LesRMed 26 Posted February 17, 2023 Posted February 17, 2023 One of our clients uses a program called WinSurge for their laboratory system. In the past month or so, several of their PC's have come to a crawl when launching the program. I finally figured out that ESET is causing the issue. Once I uninstall it, WinSurge launches fine. I know that one of the files that it launches when it starts opens a connection to one of the servers, so I thought that disabling network drive scanning in the agent would make a difference, but it didn't. Attached are the advanced logs from one of the affected PC's. I'd appreciate any help you can give me. ees_logs.zip
Administrators Marcos 5,441 Posted February 17, 2023 Administrators Posted February 17, 2023 Please enabled advanced OS logging under Tools -> Diagnostics in the advanced setup, reproduce the problem, disable logging and collect fresh logs with ESET Log Collector. The generated etl file collected by ELC may exceed 1 GB so you will probably need to upload it to a file sharing service and drop me a personal message with a download link. We strongly recommend enabling the following settings for maximum protection: Scan on - file execution Advanced heuristics on newly created or modified files LiveGrid Feedback system
LesRMed 26 Posted February 17, 2023 Author Posted February 17, 2023 I noticed the Override policy button, but it gives me this error. I'm logged in as me - a domain admin.
Administrators Marcos 5,441 Posted February 18, 2023 Administrators Posted February 18, 2023 Is override by local administrators enabled and your account listed among users permitted to perform override?
LesRMed 26 Posted February 20, 2023 Author Posted February 20, 2023 No idea why it's still grayed out?
Administrators Marcos 5,441 Posted February 21, 2023 Administrators Posted February 21, 2023 I've tested it and after entering a correct password set in the override policy the override mode was activated and I was able to change locked settings. If it doesn't work for you despite entering a correct password, please raise a support ticket for help with further investigation.
LesRMed 26 Posted February 21, 2023 Author Posted February 21, 2023 I apologize @Marcos. I guess I fat-fingered it. Logs are attached. ees_logs.zip
Administrators Marcos 5,441 Posted February 21, 2023 Administrators Posted February 21, 2023 Unfortunately advanced OS logging was not enabled while reproducing the issue, there is no EsetPerf.etl log in the Diagnostics folder.
LesRMed 26 Posted February 21, 2023 Author Posted February 21, 2023 I'm sorry, but I must be missing something. I edited the config so that the settings weren't locked (just to take that out of the equation). Did it all again and the file was only slightly larger than the others I've posted (it's only 104MB and does not contain EsetPerf.etl). What am I missing?
Administrators Marcos 5,441 Posted February 21, 2023 Administrators Posted February 21, 2023 That's correct. Please check if the log EsetPerf.etl is created in "C:\ProgramData\ESET\ESET Security\Diagnostics" after reproducing the issue and disabling advanced OS logging:
LesRMed 26 Posted February 21, 2023 Author Posted February 21, 2023 Thank you @Marcos. I just PM'd you a link. I zipped the whole diagnostics folder which included EsetPerf.etl.
LesRMed 26 Posted February 22, 2023 Author Posted February 22, 2023 Hello @Marcos. Did you have a chance to look at my files?
Administrators Marcos 5,441 Posted February 22, 2023 Administrators Posted February 22, 2023 Unfortunately the log could not be opened, maybe due to its size 10 GB: Please try to stop logging after a few seconds and see if the size of the generated log is smaller. Alternatively you could create a Procmon log which might provide the necessary information as well.
Recommended Posts