Windows – My SearchIndexer.exe crashes everyday

crashsearch-indexingwindows 7windows-search

Everyday, my Reliability Monitor on Windows 7 x64 reports at least one SearchIndexer.exe crash. Here is the log.

    Faulting Application Path:  C:\Windows\System32\SearchIndexer.exe

Problem signature
    Problem Event Name: APPCRASH
    Application Name:   SearchIndexer.exe
    Application Version:    7.0.7601.17610
    Application Timestamp:  4dc0d019
    Fault Module Name:  msvcrt.dll
    Fault Module Version:   7.0.7601.17744
    Fault Module Timestamp: 4eeb033f
    Exception Code: c0000005
    Exception Offset:   00000000000011fd
    OS Version: 6.1.7601.
    Locale ID:  1033
    Additional Information 1:   8e9c
    Additional Information 2:   8e9cc075dc50f01b9cac7ccc1eadbd5c
    Additional Information 3:   7fa4
    Additional Information 4:   7fa418f09a0afea8e8da8b9cc9b6d244

What can I do to stop it?

Best Answer

In the dump, I can see this call tquery!CSdidLookupTable::LookupSDIDOrAdd+0x152, so there is an issue looking for permissions.

00 ntdll!NtWaitForMultipleObjects
01 KERNELBASE!WaitForMultipleObjectsEx
02 kernel32!WaitForMultipleObjectsExImplementation
03 kernel32!WerpReportFaultInternal
04 kernel32!WerpReportFault
05 kernel32!BasepReportFault
06 kernel32!UnhandledExceptionFilter
07 ntdll! ?? ::FNODOBFM::`string'
08 ntdll!_C_specific_handler
09 ntdll!RtlpExecuteHandlerForException
0a ntdll!RtlDispatchException
0b ntdll!KiUserExceptionDispatch
0c msvcrt!memcpy
0d tquery!CRcovStrmTrans::Read
0e tquery!CRcovStrmIter::GetRec
0f tquery!CSdidLookupTable::LookupSDIDOrAdd
10 tquery!CSecurityStoreWrapper::LookupSDID
11 mssrch!CPluginCollectionSink::PushProperties
12 mssrch!CRobotThread::Thread
13 kernel32!BaseThreadInitThunk
14 ntdll!RtlUserThreadStart

I can see this string floating around C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001. So make sure that SYSTEM has access to it.

I can also see that a 3rd party dll called guard64.dll is involved.

0x00000000051180f8 : 0x000007fefe0511fd : msvcrt!memcpy+0x250
0x0000000005118300 : 0x007600650044005c :  !du "\Device\"
0x0000000005118348 : 0x0000000076c91a0a : kernel32!HeapFree+0xa
0x0000000005118360 : 0x007600650044005c :  !du "\Device\Hard"
0x0000000005118368 : 0x005c006500630069 :  !du "ice\Hard"
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for guard64.dll - 
0x0000000005118380 : 0x0075006c006f0056 :  !du "Volume?\*"
0x0000000005118388 : 0x005c003f0065006d :  !du "me?\*"
0x0000000005118408 : 0x000007fefccc0480 : KERNELBASE!g_SbTableEntry_CreateFileDowngradeSwitch_Scenario
0x0000000005118458 : 0x000007fefcc6725e : KERNELBASE!CreateFileW+0x4aa
0x0000000005118500 : 0x000007fefe0511fd : msvcrt!memcpy+0x250
0x0000000005118588 : 0x00000000017a5680 :  !du "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\S..."

and this belongs to COMODO:

Image path: C:\Windows\System32\guard64.dll
Image name: guard64.dll
Browse all global symbols  functions  data
Timestamp:        Tue Jun 14 23:11:46 2016 (57607312)
CheckSum:         000D15C2
ImageSize:        000C6000
File version:
Product version:
File flags:       0 (Mask 3F)
File OS:          4 Unknown Win32
File type:        1.0 App
File date:        00000000.00000000
Translations:     0409.04e4
CompanyName:      COMODO
ProductName:      COMODO Internet Security
ProductVersion:   8, 4, 0, 5068
FileVersion:      8, 4, 0, 5068
FileDescription:  COMODO Internet Security
LegalCopyright:   2005-2016 COMODO. All rights reserved.

remove it and look if this fixes the crashes.