DLP endpoint: Access violation exception in csm.dll

book

Article ID: 184440

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

When running DLP endpoint agent 14.6 mp3 and above with the fireeye agent, users can experience office crashes. 

When running DLP endpoint agent 14.6 mp3 and above with the fireeye agent, users can experience office crashes. 


Event view logs:

access violation exception (0xC0000005) when trying to write to memory location 0x7473001c on thread 5 

Module Information 
Image Name: C:\Program Files (x86)\Symantec DLP\Endpoint Agent\csm.dll Symbol Type: Export 
Base address: 0x00905a4d Time Stamp: Tue Sep 12 08:17:18 2017 
Checksum: 0x00000000 Comments: 
COM DLL: False Company Name: 
ISAPIExtension: False File Description: csm.dll 
ISAPIFilter: False File Version: 15.0.0.45028 
Managed DLL: False Internal Name: csm.dll 
VB DLL: False Legal Copyright: 
Loaded Image Name: csm.dll Legal Trademarks: 
Mapped Image Name: Original filename: csm.dll 
Module name: csm Private Build: 
Single Threaded: False Product Name: 
Module Size: 380,00 KBytes Product Version: 15.0.0.45028 
Symbol File Name: csm.dll Special Build: & 

Cause

there is a confiict in accessing microsoft detours between the DLP and fireeye agents. 

Environment

Fireeye agent

DLP edpa agent 

Office applications

Windows 7,8,10

Resolution

Symantec is aware of this issue and is working on a fix for both. 

FireEye customers will need to contact Fireeye to get a new agent update for the fireeye software.