Jump to content

Group Policy Blocked By ESET


zwylde

Recommended Posts

We have just deployed Endpoint Antivirus version 6 to all of our customers.  Randomly we're seeing failures to apply group policy at logon and it's causing us a lot of issues.  After a computer boots the user needs to wait for 3-5 minutes prior to logon or user-based GPOs will not apply.   Any suggestions as which direction to go to resolve this issue?

Link to comment
Share on other sites

Endpoint Antivirus doesn't have a firewall, so that's one thing that can be ruled out. 

 

Are you sure it's Eset that's blocking it? I manage 180 domain-joined computers with roughly 20 GPOs being applied - user and computer - and also a load of GPPs, and we don't have this problem. And I know there are people here with >2000 computers in the same boat. Surely, if it were blocking, then everyone would be complaining.

 

There was a Microsoft "patch" released a month or so ago which caused GPOs to not be applied. Are you certain that's not the cause, or perhaps something else?

 

I'm not sitting here defending ESET, I'm just a little sceptical that it's the culprit.

 

 

Jim

Link to comment
Share on other sites

Jim,

 

Thanks for the reply.  I am aware of the problems that arose from Microsoft's MS16-072 patch.  They have been resolved on all of my networks.  However, in my troubleshooting of this issue, I have found that uninstalling ESET from the computer resolves the problem.  Re-installing brings the problem back.  Also, I have found that when ESET is NOT installed on these problematic computers, running a gpupdate /force will cause the drive mappings from GPP to instantly populate.  If ESET is installed the drive mappings don't populate immediately but will if I log off and back on.

 

As I stated, this is not happening on all computers.  Just a few. But it is reproducible on those machines.

 

If there is a way to rule out ESET that I have not thought of I would be glad to try it.  All signs right now are pointing towards it being the cause.

 

Thanks again,

 

Jake

Link to comment
Share on other sites

  • ESET Staff

I would recommend to contact support directly as this will definitely need developer's analysis.

In the meantime you could try to disable specific EEA components and check whether it helps. It may be also useful if you could capture problematic operations using process monitor.

Link to comment
Share on other sites

  • Administrators

Start off by disabling real-time protection, next disable HIPS (requires a system restart) and finally disable protocol filtering. We'll need to know which of these makes the issue go away.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...