labynko 4 Posted January 8, 2021 Share Posted January 8, 2021 Hello. When using ESET Endpoint Security 8.0.2028.0 with default settings in Windows 7 x64 SP1, there is a problem with the egui.exe process freezing when the user logs off. The problem is not seen in newer operating systems. https://streamable.com/rnnjkd After disabling the self-defense mechanism, the problem disappears. https://streamable.com/hsrfvl Request number: 0001381937 Link to comment Share on other sites More sharing options...
itman 1,538 Posted January 8, 2021 Share Posted January 8, 2021 Is this a direct Win 7 sign off by the user? Or is some type of custom log off script being deployed at user sign off time? Link to comment Share on other sites More sharing options...
labynko 4 Posted January 9, 2021 Author Share Posted January 9, 2021 This is a normal logoff of the user session without using any scripts. The problem is easily reproduced. Link to comment Share on other sites More sharing options...
itman 1,538 Posted January 9, 2021 Share Posted January 9, 2021 (edited) My advice is to use Process Explorer versus Win Task Manager to get a full picture of what is going on in regards to equi.exe. When the Eset GUI interface is not open, the following should be observed: Once the Eset GUI interface is opened, the following is observed: Once the Eset GUI interface is closed and approximately 10 secs or so thereafter, equi.exe will terminate itself with the result being what is shown in the first screen shot. In other words, equi.exe should never be running as a stand-alone process but always as a child process to the parent ekrn.exe process. The actual process that controls equi.exe current state status is equiProxy.exe. Edited January 9, 2021 by itman Link to comment Share on other sites More sharing options...
labynko 4 Posted January 9, 2021 Author Share Posted January 9, 2021 itman, were you able to reproduce the problem? Link to comment Share on other sites More sharing options...
itman 1,538 Posted January 9, 2021 Share Posted January 9, 2021 21 minutes ago, labynko said: itman, were you able to reproduce the problem? No. I run Win 10 x(64) 20H2. Link to comment Share on other sites More sharing options...
itman 1,538 Posted January 9, 2021 Share Posted January 9, 2021 Quote Go to Event Viewer->Applications and Services Logs-> Microsoft->Windows->Diagnostics-Performance->Operational. This will give you your boot and shutdown events. Look for Event ID 201 or 203. Look for shutdown events and note any that reference equi.exe. Link to comment Share on other sites More sharing options...
Recommended Posts