[AfxBeginThread and Deep Behavioral Inspection]

When will the new deep behavioral inspection module 1090 be released?

[AfxBeginThread and Deep Behavioral Inspection]

I can confirm that this issue is fixed with the actual Deep behavioral inspection module 1090. Thanks

[AfxBeginThread and Deep Behavioral Inspection]

In our company there some computers with an update issue on EP 7.2. This computers are not having the AfxBeginThread Problem. The EP 7.2 modules on these computers have the following versions.

Advanced Heuristik: 1195 (20191025)
Anti-Stealth-Unterstützung: 1154 (20190614)
Archivunterstützung: 1293 (20191004)
Datenbank: 1110 (20190827)
Erkennungsroutine: 20272 (20191031)
Erweitertes Machine Learning-Modul: 1039 (20191025)
ESET SysInspector: 1275 (20181220)
Firewall-Modul: 1395 (20191023)
HIPS-Unterstützung: 1373 (20190916)
Internet-Schutz: 1380 (20190920)
Konfigurationsmodul (33): 1811.5 (20191017)
LiveGrid-Kommunikationsmodul: 1053 (20190321)
Lokalisierungsunterstützung: 1772 (20191031)
Netzwerk-Schutzmodul: 1682 (20190801)
Rootkit-Erkennungs- und Bereinigungsmodul: 1019 (20170825)
Schutz vor skriptbasierten Angriffen: 1058 (20191016)
Sicheres Heimnetzwerk Modul: 1030.2 (20190424)
Soforteinsatz-Modul: 15163 (20191031)
Spezielles Säuberungsprogramm: 1013 (20190627)
Support-Modul für das Kryptografieprotokoll: 1040 (20190913)
Support-Modul für tiefe Verhaltensinspektion: 1085 (20191001)
Säuberungstechnologie: 1200 (20190916)
Updates: 1018.1 (20190709)
Viren- und Spyware-Schutz: 1556.2 (20191025)

Computers WITH the AfxBeginThread problem have these version numbers

Advanced Heuristik: 1196 (20191108)
Anti-Stealth-Unterstützung: 1156.1 (20191216)
Archivunterstützung: 1296 (20191212)
Datenbank: 1110 (20190827)
Erkennungsroutine: 20686 (20200117)
Erweitertes Machine Learning-Modul: 1047 (20200115)
ESET SysInspector: 1275 (20181220)
Firewall-Modul: 1396.1 (20191223)
HIPS-Unterstützung: 1379.3 (20200113)
Internet-Schutz: 1383 (20191205)
Konfigurationsmodul (33): 1811.5 (20191017)
LiveGrid-Kommunikationsmodul: 1055 (20191107)
Lokalisierungsunterstützung: 1780 (20191217)
Netzwerk-Schutzmodul: 1682 (20190801)
Rootkit-Erkennungs- und Bereinigungsmodul: 1019 (20170825)
Schutz vor skriptbasierten Angriffen: 1063 (20200113)
Sicheres Heimnetzwerk Modul: 1035 (20191112)
Soforteinsatz-Modul: 15583 (20200117)
Spezielles Säuberungsprogramm: 1013 (20190627)
Support-Modul für das Kryptografieprotokoll: 1040 (20190913)
Support-Modul für tiefe Verhaltensinspektion: 1087.1 (20200107)
Säuberungstechnologie: 1205 (20191209)
Updates: 1018.1 (20190709)
Viren- und Spyware-Schutz: 1558.2 (20191218)

 

i have send you a private message with the link to the requeseted Memory Dump

 

[AfxBeginThread and Deep Behavioral Inspection]

When the application is excluded from Eset Deep Behavior Inspection everything works like expected. The Issue comes ONLY with the actual ESET Endpoint Antivirus Version 7.2.2055.0. Versions Prior to this works fine. I will provide a Memory Dump tomorrow, do you have an E-Mail Address for sending the dump?

[AfxBeginThread and Deep Behavioral Inspection]

It's worker thread, created like 

AfxBeginThread(InputGamepad::threadPolling, nullptr);

first time creation of the thread is successful, but after the thread ended during program execution a new call to only this AfxBeginThread freezes. Further debugging brings me to the function _AfxThreadEntry()

// wait for thread to be resumed
VERIFY(::WaitForSingleObject(hEvent2, INFINITE) == WAIT_OBJECT_0);

in the module 

C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\14.24.28314\atlmfc\src\mfc\thrdcore.cpp

. Within this function the thread is created via _beginthreadex with CREATE_SUSPENDED flag. But obviously the thread is not being resumed.

While our application is beeing executed there several thread running. No messages or notification are provided from the deep behavior inspection 

[AfxBeginThread and Deep Behavioral Inspection]

Sorry, our application requires a hardware lock and comes with several protection mechanisms. I could offer you a TeamViewer session for some further Investigation, I can also provide some log files if there any. Please send me a PM for a TeamViewer session.

[AfxBeginThread and Deep Behavioral Inspection]

With the newly added feature "Deep Behavioral Inspection" which comes with the new ESET Endpoint Antivirus version 7.2.2055.0, calls to the MFC function AfxBeginThread won't return.

When using a debugger (Visual Studio  2019) everything works.

Without a debugger the program freezes. The call stack after attaching a Debugger is

    ntdll.dll!NtWaitForAlertByThreadId()    Unbekannt
    ntdll.dll!RtlpWaitOnAddressWithTimeout()    Unbekannt
    ntdll.dll!RtlpWaitOnAddress()    Unbekannt
    ntdll.dll!RtlpWaitOnCriticalSection()    Unbekannt
    ntdll.dll!RtlpEnterCriticalSectionContended()    Unbekannt
    ntdll.dll!RtlEnterCriticalSection()    Unbekannt
    ebehmoni.dll!00007ffa47f95db1()    Unbekannt

When the "Deep Behavioral Inspection" feature is disabled everything works like expected.

Is there anything we can do beside disabling this feature?