I have dealt with many Edge crash issues in my work. Most of them were caused by third-party modules, resulting in Edge failing to launch. Some of these crashes occurred in both Edge and Chrome, while others only happened in Edge. There was only one case where the crash was caused by a bug in Blink (The rendering engine of Chromium) and affected both Edge and Chrome. I am writing this article to summarize the steps to take in order to eliminate the possibility that an Edge crash issue is caused by a third-party module.

Step 1: Check if Edge loads a third-party module

The first thing is to check if Edge loads a third-party module. I always use Process Monitor to check this. Another way is to check the edge://conflicts page, but this requires Edge starting successfully which is not suitable for an Edge crashing at launch issue.

1. Start Process Monitor (requires administrator permission), it will automatically start capturing. Proceed to next step when you see it generating massive events.

2. Reproduce the crash issue where Edge fails to launch or Edge just hangs after launching.

3. Wait for about 10~15 seconds, if Edge still does not start or just hangs there, let's go back to Process Monitor and press Ctrl+E to stop capturing.

4. Now press Ctrl+T to open the Process Tree and you would probably see something like following image shows:

   • One or more werfault.exe (Windows Error Reporting process) appear as sub-process(es) of Edge process(es).
   • werfault.exe's command line tells that the crashing process ID is 9108 which points to the parent Edge process (the GPU process of Edge in this case)

   

5. Now let's target at the most long living Edge process: 8956 in this case which is the main Edge process, right click it and click on Add process to Include filter.

   

6. Now Process Monitor only displays the event of the target Edge process: 8956, let's scroll down to the bottom and double click the last event.

7. Go to the Process tab and sort the module list by Company, you will easily see how many third-party (non-Microsoft) modules are loaded in Edge. In this case, Citrix and Forcepoint components are loaded.

   

Step 2: Edge crash issue troubleshooting workflow

Follow the steps below will help you to rule out most common Edge crash issues.

1. Go to Event Viewer → Applications and Services Logs → Microsoft → Windows → Code Integrity → Operational and check if there was always an Error event matching the time when user failed to launch Edge browser and the error message is likely to be:

   Code Integrity determined that a process (\Device\HarddiskVolumeX\Programe Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolumeX\AnyPathToAThirdPartyModule\ThirdPartyModule.dll that did not meet the Microsoft signing level requirements.

   If you do find such event, please see Third-party module fails with Code Integrity checking section for resolution.

2. Launch Edge with --no-sandbox flag: msedge.exe --no-sandbox to see if it mitigates the issue. If it does, please check Edge crashes because of confliction between Symantec DLP and Windows Defender Exploit Protection feature section for details.

3. If Edge still crashes, please ensure Edge is updated to the latest version and Windows is also up-to-date. After updating Edge to the latest version, a crash may still be observed on the first Edge launch, but not subsequent ones.

4. If Edge still always crashes, please follow the steps in Check if Edge loads a third-party module to check how many third-party modules are loaded in Edge, then follow How to prevent Edge process from loading third-party modules to stop the third-party modules from being loaded to narrow down which third-party module caused the issue.

5. If Edge still crashes without any third-party module, please follow Capture an Edge crash dump and Process Monitor log to capture logs and engage Microsoft suppport.

Common root causes

Third-party module fails with Code Integrity checking

Failing with Code Integrity checking is one of the root causes of Edge crash issue. You can view the Code Integrity Event logs from Event Viewer → Applications and Services Logs → Microsoft → Windows → Code Integrity → Operational and check if there was always an Error event matching the time you failed to launch Edge browser. And each Error event clearly tells which third-party module failed with the Code Integrity check.

Mitigation options

1. Disable RendererCodeIntegrity using following command:

   msedge.exe --disable-features=RendererCodeIntegrity
   

2. Disable RendererCodeIntegrity by disabling Group Policy setting: Enable renderer code integrity.

3. Above two options only disable the Code Integrity check for renderer process. If Edge still fails to start and you still see CodeIntegrity error in Code Integrity Event logs, then you have to disable or uninstall the problematic third-party module or update the third-party module to the latest version or reach out to the third-party module support to resolve this issue.

Known third-party modules that may fail with Code Integrity checking

Based on my experience, I am listing all known third-party modules that failed with Code Integrity checking below:

• Cylance's dll: CyMemDef64.dll.

  • msedge.exe crashing w/ Cylance installed
  • Issue 1032687: Receiving Aw Snap! message on all web pages running Cylance product

• Symantec Endpoint Protection (sysfer.dll) versions before 14.2 are known to trigger this problem with Error Code: STATUS_INVALID_IMAGE_HASH.

  • Google Chrome/Microsoft Edge Chromium version 78.0.x and 79.0.x error "Aw, Snap! Something went wrong while displaying this webpage." when using Endpoint Protection
  • Issue 993099: Chrome 78.0.3876.0 incompatible with Symantec Endpoint Protection 14.0.3929.1200

Edge crashes on startup after upgrading to 96

CET was enabled in Edge 96, many third-party modules are conflict with this feature. As a result, you may see Edge crashes on startup.

Mitigation options

Starting with version 96.0.1054.35 a change was made to prevent Edge from crashing when injected with third-party software. A crash may still be observed on the first Edge launch, but not subsequent ones. We recommend updating Edge to the latest version and also guaranteeing that Windows and all third-party software, particularly the most intrusive types, such as protection software, is up-to-date.

• Update Edge to the latest version
• Keep your Windows updated
• Keep your third-party software updated

Known third-party modules that are conflict with CET

• CrowdStrike's DLL: umppc13408

Edge crashes because of confliction between Symantec DLP and Windows Defender Exploit Protection feature

There was one case where Edge and Chrome fail to start with Symantec DLP running. The issue did not happen if we disabled Edge/Chrome's sandbox: msedge.exe --no-sandbox. Finally it was confirmed to be a confliction between Symantec DLP and Windows Defender Exploit Protection feature. See After install Data Loss Prevention Agent some applications stopped working for more details.

Other known Edge crash/hang issues caused by third-party module

I will keep updating the list here (latest update @ March 17 2022):

• I handled one case where Edge just shows a blank not responding window when user launches it in Windows Server 2012 R2. Citrix component was the culprit as the issue went away once I renamed C:\Program Files (x86)\Citrix\System32\mfaphook64.dll to C:\Program Files (x86)\Citrix\System32\mfaphook64.dll.bak.

How to prevent Edge process from loading third-party modules

User sometimes does not want to uninstall third-party applications. I will keep updating this section to introduce the methods to prevent Edge from loading third-party modules.

Symantec

• To disable Symantec Endpoint Protection, we can launch an administrative command prompt and run C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe -stop
• How to whitelist or exclude an application from DLP Endpoint agents

Citrix

• Close all Edge/Chrome instances (chrome.exe/msedge.exe) from Task Manager or Process Explorer. Rename Citrix DLL: C:\Program Files (x86)\Citrix\System32\mfaphook64.dll to C:\Program Files (x86)\Citrix\System32\mfaphook64.dll.bak.

• Prevent Citrix modules to hook into Edge process or WebView2 runtime process through the following registry-keys

  Use these keys for XenApp 7.9 or higher

  Key: HKLM\SYSTEM\CurrentControlSet\services\CtxUvi 
  Value Name: UviProcessExcludes 
  Type: REG_SZ 
  Value: msedge.exe;msedgewebview2.exe
  

  Use these keys for older than XenApp 7.9-registry-Keys:

  HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook
  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook
  Value Name: ExcludedImageNames
  Type: REG_SZ
  Value: msedge.exe,msedgewebview2.exe
  

  See How to Disable Citrix API Hooks on a Per-application Basis for more details.

Use Autoruns to disable any third-party modules

1. Download Autoruns

2. Boot into safe mode.

   Run msconfig, go to Boot tab, select Safe boot (Minimal), click OK and reboot the PC.

   

3. Open Autoruns, choose Options → Hide Microsoft Entries, go through the list in Everything tab and deselect the third-party modules you want to disable.

   

4. Run msconfig, disable the safe boot and reboot the PC.

Edge's default crash report system

By default, Edge has it's own crashpad handler to capture a mini dump whenever a crash occurs. You can go to edge://crashes to check the crash report captured by Edge's crashpad. The dump can be found at %LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\reports (this is the default location if user does not specify the --user-data-dir flag). You can also make Edge crash with a STATUS_ACCESS_VIOLATION error by accessing edge://crash so you can test the crashpad.

Capture an Edge crash dump and Process Monitor log

If the Edge crash issue cannot be solved using above steps, a full crash dump together with a Process Monitor log would be useful for further investigation.

1. Create a folder: c:\dumps

2. Import following registry key file:

   Windows Registry Editor Version 5.00
   
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
   "DumpFolder"=hex(2):63,00,3a,00,5c,00,64,00,75,00,6d,00,70,00,73,00,00,00
   "DumpType"=dword:00000002
   

   Or open an administrative Command Prompt window, and enter the following commands at the command prompt:

   • reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpFolder /t REG_EXPAND_SZ /d "C:\Dumps" /f
   • reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpType /t REG_DWORD /d "2" /f

3. Run sysdm.cpl to open System Properties, go to Advanced tab and open Environment Variable page. Add a new System variable: ENABLE_HEAP_DUMPS=1.

   

4. Close all Edge instances (if any).

5. Run Process Monitor as administrator, wait until you see it generating massive events.

6. Reproduce the Edge crash/hang issue.

7. Wait for about 10~15 seconds, if Edge still does not start or just hangs there, let's go back to Process Monitor and press Ctrl+E to stop capturing.

8. Save the Process Monitor log with All events selected.

   

9. Gather all .dmp files you see in c:\dumps

10. Gather all .dmp files you see in %LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\reports

11. Submit all .dmp files and Process Monitor log (.pml file) to the support engineer.