Jump to content
JOKEEFE

Endpoint Antivirus causing PCs to hang at ZENworks login processing

Recommended Posts

We are starting to have PCs that hang during the ZENworks login process.  If we remove ESET (7.2.2055.0), the problem goes away.
We are using ZENworks 14.1.  The PC hangs at the "Processing User Source..." message from Zen.  The PC doesn't lockup, but it won't go any further.  The only way to get past this is to disconnect the PC from the network, login locally, and then remove ESET.  I have tried disabling everything I can find in ESET, but the problem persists.  :-(
I would like to keep ESET, but I have to find a solution to this issue ASAP.

Has anyone else seen this?

Share this post


Link to post
Share on other sites

Does the problem persist after temporarily disabling protocol filtering in the advanced setup?

Share this post


Link to post
Share on other sites

It does persist after disabling Protocol Filtering.

I also tried adding the ZENworks folder to the Exclusions list, but no luck.

Share this post


Link to post
Share on other sites

What about temporarily disabling real-time protection and HIPS in the advanced setup, one at a time, and rebooting the machine?

Share this post


Link to post
Share on other sites

I disabled them both, but no luck.  I rebooted after each change I made.

I created a static group, applied a policy to that group, moved the PC into that group, and then disabled things one by one to try to narrow in on what was causing it.  So far, I have not found anything that lets the PC continue.

I just tried uninstalling 7.2.2055.0 and then installed 6.6.2089.2.  The problem does not seem to occur with 6.6.2089.2.

 

Share this post


Link to post
Share on other sites

I would recommend contacting your local ESET distributor and opening a support ticket with them.

Please also try renaming drivers as follows:
- in safe mode, temporarily rename "C:\Program Files\ESET\ESET Security\Drivers" to "Drivers_bak" for instance
- in safe mode, rename the following files (e.g. from *.sys to *.bak), one at a time:

C:\Windows\System32\drivers\eamonm.sys
C:\Windows\System32\drivers\ehdrv.sys
C:\Windows\System32\drivers\epfw.sys
C:\Windows\System32\drivers\epfwwfp.sys

If none of the above makes a difference, try renaming "C:\Program Files\ESET\ESET Security\ekrn.exe" in safe mode too.
Please do not forget to rename the above mentioned folder as well as files back when you finish the test.

Share this post


Link to post
Share on other sites

Thanks Marcos.

I'll post back here if I find a solution.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...