System platform Windows 11 22H2 AAD joined.
There were multiple reports of Edge being unstable. Randomly when accessing IE mode sites the following would appear at the top of the page in Edge:
To open this page in Internet Explorer mode, try restarting Microsoft Edge
Restarting Edge would only temporarily solve the problem and this would severely impact the users' workflow.
The Application Event Log would show
[14872:14876:0629/082826.066:WARNING:web_contents_internet_explorer_tab_host_observer_win.cc(208)]
Creation of Internet Explorer mode tab failed: 17
It was noticed that this was accompanied by another Event Log entry (System or Applocker I can't remember which) that show that CMD.EXE was being blocked or not working somehow. At the time Applocker was being used to prevent users running the CMD.EXE. When Applocker was turned off the problem did not occur.
As an experiment the CMD.EXE block was removed from Applocker and instead was blocked using a registry key
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
DisableCMD=1 (REG_DWORD)
After a reboot this made things a lot worse. Edge became extremely unstable with all sites and would reliably crash after only a few tabs were opened.
Event Logs and Edge memory dumps were supplied to Microsoft support who identified an Edge Extension called Forcepoint OneEndpoint (FOEDLP) as the cause of the problem. FOEDLP is data leak protection software that monitors data streams for restricted data.
Forcepoint support were then supplied with the information and reproduced the issue.
Forcepoint suggested switching to "Inline Proxy" mode and disabling the Edge extension.
This enabled the DLP functionality to remain while Edge could remain stable.
Allowing CMD.EXE to be run by users was also an option.
