Daniel Marinov 0 Posted June 11 Share Posted June 11 Hello, One of our client is using Eset Endpoint Security on their workstations. Only on one machine ESET is extremely slowing their company software from normal starting. It takes about 10 to 15 minutes until that program starts. If we remove ESET the software start relatively normal. The software is starting from a shared folder on the network, but it is working fine for everybody else, except this machine. Could you please advise how to proceed? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,156 Posted June 11 Administrators Share Posted June 11 Does disabling scanning of network drives in the real-time protection setup make a difference? Is ESET or another antivirus installed and running on the machine where the software is shared? Please carry on as follows: 1, In the HIPS setup temporarily disable protected service and reboot the machine 2, Start logging with Procmon on both machines 3, Launch the application from the share to reproduce the issue 4, Stop logging 5, Save the Procmon log unfltered in the PML format on both machines 6, Collect logs with ESET Log Collector on both machines 7, Supply the Procmon logs along with ELC logs for perusal 8, Re-enable protected service and reboot the machine Quote Link to comment Share on other sites More sharing options...
Daniel Marinov 0 Posted June 12 Author Share Posted June 12 (edited) Hi Marcos, Disabling all ESET services speeds up the process. No other AV running. Uploaded the logs in OneDrive as they are pretty large: Edited June 12 by Marcos Redacted: Link removed Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,156 Posted June 12 Administrators Share Posted June 12 Please make sure that the file is shared for everybody and send me a download link in a private message. Quote Link to comment Share on other sites More sharing options...
Daniel Marinov 0 Posted June 13 Author Share Posted June 13 Message sent Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,156 Posted June 13 Administrators Share Posted June 13 The logs were provided only from one machine. Could you please provide ELC as well as aligned Procmon logs from both when the slowdown occurs? Does disabling scanning network drives in the real-time protection setup make a difference? If not, what about removing the network UNC path commencing with "\\" from performance exclusions? Also it appears that protected services was not disabled in the advanced HIPS setup and the machine not rebooted prior to generating the Procmon logs. Quote Link to comment Share on other sites More sharing options...
Daniel Marinov 0 Posted June 18 Author Share Posted June 18 Hi Marcos, The provided logs are from 2 machines - one is opening the application OK (called FastStartupPC) and the slow one (files called SlowStartupPC). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.