ControlUp Community

Connect, Learn, and Grow

Global DEX Findings by ControlUp

Discover real-world application and system stability issues identified through ControlUp’s anonymized global dataset. These findings surface emerging risks, configuration-related failures, and performance anomalies to help IT identify issues earlier, understand impact at scale, and take informed action.
Filter findings






Want to stay on top of new Findings as they’re published?
Subscribe via RSS and get updates automatically.
Latest findings:
New Outlook for Windows (olk.exe) v1.2026.317 / 1.2026.325 Crashes Linked to olkmain.dll
April 14, 2026 ID: CUA-2026-006

Some online reports suggest that clearing the Outlook local cache using olk.exe –clearLocalState may temporarily mitigate the issue. This appears to provide short-term relief while a permanent fix is pending.

The pattern and timing of these crashes suggest the issue is tied to changes introduced in recent Outlook releases. A future update will likely address the underlying cause as the behavior becomes more widely identified.

The pattern and timing of these crashes suggest the issue is tied to changes introduced in recent Outlook releases. A future update will likely address the underlying cause as the behavior becomes more widely identified.

The pattern and timing of these crashes suggest the issue is tied to changes introduced in recent Outlook releases. A future update will likely address the underlying cause as the behavior becomes more widely identified.

Severity: Medium Impacted Organizations: 400+
Learn more
Microsoft Purview DLP Service Component (mpdlpservice.exe) v4.18.26010.5 Crashes Linked to mpdlp.dll – UPDATED!
March 24, 2026 ID: CUA-2026-005

At the time of this finding, no clear resolution path or validated workaround has been published.

Organizations observing this pattern should:

  • Identify endpoints running mpdlpservice.exe version 4.18.26010.5
  • Monitor crash trends related to mpdlpservice.exe and mpdlp.dll
  • Correlate crash activity with recent Windows updates or Defender platform changes
  • Review Microsoft guidance and release notes for updates related to Purview DLP or Defender service stability

Where possible, it may also be useful to compare affected systems against recent operating system update activity and DLP configuration changes.

Available online reports suggest the issue may be associated with recent Windows updates, including references to KB5079473 and KB5074109. There are also indications that the behavior may be related to the service transition of legacy endpoint-sensitive data alerting in the Microsoft Defender portal.

This finding highlights how changes in supporting security services, even when not immediately visible to end users, can affect the stability and expected behavior of enterprise protection frameworks. ControlUp will continue monitoring this crash signature globally and update this finding as more guidance or remediation becomes available.

Update (March 2026)

Microsoft has provided additional context regarding this issue. The crashes were linked to a specific feature within the Microsoft Purview DLP service.

According to Microsoft, the problematic feature has been rolled back via a configuration change, and a permanent fix is planned in an upcoming release of mpdlp.dll.

Organizations that were experiencing this behavior should monitor their environments to confirm whether crash frequency has decreased following this rollback.

Available online reports suggest the issue may be associated with recent Windows updates, including references to KB5079473 and KB5074109. There are also indications that the behavior may be related to the service transition of legacy endpoint-sensitive data alerting in the Microsoft Defender portal.

This finding highlights how changes in supporting security services, even when not immediately visible to end users, can affect the stability and expected behavior of enterprise protection frameworks. ControlUp will continue monitoring this crash signature globally and update this finding as more guidance or remediation becomes available.

Update (March 2026)

Microsoft has provided additional context regarding this issue. The crashes were linked to a specific feature within the Microsoft Purview DLP service.

According to Microsoft, the problematic feature has been rolled back via a configuration change, and a permanent fix is planned in an upcoming release of mpdlp.dll.

Organizations that were experiencing this behavior should monitor their environments to confirm whether crash frequency has decreased following this rollback.

Available online reports suggest the issue may be associated with recent Windows updates, including references to KB5079473 and KB5074109. There are also indications that the behavior may be related to the service transition of legacy endpoint-sensitive data alerting in the Microsoft Defender portal.

This finding highlights how changes in supporting security services, even when not immediately visible to end users, can affect the stability and expected behavior of enterprise protection frameworks. ControlUp will continue monitoring this crash signature globally and update this finding as more guidance or remediation becomes available.

Update (March 2026)

Microsoft has provided additional context regarding this issue. The crashes were linked to a specific feature within the Microsoft Purview DLP service.

According to Microsoft, the problematic feature has been rolled back via a configuration change, and a permanent fix is planned in an upcoming release of mpdlp.dll.

Organizations that were experiencing this behavior should monitor their environments to confirm whether crash frequency has decreased following this rollback.

Severity: Low Impacted Organizations: 130+
Learn more
Dell SupportAssist Framework Component (dell.remediation.agent.exe) v3.3.36.0 Crashes Linked to kernelbase.dll
March 17, 2026 ID: CUA-2026-004

At the time of this finding, no official advisory or dedicated fix has been published by Dell for this specific issue.

Initial observations suggested the issue may be related to outdated components or backend communication failures. However, additional data indicates that the crash can still occur even in environments running the latest available SupportAssist version, suggesting a potential component-level or service mismatch.

Organizations should:

  • Identify endpoints running dell.remediation.agent.exe version 3.3.36.0
  • Monitor crash trends related to dell.remediation.agent.exe
  • Validate installed SupportAssist versions and associated component versions
  • Track faulting patterns involving kernelbase.dll
  • Follow Dell guidance and release notes for updates addressing SupportAssist stability

Where feasible, continue monitoring rather than assuming version upgrades alone will resolve the issue until further vendor guidance is available.

This finding highlights a potential issue with component versioning and dependency alignment within endpoint management frameworks. Even when the primary application is updated, underlying services or agents may remain on older versions or exhibit inconsistent behavior.

The presence of crashes in both outdated and fully updated environments suggests the issue may not be limited to version currency alone, but could involve service communication, certificate validation, or backend dependencies.

ControlUp will continue monitoring this crash signature globally and update this finding as additional guidance or remediation becomes available. Community observations can help determine whether specific configurations, versions, or environmental factors influence the behavior.

This finding highlights a potential issue with component versioning and dependency alignment within endpoint management frameworks. Even when the primary application is updated, underlying services or agents may remain on older versions or exhibit inconsistent behavior.

The presence of crashes in both outdated and fully updated environments suggests the issue may not be limited to version currency alone, but could involve service communication, certificate validation, or backend dependencies.

ControlUp will continue monitoring this crash signature globally and update this finding as additional guidance or remediation becomes available. Community observations can help determine whether specific configurations, versions, or environmental factors influence the behavior.

This finding highlights a potential issue with component versioning and dependency alignment within endpoint management frameworks. Even when the primary application is updated, underlying services or agents may remain on older versions or exhibit inconsistent behavior.

The presence of crashes in both outdated and fully updated environments suggests the issue may not be limited to version currency alone, but could involve service communication, certificate validation, or backend dependencies.

ControlUp will continue monitoring this crash signature globally and update this finding as additional guidance or remediation becomes available. Community observations can help determine whether specific configurations, versions, or environmental factors influence the behavior.

Severity: Medium Impacted Organizations: 300+
Learn more
Citrix Always-On Tracing Listener Service (AOTListenerService.exe) v25.11.10.50 Crashes Linked to KernelBase.dll – UPDATED 3/16/2026
March 10, 2026 ID: CUA-2026-003

This issue has been fixed by Citrix in the Workspace App 2603 release.

Organizations running earlier versions of Citrix Workspace App should:

  • Update to Citrix Workspace App 2603 or later to resolve the crash.
  • Monitor crash trends related to AOTListenerService.exe on endpoints that have not yet been updated.
  • Follow Citrix release notes for further guidance.

Where feasible, staged rollouts and controlled testing are recommended when applying the update.

This finding identified a stability issue in the AOTListenerService.exe background tracing service within Citrix Workspace App. The issue was specific to certain system-restart timing conditions and did not impact application or session launch workflows. Citrix has confirmed the fix is included in the 2603 release.

Note: AOTListenerService.exe is unrelated to Citrix Studio “App Optimization” policies. No policy changes are required to address this issue.

This finding identified a stability issue in the AOTListenerService.exe background tracing service within Citrix Workspace App. The issue was specific to certain system-restart timing conditions and did not impact application or session launch workflows. Citrix has confirmed the fix is included in the 2603 release.

Note: AOTListenerService.exe is unrelated to Citrix Studio “App Optimization” policies. No policy changes are required to address this issue.

This finding identified a stability issue in the AOTListenerService.exe background tracing service within Citrix Workspace App. The issue was specific to certain system-restart timing conditions and did not impact application or session launch workflows. Citrix has confirmed the fix is included in the 2603 release.

Note: AOTListenerService.exe is unrelated to Citrix Studio “App Optimization” policies. No policy changes are required to address this issue.

Severity: Low Impacted Organizations: 220+
Learn more
Citrix Workspace App for Windows (citrix.desktopviewer.app.exe) v25.11 Crashes Linked to sessioncapture.dll and coreclr.dll
January 27, 2026 ID: CUA-2026-002

At the time of this finding, no specific update or hotfix has been released by Citrix to address the observed stability issues in version 25.11.

Organizations running Citrix Workspace app 25.11 should:

  • Monitor crash trends related to citrix.desktopviewer.app.exe
  • Identify endpoints running Workspace app version 25.11
  • Closely track faulting patterns involving sessioncapture.dll and coreclr.dll
  • Consider delaying broader rollout of this version where feasible
  • Follow Citrix guidance and release notes for updates addressing Workspace client stability

Where possible, staged deployments and targeted monitoring are recommended until a corrective update becomes available.

This finding reinforces the importance of closely monitoring newly released client software, particularly components as critical as endpoint access and session rendering layers. Similar to previously observed wfica32.exe instability patterns, crashes in the Workspace client can have an outsized impact on user experience, even when backend infrastructure remains healthy.

ControlUp will continue tracking this crash signature globally and update this finding as new Citrix guidance or remediation becomes available. Community feedback on observed behavior, mitigations, or version comparisons can help accelerate clarity and resolution.

This finding reinforces the importance of closely monitoring newly released client software, particularly components as critical as endpoint access and session rendering layers. Similar to previously observed wfica32.exe instability patterns, crashes in the Workspace client can have an outsized impact on user experience, even when backend infrastructure remains healthy.

ControlUp will continue tracking this crash signature globally and update this finding as new Citrix guidance or remediation becomes available. Community feedback on observed behavior, mitigations, or version comparisons can help accelerate clarity and resolution.

This finding reinforces the importance of closely monitoring newly released client software, particularly components as critical as endpoint access and session rendering layers. Similar to previously observed wfica32.exe instability patterns, crashes in the Workspace client can have an outsized impact on user experience, even when backend infrastructure remains healthy.

ControlUp will continue tracking this crash signature globally and update this finding as new Citrix guidance or remediation becomes available. Community feedback on observed behavior, mitigations, or version comparisons can help accelerate clarity and resolution.

Severity: Medium Impacted Organizations: 190+
Learn more
Citrix Workspace Client (wfica32.exe) Version 25.11.0.161 Crashes Linked to ntdll.dll
January 15, 2026 ID: CUA-2026-001

Organizations running Citrix Workspace should:

  • Identify endpoints running Citrix Workspace client version 25.11.0.161
  • Monitor crash trends related to wfica32.exe to assess user impact
  • Avoid broad production deployment of this version where possible


Online reports

indicate that version 25.11.0.161 has been removed from Citrix’s download channels,
potentially pending replacement with a newer build. Organizations are advised to monitor Citrix
release updates and validate stability before adopting newer versions.

This finding highlights the operational risk associated with newly released client software, particularly components responsible
for session establishment and transport. Even low-severity regressions can have outsized impact in environments that rely heavily
on virtual application and desktop access.

ControlUp will continue monitoring crash activity related to wfica32.exe and update this finding if adoption of
replacement builds changes the observed stability pattern. Community feedback on mitigations, replacement versions, or vendor
guidance can help keep this finding current and actionable.

This finding highlights the operational risk associated with newly released client software, particularly components responsible
for session establishment and transport. Even low-severity regressions can have outsized impact in environments that rely heavily
on virtual application and desktop access.

ControlUp will continue monitoring crash activity related to wfica32.exe and update this finding if adoption of
replacement builds changes the observed stability pattern. Community feedback on mitigations, replacement versions, or vendor
guidance can help keep this finding current and actionable.

This finding highlights the operational risk associated with newly released client software, particularly components responsible
for session establishment and transport. Even low-severity regressions can have outsized impact in environments that rely heavily
on virtual application and desktop access.

ControlUp will continue monitoring crash activity related to wfica32.exe and update this finding if adoption of
replacement builds changes the observed stability pattern. Community feedback on mitigations, replacement versions, or vendor
guidance can help keep this finding current and actionable.

Severity: Low Impacted Organizations: 18
Learn more
Adobe Creative Cloud Collaboration Synchronizer (adobecollabsync.exe) Crashes
November 14, 2025 ID: CUA-2025-007
Organizations using Adobe Creative Cloud should:
  • Review crash logs related specifically to adobecollabsync.exe
  • Identify the exact executable version deployed across affected endpoints
  • Prioritize updating systems running versions 25.1.20918.0 or 25.1.20937.0
  • Apply the latest Adobe Creative Cloud updates, particularly versions 25.1.20997.0 or newer, where crash rates have materially decreased
  • Monitor post-update crash trends to confirm stability improvements
If crashes persist after updating, correlating the issue with specific user profiles, network conditions, or sync configurations may help narrow the scope.

This finding underscores the critical role of background synchronization services, often invisible to users, in modern creative workflows. When these components fail, the impact is felt across teams relying on shared assets and real-time collaboration.

ControlUp will continue monitoring this crash signature globally and share updates as new insights emerge. If you’re seeing similar Creative Cloud sync issues or have identified effective mitigations, community feedback can help accelerate understanding and resolution.

This finding underscores the critical role of background synchronization services, often invisible to users, in modern creative workflows. When these components fail, the impact is felt across teams relying on shared assets and real-time collaboration.

ControlUp will continue monitoring this crash signature globally and share updates as new insights emerge. If you’re seeing similar Creative Cloud sync issues or have identified effective mitigations, community feedback can help accelerate understanding and resolution.

This finding underscores the critical role of background synchronization services, often invisible to users, in modern creative workflows. When these components fail, the impact is felt across teams relying on shared assets and real-time collaboration.

ControlUp will continue monitoring this crash signature globally and share updates as new insights emerge. If you’re seeing similar Creative Cloud sync issues or have identified effective mitigations, community feedback can help accelerate understanding and resolution.

Severity: Medium Impacted Organizations: 650+
Learn more
Major Global Crash Surge in Microsoft Word (winword.exe Build 16.0.19029.20244) Linked to mso20win32client.dll
October 15, 2025 ID: CUA-2025-004

Based on guidance now provided by Microsoft, a fix for this issue is included in Microsoft Word build 16.0.19127.20314 or later, released as part of the Monthly Enterprise Channel (Version 2508).

Organizations should:

  • Identify endpoints running WINWORD.EXE build 16.0.19029.20244
  • Upgrade Microsoft Word to build 16.0.19127.20314 or later where possible
  • Validate that the updated build is fully deployed across affected devices
  • Monitor Word crash trends post-upgrade to confirm stability improvements

Microsoft release notes for this fix are available in the

Monthly Enterprise Channel documentation
.

This incident highlights the value of ControlUp’s global dataset and anomaly-detection capabilities, enabling early identification of widespread, high-impact issues before formal vendor documentation is broadly available.

If you observed Microsoft Word crashes or instability tied to build 16.0.19029.20244, confirming remediation after upgrading to 16.0.19127.20314 or later helps validate resolution at scale and improves collective response time across the community.

This incident highlights the value of ControlUp’s global dataset and anomaly-detection capabilities, enabling early identification of widespread, high-impact issues before formal vendor documentation is broadly available.

If you observed Microsoft Word crashes or instability tied to build 16.0.19029.20244, confirming remediation after upgrading to 16.0.19127.20314 or later helps validate resolution at scale and improves collective response time across the community.

This incident highlights the value of ControlUp’s global dataset and anomaly-detection capabilities, enabling early identification of widespread, high-impact issues before formal vendor documentation is broadly available.

If you observed Microsoft Word crashes or instability tied to build 16.0.19029.20244, confirming remediation after upgrading to 16.0.19127.20314 or later helps validate resolution at scale and improves collective response time across the community.

Severity: High Impacted Organizations: 500+
Learn more
Microsoft Teams VDI Component (msteamsvdi.exe) Crashes
October 12, 2025 ID: CUA-2025-005

Administrators running Microsoft Teams in VDI environments should:

  • Review crash logs for msteamsvdi.exe to confirm whether this signature is present
  • Identify the specific Teams client and VDI plugin versions deployed across affected environments
  • Monitor crash trends following Teams updates or platform changes
  • Apply Microsoft-recommended updates, mitigations, or hotfixes as they become available

Where possible, staggered rollouts and close post-update monitoring are advised to quickly detect improvements or regressions.

This finding highlights the importance of visibility into application behavior at scale—particularly for optimized components like Teams VDI that rely on tight integration between clients, plugins, and virtual environments.

ControlUp will continue tracking this crash signature globally and share updates as new insights emerge. If you’re experiencing Teams instability in VDI, we encourage you to share observations, correlations, or remediation steps with the community to help accelerate validation and resolution.

This finding highlights the importance of visibility into application behavior at scale—particularly for optimized components like Teams VDI that rely on tight integration between clients, plugins, and virtual environments.

ControlUp will continue tracking this crash signature globally and share updates as new insights emerge. If you’re experiencing Teams instability in VDI, we encourage you to share observations, correlations, or remediation steps with the community to help accelerate validation and resolution.

This finding highlights the importance of visibility into application behavior at scale—particularly for optimized components like Teams VDI that rely on tight integration between clients, plugins, and virtual environments.

ControlUp will continue tracking this crash signature globally and share updates as new insights emerge. If you’re experiencing Teams instability in VDI, we encourage you to share observations, correlations, or remediation steps with the community to help accelerate validation and resolution.

Severity: High Impacted Organizations: 250+
Learn more
ManageEngine Component (dcmetroapps.exe) Crashes
September 24, 2025 ID: CUA-2025-006

Organizations using ManageEngine Endpoint Central should:

  • Review crash events related specifically to dcmetroapps.exe
  • Confirm the deployed agent version, particularly dcmetroapps.exe version 1.0.0.0
  • Check for known issues or updates provided by ManageEngine
  • Apply the latest available patches or agent updates as recommended

Given the low severity, monitoring for trend changes after updates is generally sufficient unless crash frequency increases.

This finding underscores the value of tracking background service stability, even when user-facing impact is limited. Small, recurring issues in management components can become more significant as environments scale.

ControlUp will continue monitoring this crash signature globally and share updates if the scope or severity changes. Community feedback on observed behavior or vendor guidance can help keep this finding current and actionable.

This finding underscores the value of tracking background service stability, even when user-facing impact is limited. Small, recurring issues in management components can become more significant as environments scale.

ControlUp will continue monitoring this crash signature globally and share updates if the scope or severity changes. Community feedback on observed behavior or vendor guidance can help keep this finding current and actionable.

This finding underscores the value of tracking background service stability, even when user-facing impact is limited. Small, recurring issues in management components can become more significant as environments scale.

ControlUp will continue monitoring this crash signature globally and share updates if the scope or severity changes. Community feedback on observed behavior or vendor guidance can help keep this finding current and actionable.

Severity: Low Impacted Organizations: 15+
Learn more
Spike in Intune IME Agent (Microsoft.Management.Services.IntuneWindowsAgent.exe) Crashes Linked to Versions 1.93 / 1.94
August 14, 2025 ID: CUA-2025-003

Based on observed behavior and Microsoft’s servicing model, organizations should:

  • Ensure the Intune Windows agent is allowed to auto-update across all managed endpoints
  • Verify that devices are running IME versions newer than 1.94, as older builds show the highest initial spike
  • Monitor crash trends after each IME update to validate stability improvements
  • Review correlations involving windowspackagemanager.dll, including version distribution across affected devices

Because the IME agent is continuously updated by Microsoft, manual rollback is typically not sustainable.
Ongoing monitoring is recommended to ensure newer agent versions reduce crash frequency as fixes are rolled out incrementally.

This finding highlights the operational risk of failures in foundational management agents that update silently and operate continuously in the background. Even when auto-updated, regressions can propagate quickly across large device populations.

ControlUp will continue tracking this crash pattern globally and share updates as new insights emerge. If you are observing IME instability tied to specific agent or module versions, sharing that data helps refine impact assessment and accelerate resolution.

This finding highlights the operational risk of failures in foundational management agents that update silently and operate continuously in the background. Even when auto-updated, regressions can propagate quickly across large device populations.

ControlUp will continue tracking this crash pattern globally and share updates as new insights emerge. If you are observing IME instability tied to specific agent or module versions, sharing that data helps refine impact assessment and accelerate resolution.

This finding highlights the operational risk of failures in foundational management agents that update silently and operate continuously in the background. Even when auto-updated, regressions can propagate quickly across large device populations.

ControlUp will continue tracking this crash pattern globally and share updates as new insights emerge. If you are observing IME instability tied to specific agent or module versions, sharing that data helps refine impact assessment and accelerate resolution.

Severity: Medium Impacted Organizations: 278+
Learn more
Widespread Zoom.exe + AMD Radeon Driver Crash Resolved by Upgrading to Zoom 6.5+
August 14, 2025 ID: CUA-2025-002

Organizations experiencing this issue should:

  • Upgrade Zoom from version 6.4.x to 6.5 or higher
  • Validate that the updated Zoom version is fully deployed across affected endpoints
  • Monitor crash trends post-upgrade to confirm stability improvements

ControlUp’s aggregated telemetry shows that upgrading to Zoom 6.5+ eliminates the crashing behavior entirely. At the time this pattern was identified, the resolution was not widely documented in Zoom release notes or broader IT community discussions.

This finding represents a high-confidence example of how targeted application updates can resolve widespread stability issues—even when vendor documentation is limited or delayed.

ControlUp will continue monitoring this crash signature globally. If you’ve observed similar Zoom and AMD Radeon interactions or can confirm improvements after upgrading, sharing that feedback helps accelerate validation for the wider community.

This finding represents a high-confidence example of how targeted application updates can resolve widespread stability issues—even when vendor documentation is limited or delayed.

ControlUp will continue monitoring this crash signature globally. If you’ve observed similar Zoom and AMD Radeon interactions or can confirm improvements after upgrading, sharing that feedback helps accelerate validation for the wider community.

This finding represents a high-confidence example of how targeted application updates can resolve widespread stability issues—even when vendor documentation is limited or delayed.

ControlUp will continue monitoring this crash signature globally. If you’ve observed similar Zoom and AMD Radeon interactions or can confirm improvements after upgrading, sharing that feedback helps accelerate validation for the wider community.

Severity: Medium Impacted Organizations: 100+
Learn more
Legacyhost.exe Crashes Cause Conferencing Issues with HP Poly Lens
July 16, 2025 ID: CUA-2025-001

Organizations using HP Poly Lens should:

  • Review crash logs related specifically to legacyhost.exe
  • Confirm whether affected endpoints are running legacyhost.exe version 2.1.0.425
  • Validate the deployed Poly Lens client version across the environment
  • Check for known issues related to pltsessionmanager.dll (v1.4.0.5)
  • Apply the latest HP Poly Lens updates, as newer versions show a notable reduction in crash frequency
  • Monitor conferencing stability closely following remediation or upgrades

Where feasible, staged rollouts and post-update monitoring are recommended to confirm improvements and prevent regressions.

This finding underscores how background services and device-management components can disproportionately affect end-user experience—especially for collaboration tools that depend on consistent audio and video performance.

ControlUp will continue monitoring this crash signature globally and share updates as new insights emerge. If you are experiencing similar conferencing issues related to Poly Lens or legacyhost.exe, sharing observations and mitigation outcomes with the ControlUp Community can help accelerate validation and resolution for all affected organizations.

This finding underscores how background services and device-management components can disproportionately affect end-user experience—especially for collaboration tools that depend on consistent audio and video performance.

ControlUp will continue monitoring this crash signature globally and share updates as new insights emerge. If you are experiencing similar conferencing issues related to Poly Lens or legacyhost.exe, sharing observations and mitigation outcomes with the ControlUp Community can help accelerate validation and resolution for all affected organizations.

This finding underscores how background services and device-management components can disproportionately affect end-user experience—especially for collaboration tools that depend on consistent audio and video performance.

ControlUp will continue monitoring this crash signature globally and share updates as new insights emerge. If you are experiencing similar conferencing issues related to Poly Lens or legacyhost.exe, sharing observations and mitigation outcomes with the ControlUp Community can help accelerate validation and resolution for all affected organizations.

Severity: High Impacted Organizations: 150+
Learn more