After a Symantec Endpoint Protection (SEP) IPS definitions update in a Citrix environment, Internet Explorer (IE) experiences a hang or immediate crash on startup. If IE crashes, the Windows Application log shows an Application Error event ID 1000 for process iexplore.exe, with faulting module IPSEng32.dll (our IPS Script Engine DLL) and exception code 0xc000005.
11/19/2015 4:04:46 PM Application Error Application Error
1000 "Faulting application name: iexplore.exe, version: 9.0.8112.16708, time stamp: 0x55f27f71
Faulting module name: IPSEng32.dll, version: 15.0.2.19, time stamp: 0x561c6614
Exception code: 0xc0000005
Fault offset: 0x0010681f
Faulting process id: 0xa860
Faulting application start time: 0x01d1230deb760fc6
Faulting application path: c:\program files (x86)\internet explorer\iexplore.exe
Faulting module path: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20151117.013\IPSEng32.dll
Report Id: 29275d93-8f01-11e5-adcc-d89d675bd3a8"
The issue has a firm Citrix-based root cause:
Citrix Provisioning Services (PVS) 6.0 - 7.0
Citrix XenApp
To provide temporary relief, roll back the IPS definitions to the last known good revision:
A more permanent solution might be found in:
It is recommended that customers contact Citrix Support for guidance with these options. After the implementation of the Citrix-centric solution, it is recommended to undo the IPS definitions rollback, both to verify the solution and to fully restore your security footprint.