Ekahau Site Survey Crashing - Windows 10 - Enterprise Environment - FYI
12-05-2018 06:06 AM
I wanted to share this information in case anyone else happens to run into this as it was a lengthy process (2 months) to narrow down (Ekahau Support, 2 computer rebuilds, manual updates, WinDbg attempts, TechNet etc) and i was mostly on my own for contributing time to troubleshooting the exact analysis of the problem in our environment.
- Ekahau immediately crashes upon launch.
- 1803 – No apparent application launch activity visible
- 1709 – Ekahau Site Survey.exe has stopped working
- Windows Event Viewer – Windows Logs -> Application -> Error – related to Faulting module name: ntdll.dll
- Root-Cause – After finally locating the offending update – which was related to Windows Defender Definitions Update – I reviewed “Windows Defender Security Center -> App & browser control -> Exploit protection” and discovered I could create application specific over-rides. I disabled all protections for “Ekahau Site Survey”, verified the application started up successfully, then went through one by one re-enabling the specific protections to locate the specific “exploit protection” that was causing Ekahau to crash. Issues was caused by “Randomize memory allocations (Bottom-up ASLR)” being enabled globally (default ON).
- Workaround – Created a Program Settings profile for Ekahau Site Survey.exe and set “Randomize memory allocations (Bottom-up ASLR)” to “Override system settings -> OFF”.
I forwarded my findings to Ekahau that I was finally able to reproduce the problem and the workaround I used to restore functionality to Ekahau in our environment. Interestingly -> my home machine had “Randomize memory allocations (Bottom-up ASLR)” enabled globally (default ON) just fine, but when I created a “Program settings” and set the “Override system settings” to ON – I was able to cause the application to crash just like in our environment at work. Our Endpoint Support also looked at the settings I applied, and added the “Program Settings” XML file to their repository.