LesRMed 23 Posted February 17, 2023 Share Posted February 17, 2023 One of our clients uses a program called WinSurge for their laboratory system. In the past month or so, several of their PC's have come to a crawl when launching the program. I finally figured out that ESET is causing the issue. Once I uninstall it, WinSurge launches fine. I know that one of the files that it launches when it starts opens a connection to one of the servers, so I thought that disabling network drive scanning in the agent would make a difference, but it didn't. Attached are the advanced logs from one of the affected PC's. I'd appreciate any help you can give me. ees_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 17, 2023 Administrators Share Posted February 17, 2023 Please enabled advanced OS logging under Tools -> Diagnostics in the advanced setup, reproduce the problem, disable logging and collect fresh logs with ESET Log Collector. The generated etl file collected by ELC may exceed 1 GB so you will probably need to upload it to a file sharing service and drop me a personal message with a download link. We strongly recommend enabling the following settings for maximum protection: Scan on - file execution Advanced heuristics on newly created or modified files LiveGrid Feedback system Link to comment Share on other sites More sharing options...
LesRMed 23 Posted February 17, 2023 Author Share Posted February 17, 2023 OS Logging is grayed out Link to comment Share on other sites More sharing options...
LesRMed 23 Posted February 17, 2023 Author Share Posted February 17, 2023 I noticed the Override policy button, but it gives me this error. I'm logged in as me - a domain admin. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 18, 2023 Administrators Share Posted February 18, 2023 Is override by local administrators enabled and your account listed among users permitted to perform override? Link to comment Share on other sites More sharing options...
LesRMed 23 Posted February 20, 2023 Author Share Posted February 20, 2023 I have it set for Password: Link to comment Share on other sites More sharing options...
LesRMed 23 Posted February 20, 2023 Author Share Posted February 20, 2023 No idea why it's still grayed out? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 21, 2023 Administrators Share Posted February 21, 2023 I've tested it and after entering a correct password set in the override policy the override mode was activated and I was able to change locked settings. If it doesn't work for you despite entering a correct password, please raise a support ticket for help with further investigation. Link to comment Share on other sites More sharing options...
LesRMed 23 Posted February 21, 2023 Author Share Posted February 21, 2023 I apologize @Marcos. I guess I fat-fingered it. Logs are attached. ees_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 21, 2023 Administrators Share Posted February 21, 2023 Unfortunately advanced OS logging was not enabled while reproducing the issue, there is no EsetPerf.etl log in the Diagnostics folder. Link to comment Share on other sites More sharing options...
LesRMed 23 Posted February 21, 2023 Author Share Posted February 21, 2023 I'm sorry, but I must be missing something. I edited the config so that the settings weren't locked (just to take that out of the equation). Did it all again and the file was only slightly larger than the others I've posted (it's only 104MB and does not contain EsetPerf.etl). What am I missing? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 21, 2023 Administrators Share Posted February 21, 2023 That's correct. Please check if the log EsetPerf.etl is created in "C:\ProgramData\ESET\ESET Security\Diagnostics" after reproducing the issue and disabling advanced OS logging: Link to comment Share on other sites More sharing options...
LesRMed 23 Posted February 21, 2023 Author Share Posted February 21, 2023 Thank you @Marcos. I just PM'd you a link. I zipped the whole diagnostics folder which included EsetPerf.etl. Link to comment Share on other sites More sharing options...
LesRMed 23 Posted February 22, 2023 Author Share Posted February 22, 2023 Hello @Marcos. Did you have a chance to look at my files? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 22, 2023 Administrators Share Posted February 22, 2023 Unfortunately the log could not be opened, maybe due to its size 10 GB: Please try to stop logging after a few seconds and see if the size of the generated log is smaller. Alternatively you could create a Procmon log which might provide the necessary information as well. Link to comment Share on other sites More sharing options...
Recommended Posts