Last week I posted about a coworker having some trouble with Fiddler. Whenever he’d visit a page the only thing that Fiddler would show was oscex-en.url.trendmicro.com. At the time I thought it was a problem our virus scanner setting itself as a proxy and interfering with the process filters. He actually wasn’t using filters so that wasn’t the problem.
Earlier this week another coworker stopped by my cube and said he’d heard rumor about me troubleshooting some fiddler issues… And he had his laptop… Uh oh…
When he sat down he began describing the exact issue the other coworker had. He had filters enabled but he said that he only turned them on after noticing the problem. When we disabled the filters we observed the exact same problem that our other coworker had seen a week before. What could be happening?
After we determined that filters weren’t to blame the first guy found that he could work around the problem by manually setting the proxy in IE to 127.0.0.1:8888. This works because it’s manually performing what Fiddler does automatically.
Fiddler captures Internet Explorer traffic by acting as a proxy. By default Fiddler listens on port 8888, captures the original WinINET proxy settings, then updates them to point to itself. When Fiddler closes it restores the proxy settings to their original values. For some reason this process wasn’t happening for either of them.
We did a little investigation and found a StackExchange post that indicates that an Active Directory Group Policy might be preventing the change. The group policy settings include an option called “Make proxy settings per-machine (rather than per-user)” under Local Computer Policy –> Administrative Templates –> Windows Components –> Internet Explorer.
We checked this setting on both my laptop and my coworkers’ and interestingly we both had it set but for some reason my Fiddler works just fine. It wasn’t until we looked at the WinINET proxy settings that we noticed a difference. The proxy setting on my laptop was set correctly for Fiddler but my coworker’s was not. We also saw a message saying that “Some settings are managed by your system administrator” but that message was nowhere to be found in my configuration.
We were able to change the group policy setting and didn’t notice any immediate impact but rebooting with the setting disabled seems to have cleared up the issue. We’re pretty certain that the setting was the culprit and he’s keeping it disabled for the time being but if the issue surfaces again we know that we can manually set the proxy server to 127.0.0.1:8888 as a workaround. Our only problem then will be remembering to set it back…