jibberihj 0 Posted June 27, 2013 Share Posted June 27, 2013 (edited) Hi Community, I am having networking issues on a number of Windows desktops, the only recent change has been installing Endpoint Anti-virus. Symptoms: Any new network connections fail (http, smb etc.) Ping just hangs and will not even time out. Existing connections (mapped drives, open files etc) are ok to read files from but not to write. Fine after a reboot until the next time network connectivity dies. Logoffs are not completed and have to hard reset pc. So far each time Endpoint AV is hung updating on 50% or 0%. ESET Endpoint Antivirus 5.0.2214.4 Any help or advice much appreciated. Cheers Edited June 28, 2013 by jibberihj Link to comment Share on other sites More sharing options...
geosoft 18 Posted June 27, 2013 Share Posted June 27, 2013 Which version of Windows are you seeing this on? Link to comment Share on other sites More sharing options...
jibberihj 0 Posted June 27, 2013 Author Share Posted June 27, 2013 Windows 7 Pro 64 & 32bit, also an unconfirmed report on an XP machine. I have re-run the Kaspersky removal program on one machine, and now waiting to see if that has any effect. Also they have all updated to latest signature (8496) without issue. Link to comment Share on other sites More sharing options...
jibberihj 0 Posted June 28, 2013 Author Share Posted June 28, 2013 Happened again this morning on a Win 7 Pro 32 bit machine on the update to latest signatures. As previously I have re-run the Kasperky remover to see if there is any effect. Link to comment Share on other sites More sharing options...
mattspchelp 4 Posted June 30, 2013 Share Posted June 30, 2013 Is there any chance you can give us a list of any other software on the machine, weather you are updating via eset online or internal server? have you tried disabling and re enabling the network card, updating the network card driver? Link to comment Share on other sites More sharing options...
Guest James Posted July 5, 2013 Share Posted July 5, 2013 Hi, Just a quick question. You mention you are having problems with networked drives. Are these networked drives all pointing to the same server? And if so, have you checked the System log on that server for any SMB problems? Cheers, James Link to comment Share on other sites More sharing options...
Administrators Marcos 5,155 Posted July 9, 2013 Administrators Share Posted July 9, 2013 ESET Endpoint Antivirus does not intervene in network communication as it doesn't contain an NDIS driver at all. Only HTTP and POP3 protocols are checked at WFP level. Link to comment Share on other sites More sharing options...
jibberihj 0 Posted July 19, 2013 Author Share Posted July 19, 2013 Thank-you all for your replies. tl;dr - TAPI driver and Endpoint Outlook integration do not play well together. Removing TAPI driver temporary workaround. I had a major issue with the domain just after I posted this so could not focus on this issue. As this issue was happening to many users I had to implement a workaround of disabling EAV Outlook integration which stopped the issue completely. I have since been able to re-visit the problem. I managed to get the issue to repeat fairly consistently by opening and closing Outlook many times, which would eventually cause the problem. We use Xarios Phone Manager which links to our phone system and when coupled with EAV Outlook integration cause the process that hosts the Telephony (TapiSrv) service to 'lock'. This process also hosts DNSClient (problem pinging addresses via DNS name and Endpoint Security unable to connect to update server), Workstation (SMB weirdness) and some others. The only way to recover from this lock is to kill the svchost.exe process that spawned these services. As we do not use the TAPI funstionality in any software yet it is an ok workaround to remove the TAPI driver. Go to Control Panel > Phone and Modem Open Advanced Tab Remove Xarios TAPI Service Provider EAV Outlook Integration is now ok to use. We would like to use the TAPI integration in the future so will need to get the driver back in at some point, so this is only a temporary solution. Other things that have been tried: Reinstalling EAV Uninstalling EAV, cleaning installation, reinstalling Tried remote install and local install of EAV Disabling HIPS disabled telephony service only Removing Xarios phone manager from realtime file protection. Removing Outlook TSP integration using Xarios installer Reinstalling Office Repairing Office Removing C:\Windows\System32\*.* from Realtime file protection (could not get it to crash but may have been a fluke) Disabling telephony service (still crashed when left on overnight) Disabling dnsclient and telephony service (could not get it to crash but dnsclient is needed on our network) And of course disabling EAV Outlook integration which stopped the crash but leaves Outlook vulnerable. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,155 Posted July 23, 2013 Administrators Share Posted July 23, 2013 Could you install ESET NOD32 Antivirus 7.0.104 beta just to see if it makes any difference? Athough it's intended for home users and is still in the beta phase, it contains the latest fixes for MS Outlook client so it'd be good to know if the issue goes away then or not. After you test v7 in the aforementioned scenario, you'll revert back to EEA 5.0.2214. Link to comment Share on other sites More sharing options...
jibberihj 0 Posted July 23, 2013 Author Share Posted July 23, 2013 (edited) Hi Marcos, I have just tested with the ESET NOD32 Antivirus 7.0.104 beta and the same issue occurs. Did a normal uninstall, then ran the uninstall tool from safe mode. Also with the Beta, Outlook.exe will now also hang on exit (icon stays in task bar) until the svchost.exe process is killed. I have also verified that it is still ok with either the Xarios TAPI service provider uninstalled or with Outlook integration turned off. Thanks for your help. Edited July 23, 2013 by jibberihj Link to comment Share on other sites More sharing options...
Recommended Posts