Office 2016 applications crash when Endpoint Protection is installed


Article ID: 169999


Updated On:


Endpoint Protection


On systems with Symantec Endpoint Protection (SEP), Office 2016 applications (specifically, but not necessarily limited to, Outlook and Word) crash. When you analyze the process crash dumps, you find that sysfer.dll is injected in the processes.

002314c4 734db4fc 00000000 0000003b ac6c2b2a sysfer
002315e8 734db6cc 00231a94 ac6c2b3a 00000010 sysfer
00231764 734dbd01 00231954 0037ffd0 00231a94 sysfer
002317dc 734dc35d 00231954 00000008 00231a94 sysfer
00231920 734c94ef 00231954 00000008 00231a94 sysfer
002319cc 734c968d 00000008 00231a80 ac6c2486 sysfer
00231a44 734c9786 00000008 00231a80 00000000 sysfer
00231a8c 75d52241 00231bc4 00020019 00231adc sysfer
00231b1c 75d523e6 00000048 00231b4c 00000000 kernel32!LocalBaseRegOpenKey+0x10c
00231b84 75d522d2 00000048 0106c600 00000000 kernel32!RegOpenKeyExInternalW+0x130
00231ba4 00c3b527 80000002 0106c600 00000000 kernel32!RegOpenKeyExW+0x21
WARNING: Stack unwind information not available. Following frames may be wrong.
00231bcc 00c3b1ea 002323fc 002323f8 00232c5c NPDFCG!InitConverter32+0x1a057
00232404 00c3af66 00232c7c 00232c5c 00234798 NPDFCG!InitConverter32+0x19d1a
00232414 00c3cce9 b91cfba5 00000060 00000006 NPDFCG!InitConverter32+0x19a96
00234798 00c3bf20 002347ac 00000104 00234ccc NPDFCG!InitConverter32+0x1b819
002349c4 00c3c1c0 b91cf06d 00000000 00234ccc NPDFCG!InitConverter32+0x1aa50
00234c50 00c3bee5 00234ccc 002357f8 00c27df9 NPDFCG!InitConverter32+0x1acf0
00234c5c 00c27df9 00000000 b91cebc5 00335298 NPDFCG!InitConverter32+0x1aa15
002357f8 00c21a89 00000003 00235814 00000000 NPDFCG!InitConverter32+0x6929
00235858 00c21757 00000000 00c566e0 00235c30 NPDFCG!InitConverter32+0x5b9
00235ba4 00c27e65 00235e4c 00236054 00000000 NPDFCG!InitConverter32+0x287
[140 more NPDFCG!InitConverter32 entries snipped]


The process crash dumps show that the issue occurs when Office 2016 applications are initializing Nuance Power PDF Converter. Sysfer.dll is injected into processes as a matter of course; it is actually the many calls by Nuance's NPDFCG component that lead to a stack overflow and consequent crash.


SEP 12.1 RU6 MP5


Please contact Nuance for further support.