JOKEEFE 1 Posted February 12, 2020 Posted February 12, 2020 We are starting to have PCs that hang during the ZENworks login process. If we remove ESET (7.2.2055.0), the problem goes away. We are using ZENworks 14.1. The PC hangs at the "Processing User Source..." message from Zen. The PC doesn't lockup, but it won't go any further. The only way to get past this is to disconnect the PC from the network, login locally, and then remove ESET. I have tried disabling everything I can find in ESET, but the problem persists. :-( I would like to keep ESET, but I have to find a solution to this issue ASAP. Has anyone else seen this?
Administrators Marcos 5,468 Posted February 12, 2020 Administrators Posted February 12, 2020 Does the problem persist after temporarily disabling protocol filtering in the advanced setup?
JOKEEFE 1 Posted February 12, 2020 Author Posted February 12, 2020 It does persist after disabling Protocol Filtering. I also tried adding the ZENworks folder to the Exclusions list, but no luck.
Administrators Marcos 5,468 Posted February 12, 2020 Administrators Posted February 12, 2020 What about temporarily disabling real-time protection and HIPS in the advanced setup, one at a time, and rebooting the machine?
JOKEEFE 1 Posted February 12, 2020 Author Posted February 12, 2020 I disabled them both, but no luck. I rebooted after each change I made. I created a static group, applied a policy to that group, moved the PC into that group, and then disabled things one by one to try to narrow in on what was causing it. So far, I have not found anything that lets the PC continue. I just tried uninstalling 7.2.2055.0 and then installed 6.6.2089.2. The problem does not seem to occur with 6.6.2089.2.
Administrators Marcos 5,468 Posted February 12, 2020 Administrators Posted February 12, 2020 I would recommend contacting your local ESET distributor and opening a support ticket with them. Please also try renaming drivers as follows: - in safe mode, temporarily rename "C:\Program Files\ESET\ESET Security\Drivers" to "Drivers_bak" for instance - in safe mode, rename the following files (e.g. from *.sys to *.bak), one at a time: C:\Windows\System32\drivers\eamonm.sys C:\Windows\System32\drivers\ehdrv.sys C:\Windows\System32\drivers\epfw.sys C:\Windows\System32\drivers\epfwwfp.sys If none of the above makes a difference, try renaming "C:\Program Files\ESET\ESET Security\ekrn.exe" in safe mode too. Please do not forget to rename the above mentioned folder as well as files back when you finish the test.
JOKEEFE 1 Posted February 12, 2020 Author Posted February 12, 2020 Thanks Marcos. I'll post back here if I find a solution.
Recommended Posts