Egui.exe hangs in Windows 7 x64 SP1 when user logs out

[labynko 5]

Hello.

When using ESET Endpoint Security 8.0.2028.0 with default settings in Windows 7 x64 SP1, there is a problem with the egui.exe process freezing when the user logs off. The problem is not seen in newer operating systems.

https://streamable.com/rnnjkd

After disabling the self-defense mechanism, the problem disappears.

https://streamable.com/hsrfvl

Request number: 0001381937

[itman 1,659]

Is this a direct Win 7 sign off by the user? Or is some type of custom log off script being deployed at user sign off time?

[labynko 5]

This is a normal logoff of the user session without using any scripts.

The problem is easily reproduced.

[itman 1,659]

My advice is to use Process Explorer versus Win Task Manager to get a full picture of what is going on in regards to equi.exe.

When the Eset GUI interface is not open, the following should be observed:

Once the Eset GUI interface is opened, the following is observed:

Once the Eset GUI interface is closed and approximately 10 secs or so thereafter, equi.exe will terminate itself with the result being what is shown in the first screen shot.

In other words, equi.exe should never be running as a stand-alone process but always as a child process to the parent ekrn.exe process. The actual process that controls equi.exe current state status is equiProxy.exe.

Edited January 9, 2021 by itman

[labynko 5]

itman, were you able to reproduce the problem?

[itman 1,659]

21 minutes ago, labynko said:

itman, were you able to reproduce the problem?

No. I run Win 10 x(64) 20H2.

[itman 1,659]

Quote

Go to Event Viewer->Applications and Services Logs-> Microsoft->Windows->Diagnostics-Performance->Operational.  This will give you your boot and shutdown events.  Look for Event ID 201 or 203.

Look for shutdown events and note any that reference equi.exe.