mvburch94 0 Posted October 28, 2019 Share Posted October 28, 2019 (edited) I have an odd one. I've tried searching the forums but did not find anything similar. As part of our process, users will open a report, that report will prompt to print, which opens another application that allows them to send information via email. Its complex, but it seems to work with the applications we have in use. The program in question is Print Boss (pb32.exe). This program is run from a network share on all computers that all users have access to. As a part of our environment, all users require local admin rights on their machines, so we know it is not a permissions issue. Here's where ESET comes in: If a computer has version 6.6.2086.1 of the Endpoint Antivirus installed, pb32.exe will open promptly when called for. If a computer has any later version installed, pb32.exe will hang in perpetuity until we pause protection on the endpoint antivirus. The instant protection is paused, pb32.exe opens up and the process continues as normal. Most of our computers are using the latest version of the Endpoint Antivirus. The only ones that are still on 6.6.2086.1 are legacy hardware tied to production machines that still run on Windows XP. Within the ESMC 7 we have put a policy in place in an attempt to address this issue. These include an exclusion to the detection engine, which points to the network share where the program executable lives. We also have a rule under Networking > Application modification detection which excludes all .exe and .dll files in said network share; basically every process this program uses. After confirming the policies are working on a computer with the issue, the behavior does not change. What am I missing? Edited October 28, 2019 by mvburch94 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted October 29, 2019 Administrators Share Posted October 29, 2019 This kind of issues should be reported to customer care and properly tracked. Is ESET or another AV installed on the remote machine from which the application is run? Please provide aligned Procmon logs with Advanced output enabled in the Procmon menu from the time when the issue occurs as well as logs collected with ELC on both machines. Also be careful about using network path exclusions which may cause bigger delays when starting the OS and ekrn mail fail to start eventually. That is because ekrn is run in the local system account, ie. it has no access to network shares. Link to comment Share on other sites More sharing options...
mvburch94 0 Posted October 29, 2019 Author Share Posted October 29, 2019 (edited) Marcos, Thanks for your reply! The network share in question does have ESET installed. I'll see about gathering Procmon and ESET Log Collector logs. Edit: What is the best way to get in touch with Customer Care to track this issue? Edited October 29, 2019 by mvburch94 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted October 29, 2019 Administrators Share Posted October 29, 2019 What ESET product / version is installed on the remote machine? When did the issue start to manifest? Does temporarily pausing real-time protection make a difference? As for contacting customer care, you can do so via this form for instance: https://www.eset.com/int/support/contact/ Link to comment Share on other sites More sharing options...
Recommended Posts