Arturs Gailis

Hey guys, Quick question regarding a pending update on our ESET PROTECT on-prem server. Changelog for version 11.0.14.0 include the following: Removed: Windows 7/8/8.1 support What exactly does that mean - do I lose support for my workstation communicating with the server? I still have some Windows 7 and Windows 8.1 systems in our environment. Or will the machines dissappear from my groups altogether? Or is it just not supporting running the server itself on those versions and does not affect clients (workstations)? The server itself is running on Windows Server Standart 2022.

Currently unable to reproduce the issue on my personal laptop with Deep behavioral inspection support module 1149 and 1144.1. Crashes on module version 1144 instantly. 1144.1 is not offered to me on Eset Endpoint Security with Regular Update channel. Seems to be stuck to 1144 version. Will do further testing in the coming days with full hardware setup. Currently testing without base station connected, just the ClickShare button plugged into USB port and no content shared.

I have not yet raised a support ticket due to time constraints and "everything is on fire" situation during the end of the year events. Currently just temporarily discountinued the use of this legacy Barco product. Can confirm its a widespread issue and exclusions does not work with this one, because of the way that application executes. Currently only solution is to completely disable Deep Behavioral Inspection. Adding rundll32.exe to exclusions is not something Im comfortable doing as that can allow some legit malicios stuff to execute using that file.

Hello, Recently we have discovered an issue with Barco ClickShare application. It is a wireless presentation solution, and we may have some of the legacy versions in use, for example, Barco ClickShare CSM-1. Barco said they will not provide any updates on this product and issue, as it is a discontinued product. When the application inside Barco ClickShare button is launched (the latest supported firmware by that product), any app on Windows 10 and Windows 11 using hardware acceleration gets killed/crashes without warning by ESET - Zoom, Edge, Chrome, OBS, Remote Desktop, even the built-in Photo viewer hangs or gets killed. Did some advanced troubleshooting and after disabling Deep Behavioral Inspection in ESET Advanced Setup, it started to work again. The other solution is to add rundll32.exe from Windows system directory to HIPS allow list. None of the solutions above fully resolve the issue, because Barco is used both by company laptops and private BYOD devices which we can't access and disable antivirus components on. I remember this was not happening in summer but started happening recently. Happens both on ESET Endpoint Security 10.1.2058.0 and ESET Internet Security 16.2.15.0. When Barco app is launched, it extracts some files to TEMP directory and calls C:\Windows\SysWOW64\rundll32.exe DXCap.dll,DXCAP_Hook This gets logged in HIPS logs: Time;Application;Operation;Target;Action;Rule;Additional information 21.11.2023 09:57:39;\Device\HarddiskVolume5\ClickShare_for_Windows.exe;Modify state of another application;C:\Windows\System32\csrss.exe;Blocked;Self-Defense: Do not allow modification of system processes; Attached a screenshot of HIPS Interactive mode and the offending executable in a ZIP archive. But this issue won't happen while the Barco button is not physically connected to the computer, so it may not be possible to replicate. Maybe there is a chance your team can inspect this issue further. ClickShare_for_Windows.zip ees_logs.zip