I’ve looked for other topics involving GDI, though I found only some involving CIS’s general GDI/User handle usage, after having upgraded to CIS v5.3 (.175888.1227) (from a much older version, the previous version was properly uninstalled, traces were cleaned as well, no imported configs) I have observed a GDI handle leak (6 handles at a time) that occurs each time I right click a file in explorer, this has not occurred prior to the update (my system in general has been up, often many weeks without a reboot, now the GDI pool ends being exhausted after just 5 days, I have removed other context menu extensions that loaded GDI related resources [icons mostly] but this issue persists).
This occurs on XP SP2 32-Bit, no other realtime security software is installed at this time.
EDIT: Please note, I have manually removed the CIS shell extension entries from HCR section of the reg and this fixed my problem. The CLSID involved 4255A182-CAD9-4214-A19B-7BA7FB633BBD (in folder, drive and * entries in HCR)
- What you did: Opening and closing the context menu in explorer
- What actually happened or you actually saw: A GDI handle leak (6 handles each time the above was repeated)
- What you expected to happen or see: The handles should be properly freed upon closing the context menu
- How you tried to fix it & what happened: Removed other applications that added extensions to the context menu involving GDI related resources such as icons, the problem went away once I manually removed the CIS shellex..
- If its an application compatibility problem have you tried the application fixes here?: None
- Details & exact version of any application (execpt CIS) involved with download link: None
- Whether you can make the problem happen again, and if so exact steps to make it happen: Yes, each time a context menu is opened (right clicking a file, folder or drive) this leak occurs
- Any other information (eg your guess regarding the cause, with reasons): The GDI resources used by the CIS shell extension aren’t properly released, I verified this by unregistering the shell extension, this fixed the handle leak. GDI resources aren’t automatically freed when a process is closed, this includes default contents (which need to be moved back for windows to be able to properly unloaded them).
Files appended. (Please zip unless screenshots).
- Screenshots illustrating the bug:
- Screenshots of related CIS event logs and the Defense+ Active Processes List:
- A CIS config report or file.
- Crash or freeze dump file:
- CIS version, AV database version & configuration used: 5.3.175888.1227, 7415, Safe Mode (with default config)
- a) Have you updated (without uninstall) from CIS 3 or 4: No
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
- a) Have you imported a config from a previous version of CIS: No
b) if so, have U tried a standard config (without losing settings - if not please do)?:
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
- Defense+, Sandbox, Firewall & AV security levels: D+= SafeMode, Sandbox= Disabled, Firewall = SafeMode, AV = Stateful
- OS version, service pack, number of bits, UAC setting, & account type: XP Pro SP2 32bit (User and Admin accounts)
- Other security and utility software installed: None that is actively running
- Virtual machine used (Please do NOT use Virtual box): a VM is installed but wasen’t used for this