Jump to content

Endpoint Antivirus causing PCs to hang at ZENworks login processing


Recommended Posts

Posted

We are starting to have PCs that hang during the ZENworks login process.  If we remove ESET (7.2.2055.0), the problem goes away.
We are using ZENworks 14.1.  The PC hangs at the "Processing User Source..." message from Zen.  The PC doesn't lockup, but it won't go any further.  The only way to get past this is to disconnect the PC from the network, login locally, and then remove ESET.  I have tried disabling everything I can find in ESET, but the problem persists.  :-(
I would like to keep ESET, but I have to find a solution to this issue ASAP.

Has anyone else seen this?

  • Administrators
Posted

Does the problem persist after temporarily disabling protocol filtering in the advanced setup?

Posted

It does persist after disabling Protocol Filtering.

I also tried adding the ZENworks folder to the Exclusions list, but no luck.

  • Administrators
Posted

What about temporarily disabling real-time protection and HIPS in the advanced setup, one at a time, and rebooting the machine?

Posted

I disabled them both, but no luck.  I rebooted after each change I made.

I created a static group, applied a policy to that group, moved the PC into that group, and then disabled things one by one to try to narrow in on what was causing it.  So far, I have not found anything that lets the PC continue.

I just tried uninstalling 7.2.2055.0 and then installed 6.6.2089.2.  The problem does not seem to occur with 6.6.2089.2.

 

  • Administrators
Posted

I would recommend contacting your local ESET distributor and opening a support ticket with them.

Please also try renaming drivers as follows:
- in safe mode, temporarily rename "C:\Program Files\ESET\ESET Security\Drivers" to "Drivers_bak" for instance
- in safe mode, rename the following files (e.g. from *.sys to *.bak), one at a time:

C:\Windows\System32\drivers\eamonm.sys
C:\Windows\System32\drivers\ehdrv.sys
C:\Windows\System32\drivers\epfw.sys
C:\Windows\System32\drivers\epfwwfp.sys

If none of the above makes a difference, try renaming "C:\Program Files\ESET\ESET Security\ekrn.exe" in safe mode too.
Please do not forget to rename the above mentioned folder as well as files back when you finish the test.

Posted

Thanks Marcos.

I'll post back here if I find a solution.

 

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...