Turning on Web Protection destroys PC's

My name is David and I am the escalation engineer that will be working with you on this issue. I emailed Ron earlier to inform him that I was reviewing the data. From the data I see a number of problems, and these could be compounded due to the system stability issue you are seeing. The blog post you were refereeing too does highlight one of the issues.

The hips system has a detour dll that we created via Microsoft standards, any number of vendors also use and create their own detour dll's.

In this case I see the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

normally this is not an issue at all, but in this case there is a double entry for Google and no comma between our entry and one of theirs. this can cause issues as the file is not listed correctly, as it needs a comma between the entries. Further to that the double entry is the same so its not needed anyway. so deleting the extra portion at the end of the entry "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL " and rebooting may resolve the issue. Now it is possible that we are conflicting with Google’’’’s detour dll, I haven't seen this in the past with their products but it is possible. To resolve the issue we can change the load order of the detours which in many cases can resolve the issue or remove our entry which also can resolve the issue.

I would recommend the following actions:
1) Open regedit and navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
2) Select the Windows hive and select export. This will make a back up so that the registry can be returned to its original state (this is a precaution)
3) Select the AppInit_DLLs key and select modify. remove the following data at the end of the key "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL "
4) reboot the system did this resolve the issue with system stability?
5) If not open regedit and navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
6) Select the AppInit_DLLs key and select modify. Delete the data on the key and replace it with the following data:
C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
7) reboot the system did this resolve the issue with system stability?
5) If not open regedit and navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
6) Select the AppInit_DLLs key and select modify. Delete the data on the key and replace it with the following data:
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
7) reboot the system did this resolve the issue with system stability?
If the last step has resolved the issue please let me know as there are steps that can be taken on other systems to prevent the issue.

The next issue I notes dealt with updating it appears that there is an issue accessing files in our temp locations which is normally due to the indexing service holding the files and not allowing us to access them. This is possibly due to the systems state. If this is not the case and after resolving the first issue you continue to see an update issue please perfrom the following:
1) Stop the indexing service.
2) Right click the shield and select update now.
3) Once the update has completed you can turn the indexing service back on.

Please let me know if you have any questions.

My name is David and I am the escalation engineer that will be working with you on this issue. I emailed Ron earlier to inform him that I was reviewing the data. From the data I see a number of problems, and these could be compounded due to the system stability issue you are seeing. The blog post you were refereeing too does highlight one of the issues.

The hips system has a detour dll that we created via Microsoft standards, any number of vendors also use and create their own detour dll's.

In this case I see the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

normally this is not an issue at all, but in this case there is a double entry for Google and no comma between our entry and one of theirs. this can cause issues as the file is not listed correctly, as it needs a comma between the entries. Further to that the double entry is the same so its not needed anyway. so deleting the extra portion at the end of the entry "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL " and rebooting may resolve the issue. Now it is possible that we are conflicting with Google’’’’s detour dll, I haven't seen this in the past with their products but it is possible. To resolve the issue we can change the load order of the detours which in many cases can resolve the issue or remove our entry which also can resolve the issue.

I would recommend the following actions:
1) Open regedit and navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
2) Select the Windows hive and select export. This will make a back up so that the registry can be returned to its original state (this is a precaution)
3) Select the AppInit_DLLs key and select modify. remove the following data at the end of the key "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL "
4) reboot the system did this resolve the issue with system stability?
5) If not open regedit and navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
6) Select the AppInit_DLLs key and select modify. Delete the data on the key and replace it with the following data:
C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
7) reboot the system did this resolve the issue with system stability?
5) If not open regedit and navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
6) Select the AppInit_DLLs key and select modify. Delete the data on the key and replace it with the following data:
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
7) reboot the system did this resolve the issue with system stability?
If the last step has resolved the issue please let me know as there are steps that can be taken on other systems to prevent the issue.

The next issue I notes dealt with updating it appears that there is an issue accessing files in our temp locations which is normally due to the indexing service holding the files and not allowing us to access them. This is possibly due to the systems state. If this is not the case and after resolving the first issue you continue to see an update issue please perfrom the following:
1) Stop the indexing service.
2) Right click the shield and select update now.
3) Once the update has completed you can turn the indexing service back on.

Please let me know if you have any questions.