Troubleshooting LabVIEW Executables: Addressing Crashes with Sentinel One Antivirus

Issue Details

I am experiencing a hang, crash, or unexpected unresponsive state in LabVIEW or with my built LabVIEW executable application. This issue seems to occur only when using my organization’s PC, which has SentinelOne Antivirus software installed. How can I verify the source of the crash?

Solution

Antivirus software like SentinelOne can cause EXEs that are not properly flagged to hang or crash. This happens because the antivirus blocks the DLL calls of the EXE when they lack a digital signature or have an unapproved digital signature. 

To verify the cause of the crash, you can attach a debugger to your application process. WinDBG is a great tool for this purpose, allowing users to obtain a dump file. You can refer to this related article:  Obtaining a WinDbg Dump File to Troubleshoot Crashes in NI Software.

When analyzed, the dump file should indicate the DLL call that is being blocked by SentinelOne, similar to the screenshot below:

To resolve this issue, you can try the following options:

1. Disable SentinelOne, especially when running the LabVIEW EXE or custom application EXE.

2. Request your IT team to whitelist the EXE.

Additional Information

Applications using the NI-IMAQdx driver or NI-Industrial Communications for Ethernet/IP toolkit may have their DLL calls flagged by SentinelOne unless whitelisted. A LabVIEW crash when using the NI-Industrial Communications for Ethernet/IP toolkit with the following error description has been observed to be caused by the security software:

Version: 22.3.2f5 (64-bit)
Exception: Access violation (0xC0000005) at EIP=0x00007FFB54E4D8A9
Possible Cause: C:\Program Files\NI\LVAddons\nieip\1\vi.lib\ethernetip\ethernetip.llb\EthernetIP Tag Write SINT.vi