TL;DR: explorer.exe crashes when a user profile is logged into a Microsoft account. This does not happen on local accounts, even local accounts made on the same machine.
This is about the fourth time I've run into this across several difference devices within the last two weeks, all signed into different Microsoft accounts. The one thing linking them all together is that the owner is signed into a Microsoft account. Local users do not have this issue until they sign into said account, then the problem resurfaces (even across fresh Windows 10 installs). I'm surprised I haven't seen anything about it as of yet. Most of the machines are on 1903 (one was on 1809 originally), though the error continues even once updated to 1909. This problem also continues even when booted into safe mode.
What's going on
Looking up the symptoms, many threads suggest disabling Windows Error Reporting Service, which has only fixed the issue once, and only temporarily. Others say it is Norton or other similar anti-viruses, but none of these machines have Norton. Two had ESET Node32, but even when that was removed the crashing continued.
Other suggestions I've tried:
(restarting the machine after each)
sfc /scannow
(did not find any violations)DISM.exe /Online /Cleanup-image /Scanhealth
, DISM.exe /Online /Cleanup-image /Restorehealth
, and DISM.exe /Online /Cleanup-image /Checkhealth
(ran successfully, but did not fix the problem)With one of the machines that I disabled the Windows Error Reporting on, the crashing stops but then I get an alert saying the following:
explorer.exe - System Error
The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application
I can hit OK
, but that just causes explorer.exe to crash again and the alert reappears.
.dmp logs on at least one machine say the "Fault Module Name :" was SHELL32.dll
with an exception code of 0xc0000409
through AppCrashView and a subcode of Subcode: 0x7 FAST_FAIL_FATAL_APP_EXIT
with WinDbg Preview
full .dmps are here
Are there any ideas on what this could be? Or how to fix and/or prevent it? (other than just telling people to not sign into a Microsoft account).
Thanks!
I think I have a fix for you. Your crash is different than the one I was getting (lucky for you). I pulled down your .dmp files and opened them in a debugger.
It looks like you are crashing in:
shell32.dll!Microsoft::Windows::FileExplorer::Banners::BannerData::GetFolderScope()
regedit
.HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
BannerSettings
or BannerStore
(each may have subkeys).BannerSettings
and BannerStore
, including anything under them (or just one if you have only one).I am betting it will work.
User contributions licensed under CC BY-SA 3.0