App Control: Agent Service Crashing on CyberArk Servers
search cancel

App Control: Agent Service Crashing on CyberArk Servers

book

Article ID: 289614

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • App Control Agent crashes on CyberArk Servers
  • Following stack trace written to memory dump file
STACK_TEXT:
00d0f73c 01147096 ffffffe8 00000000 ffffffff Parity!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::assign+0xe
00d0f828 011484a9 0a3c23c4 00d0f88c ec698834 Parity!EnforceUserLogonPolicy+0xa6
00d0fcb4 749afaf7 0000000e 00000005 0a3c23c4 Parity!ServiceCtrlHandlerEx+0x3b9
00d0fd54 749b01e4 999c39bb 00000006 00000006 sechost!ScDispatcherLoop+0x254
00d0fd90 01148ad9 00d0fd9c 013a6c84 011488f0 sechost!StartServiceCtrlDispatcherW+0x58
00d0fe30 01148d44 6eb772e4 6eb772ec 7efbc000 Parity!SwitchToService+0x49
00d0fe44 0133a9cb 00000006 016613d0 0164d4f0 Parity!wmain+0xb4
00d0fe90 74d46a14 7efbc000 74d469f0 99db490e Parity!__scrt_common_main_seh+0xff
00d0fea4 7721ab4f 7efbc000 9a1462d0 00000000 kernel32!BaseThreadInitThunk+0x24
00d0feec 7721ab1a ffffffff 771ffe41 00000000 ntdll!__RtlUserThreadStart+0x2f
00d0fefc 00000000 0133aa48 7efbc000 00000000 ntdll!_RtlUserThreadStart+0x1b

FAULTING_SOURCE_LINE: c:\program files (x86)\microsoft visual studio 14.0\vc\include\xstring
FAULTING_SOURCE_FILE: c:\program files (x86)\microsoft visual studio 14.0\vc\include\xstring
FAULTING_SOURCE_LINE_NUMBER: 1141
FAULTING_SOURCE_CODE:
1137: _Myt& append(const_iterator _First, const_iterator _Last)
1138: { // append [_First, _Last), const_iterators
1139: return (replace(end(), end(), _First, _Last));
1140: }
> 1141:
1142: _Myt& assign(const _Myt& _Right)
1143: { // assign _Right
1144: return (assign(_Right, 0, npos));
1145: }
1146:

SYMBOL_NAME: Parity!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::assign+e
MODULE_NAME: Parity
IMAGE_NAME:  Parity.exe

Environment

  • App Control Agent: 8.1.8 and Lower
  • Microsoft Windows: All Supported Versions
  • CyberArk Server

Cause

Agent receives a notification for a session change event via SCM, in this case, event is notifying of a user logon. Agent calls Windows API to obtain user info (WTSQuerySessionInformation) call fails. 


 

Resolution

Issue addressed with EP-11152 in 8.5 Release of App Control Agent. 

Additional Information

  • EP-11152- Parity.exe crash in EnforceUserLogonPolicy
Powered by Wolken Software