search about random ERP-Software-client crash, exclude ESET File Sec 6.4

[eset-account-2020 0]

Hello, 

• Customer have two Win2016 Terminalserver as farm with a RDP Broker.
• Software Company looked at the Windows Eventlog to search for causes about random Software crashes (non re-reproducable in connection with ERP Software based on SQL Std on separate SQL Server)
• Software Company asked to change / disable ESET Settings, because some Log Entries indicate wrong ESET Settings, e.g. windows-security-log-entry above programm crash..

Draft Action Plan:

1) check again the eset exclusions, add more, according to the software company

2) disable ESET only for one RDP Session isnt possible I think (as a Idea from the software company)

3) ESET has no task-based-search-job at the moment

4) Check ESET Protocol Check settings - but it is only in Email+Web Section

version is 6.4 File security

Thx for your opinion in advance!

 

[Marcos 4,704]

Why do you think it's caused by ESET? Does the issue go away after uninstalling EFSW? Does the issue return after installing the latest version of EFSW v7.1?

[eset-account-2020 0]

Thx Marcos for asking the right question!

 

Sorry - not sure if this is clear-text.  The Software company had this opinion:

the remote maintenance that has just been done, and the us
                  available information as well as the
                  Error descriptions on your part have the following results
                  delivered:

                  Unfortunately we could not find any of the last ones
                  Reproduce errors,

                  however, the evaluation of the Windows revealed
                  Event logs and the currently reported errors:

                  wts1
                  .Net Error 1026 may indicate that the .Net
                  Framework is not installed correctly or that one
                  Virus scanner sparks in the use between
                  The application errors in client.exe and winword.exe also point
                  to the .Net Framework as a shared component
                  out.
                  The User Profiles service shows a lot of mistakes - too
                  that can be illuminated by a technician
                  become.
                  The system log reports in phases every minute
                  Schannel TLS Error 40. Seems a handshake error
                  be. Maybe there is another service on the server
                  another software that produces this error !?

With wts2 still comes as "faulty" application
                  clientexe ... in addition.
                  Messages from xxxclient.exe are not correct in the software
                  been processed, which then led to a hard crash.
                  The exe (.Net application) was at a
                  File access ended hard. [Xxxx]
                  Because at xxxx the xx.dll is very often affected,
                  the references were considered more closely. Also this dll
                  makes very often file accesses, e.g. xml handling, regular
                  Expressions, ...

                  The suspicion on the virus scanner seems more likely
                  to confirm. The application errors always come after
                  Security SPP entries, in Word the crash comes exactly 11
                  Seconds later and that regularly. That must
                  related.

                  One should, but this would have Hr. xxx more accurate
                  Provide information or support, either temporarily in
                  the session of user the virus scanner
                  disable, or define appropriate exceptions.
                  This does not seem to be the case.

+++++

Initially, the approach should be comprehensive
                  Exception definition of the virus scanner, here needs
                  However, it is an agreement on my part, since I do not say
                  can
                  which directories from the technicians of ours
                  Branches are excluded.
                  @Mr. XXXXX, could you please give me one here
                  Contact persons, respectively the corresponding ones
                  Name directories?

                  Alternatively, the temporary deactivation of the virus scanner,
                  at your workplace (or in your RDP session)
                  down right next to the time of the virus scanner
                  temporarily
                  switch off, as I have seen for different
                  Cycles, up to max. 4 hours, alternatively until restart of the
                  Terminal server, which is not for the first approach
                  absolutely
                  would be recommended. It's not up for debate, no
                  Virus scanner to use, however, it now requires the
                  Becoming aware of whether a cause can be found here
                  and if,
                  what you have to abgewöhnen this, so the work
                  runs without interruption. To make matters worse, that
                  we use this virus scanner (eset?) within the medatixx
                  Not
                  so we can hardly judge how
                  this undoubtedly for the productive operation too
                  is to configure.

 

 

[eset-account-2020 0]

7 hours ago, Marcos said:

Why do you think it's caused by ESET? Does the issue go away after uninstalling EFSW? Does the issue return after installing the latest version of EFSW v7.1?

is my statement right? Statement:

e.g. If customer and all technical collegues confirm, we could uninstsall ESET for 1-2 days and ask customer if problem is away

We have to check if Windows Defender is active instead to have basic protection

Edited September 26, 2019 by eset-account-2020