Mcafee buffer over run

Discussion in 'Anti-Virus' started by Metspitzer, Jun 12, 2012.

  1. Metspitzer

    Metspitzer Guest

    I was getting a message that Mcafee has blocked a buffer over run. It
    was happing so frequently that I reinstalled Windows XP.

    With a new install, I still get the error. Is there a way to get
    Mcafee to just block the buffer over run and not warn me every time it
    does it?
     
    Metspitzer, Jun 12, 2012
    #1
    1. Advertisements

  2. Metspitzer

    VanguardLH Guest

    I don't have McAfee <anything>. That's all you are told? There is no
    information as to which process had a buffer overrun (addressed memory
    outside it allocated range)? You sure the real message issued by McAfee
    (a company name, not a product name, so don't know WHAT you are using)
    doesn't look something like:

    Name: <path><progfile>:<stackinfo>
    Detected As: BO:<type>
    State: Blocked by Buffer Overflow Protection

    Or the popup alert looks something like:

    <title>
    Buffer overrun detected!
    Program: <path><progfile>
    A buffer overrun has been detected which has corrupted the program's
    internal state. The program cannot safely continue execution and must
    now be terminated.

    Just WHAT do you see to know that McAfee claimed a process generated a
    buffer overrun fault?

    Are you always running the same program, like a web browser, when that
    error alert pops up? If it's the web browser causing the BO then have
    you tried loading it without any of its add-ons (i.e., load it in its no
    add-ons mode)? If it's the web browser then I suspect you have a crappy
    coded add-on installed.
     
    VanguardLH, Jun 12, 2012
    #2
    1. Advertisements

  3. Metspitzer

    Metspitzer Guest

    Here is the pop up info I get.
    http://imgur.com/a/UhRHZ#SLCoT

    Like I said, I reinstalled XP and the only extra program I installed
    after Mcafee was Firefox and I started getting the pop up window.
     
    Metspitzer, Jun 14, 2012
    #3
  4. Metspitzer

    Metspitzer Guest

    Thanks
     
    Metspitzer, Jun 14, 2012
    #4
  5. Metspitzer

    VanguardLH Guest

    It's a pity that McAfee doesn't consider it important enough to give you
    the PID (process ID) of *which* instance of svchost.exe caused the
    buffer overrun. There is likely more than one instance of svchost.exe
    but McAfee doesn't tell you which one.

    You can use SysInternals' Process Explorer to see which programs are
    rolled into each instance of svchost.exe but without the PID and since
    there are probably multiple instances of svchost.exe then you don't know
    which one to inspect. Without better info to identify WHICH process
    generated the error, McAfee's alert is worthless.

    McAfee (I'm guessing their Viruscan product) doesn't keep logs of its
    events so you can see a history of them and get more details?

    And there is no information in the event logs (Event Viewer), either?

    You said that the only "extra program" installed after McAfee was
    Firefox. Did you install any extra program before the install of McAfee
    (and after the fresh install of Windows XP)? Besides Windows XP (a
    fresh install), McAfee, and Firefox, have you installed anything else?
     
    VanguardLH, Jun 15, 2012
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.