Some users of Microsoft Office products are reporting the ai.exe process (Artificial Intelligence (AI) Host) displaying an "ai.exe - Bad Image" error message when Office products are launched.
We suspect ai.exe is using mitigation options on some computers that prevent our DLL from being injected into its process.
This problem has two possible solutions.
Solution #1: Excluding ai.exe from 0patch protection
This solution involves disabling injection of 0patchLoaded.dll into ai.exe; Ai.exe will continue getting launched but if a vulnerability is found in it 0patch won't be able to patch it.
As administrator, set the registry value HKLM\Software\0patch\ExcludeModules to "ai.exe" (without quotes). Then to enforce this new setting without restarting your computer, change the value of HKLM\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll\Counter to any other number than it already has (this removes 0patch loader from all processes), and restart the 0patch Service.
This can be done using the following command-line script executed as administrator:
PowerShell
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch /v ExcludeModules /t REG_SZ /d "ai.exe" /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll /v Counter /t REG_DWORD /d $(Get-Random) /f
net stop 0patchService
net start 0patchService
Command Prompt / cmd.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch /v ExcludeModules /t REG_SZ /d "ai.exe" /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll /v Counter /t REG_DWORD /d %random%%random% /f
net stop 0patchService
net start 0patchService
Solution #2: Disabling ai.exe from getting launched
At the time of this writing, there doesn't seem to be any clear documentation on the purpose or any benefit of having ai.exe executed on the computer. Because of that, you may want to disable ai.exe from getting launched. There is no specific configuration option for that, so our recommended way is to disable file permissions inheritance on ai.exe, which leaves Office applications unable to launch it.
- Locate the ai.exe executable file that gets launched by launching an office app (e.g., Word or Excel), then launching Task Manager, right-clicking the ai.exe process and choosing "Open File Location".
- As an administrator on the machine, disable permissions inheritance for located ai.exe by executing the following command:
icacls "<path_to_ai.exe>" /inheritancelevel:r
Note that it may happen that more copies of ai.exe are present in the Microsoft Office folder (e.g. one in C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\AI, and another in C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AI), and when you disable one of them, another copy will start getting launched. If this happens, repeat the same two steps again to locate and disable the second copy as well.
Comments
0 comments
Please sign in to leave a comment.