or do they crash on launch with a "failed to start isolated program" message?

ReHIPS seems to cause the first problem quite often on my end (32-bit Windows 7 SP1), even with no other security solution installed, and even in Disabled mode. Programs — isolated or not — randomly hang on launch, forcing me to shut them down with a task manager. A minor inconvenience most of the time, but it makes me wary of building a huge program/library in MinGW.

Only disabling the ReHIPS service and its driver seems to circumvent that problem. Honestly, it is about the only thing that keeps me from switching from Sandboxie to ReHIPS on my desktop computer.

I have yet to encounter a program that always hangs like that though.

shmu26

The MS Office programs don't visibly crash. They don't even launch at all. This only happens when isolated. Otherwise, they work fine.

Statistically long odds

It sounds like an issue with user permissions. I suggest checking what the MS Office processes try to get access to with something like Sysinternals Process Monitor. In particular, the file operations that get an "ACCESS DENIED" result.

fixer

Sorry it took some time to respond.

It's really hard to diagnose things like this if we can't reproduce them. Maybe something went wrong with Office itself like it failed network login (as network is not allowed) and decided to silently exit. Or maybe ESET didn't expect Office to start from some other user.

I'd start taking a look at logs (in Windows event logs, especially Office logs, maybe other security software logs). Office or other security programs may have something in there. And I'd continue with Process Monitor looking for something failed and blocked.

shmu26

Thanks, fixer. I don't think it's network, because even when I run it unisolated, network is blocked, but it still works just fine. So I will have to check out the other things you mentioned...