Chrome Investigation KISEc And COM Server Permissions Discussion

by Jeany 65 views
Iklan Headers

Introduction

This article delves into a detailed investigation of a specific error related to COM server permissions and its impact on the Chrome browser, focusing on the KISEc application. We will analyze the error message, the event logs, and discuss the potential causes and solutions. Understanding COM server permissions is crucial for maintaining the stability and security of Windows-based applications, including web browsers like Chrome. This analysis aims to provide a comprehensive overview of the issue, offering insights into how to diagnose and resolve similar problems in the future. The error message indicates that the 컴퓨터 기본값 (default computer) permission settings do not grant 로컬 활성화 (local activation) permission for a specific COM Server application. This denial of permission impacts the user DESKTOP-1C4EIQM\kisec and originates from LocalHost (using LRPC) within the application container Microsoft.Windows.ShellExperienceHost. This technical deep dive will explore the nuances of COM permissions, their significance, and how they can be effectively managed to prevent such errors.

Understanding the Error Message

The error message provides a wealth of information that we can dissect to understand the problem better. Let's break down the key components:

  • 컴퓨터 기본값 (Default Computer) Permissions: This refers to the default security settings configured for COM objects on the system. These settings dictate which users or groups have the right to access and activate COM components.
  • 로컬 활성화 (Local Activation) Permission: This specific permission type controls whether a user can start a COM server process on the local machine. It's essential for applications that rely on inter-process communication through COM.
  • COM Server Application CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97}: These are unique identifiers for the COM server application. The CLSID (Class Identifier) identifies the COM class, while the APPID (Application Identifier) groups COM classes within a single application.
  • User DESKTOP-1C4EIQM\kisec SID (S-1-5-21-2816964857-1494540944-4094146215-1001): This identifies the specific user account (kisec) on the computer (DESKTOP-1C4EIQM) that is being denied permission. The SID (Security Identifier) is a unique, system-generated value for this account.
  • Address LocalHost (LRPC 사용): This indicates that the request to activate the COM server is originating from the same machine, using Local RPC (LRPC), a mechanism for inter-process communication on the same computer.
  • Application Container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708): This identifies the application container from which the request is being made. In this case, it's the Microsoft.Windows.ShellExperienceHost, which is responsible for various shell-related functionalities in Windows. Understanding that ShellExperienceHost handles essential user interface elements makes this error potentially disruptive. A misconfiguration here could lead to issues with the Start Menu, Taskbar, or other core Windows features. Therefore, accurately diagnosing and addressing this COM permission issue is crucial for maintaining system stability and user experience. The fact that the request originates from within an application container adds another layer of complexity, as application containers have their own isolated security contexts.

Analyzing Event Logs

The provided event logs offer additional context and potential clues regarding the issue. Let's examine the relevant events:

  • Event ID 7040 (Service Control Manager): These events indicate changes to the startup type of the Background Intelligent Transfer Service (BITS). BITS is used for transferring files in the background, and while these events might not be directly related to the COM permission issue, they could point to broader system configuration changes. It's important to note that frequent changes to service startup types can sometimes indicate underlying problems or conflicts within the system. Therefore, while not directly tied to the COM error, these events warrant further scrutiny to ensure they don't contribute to the overall instability. The changes in BITS startup type could be due to software installations, updates, or even manual user intervention. Investigating the reasons behind these changes may uncover other relevant information.
  • Event ID 7045 (Service Control Manager): These events indicate the installation of new services, specifically Google Updater Internal Service and Google Updater Service. These services are responsible for keeping Google software, such as Chrome, up to date. The installation of these services, especially if recent, might coincide with the emergence of the COM permission error. New service installations can sometimes alter system configurations or introduce conflicts that affect COM object access. The fact that these services are related to Google Update is particularly relevant, as Chrome is mentioned in the title of this investigation. It suggests a potential connection between Chrome updates and the COM permission issue. The 자동 시작 (automatic start) service start type for these Google Updater services is also noteworthy. It implies that these services are intended to run continuously in the background, which could increase their interaction with other system components and potentially trigger COM permission errors if misconfigured.

Potential Causes

Based on the error message and event logs, several potential causes for the COM permission issue can be identified:

  1. Incorrect Default COM Security Settings: The default COM security settings might not grant sufficient permissions to the kisec user or the Microsoft.Windows.ShellExperienceHost application container. This could be due to intentional hardening of security settings or accidental misconfiguration.
  2. Conflicting Permissions: There might be conflicting permissions set at different levels (e.g., default permissions vs. application-specific permissions), leading to a denial of access.
  3. Software Installation or Updates: The installation of new software, such as the Google Updater services, or updates to existing software, including Chrome or Windows itself, could have altered COM permissions.
  4. KISEc Application Permissions: The KISEc application itself might require specific COM permissions that are not being granted, or its interaction with other components might be triggering the error.
  5. User Profile Corruption: In some cases, a corrupted user profile can lead to permission issues. The profile stores user-specific settings, including security credentials, and corruption can disrupt access rights.

Troubleshooting and Solutions

To resolve the COM permission issue, the following steps can be taken:

  1. Component Services Tool:

    • The error message explicitly suggests using the Component Services administrative tool. This tool (dcomcnfg.exe) allows you to configure COM security settings. Access it by searching for