zwylde 0 Posted August 9, 2016 Share Posted August 9, 2016 We have just deployed Endpoint Antivirus version 6 to all of our customers. Randomly we're seeing failures to apply group policy at logon and it's causing us a lot of issues. After a computer boots the user needs to wait for 3-5 minutes prior to logon or user-based GPOs will not apply. Any suggestions as which direction to go to resolve this issue? Link to comment Share on other sites More sharing options...
zwylde 0 Posted August 10, 2016 Author Share Posted August 10, 2016 Anyone? Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted August 10, 2016 Share Posted August 10, 2016 Endpoint Antivirus doesn't have a firewall, so that's one thing that can be ruled out. Are you sure it's Eset that's blocking it? I manage 180 domain-joined computers with roughly 20 GPOs being applied - user and computer - and also a load of GPPs, and we don't have this problem. And I know there are people here with >2000 computers in the same boat. Surely, if it were blocking, then everyone would be complaining. There was a Microsoft "patch" released a month or so ago which caused GPOs to not be applied. Are you certain that's not the cause, or perhaps something else? I'm not sitting here defending ESET, I'm just a little sceptical that it's the culprit. Jim Link to comment Share on other sites More sharing options...
zwylde 0 Posted August 10, 2016 Author Share Posted August 10, 2016 Jim, Thanks for the reply. I am aware of the problems that arose from Microsoft's MS16-072 patch. They have been resolved on all of my networks. However, in my troubleshooting of this issue, I have found that uninstalling ESET from the computer resolves the problem. Re-installing brings the problem back. Also, I have found that when ESET is NOT installed on these problematic computers, running a gpupdate /force will cause the drive mappings from GPP to instantly populate. If ESET is installed the drive mappings don't populate immediately but will if I log off and back on. As I stated, this is not happening on all computers. Just a few. But it is reproducible on those machines. If there is a way to rule out ESET that I have not thought of I would be glad to try it. All signs right now are pointing towards it being the cause. Thanks again, Jake Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted August 10, 2016 ESET Staff Share Posted August 10, 2016 I would recommend to contact support directly as this will definitely need developer's analysis. In the meantime you could try to disable specific EEA components and check whether it helps. It may be also useful if you could capture problematic operations using process monitor. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,397 Posted August 11, 2016 Administrators Share Posted August 11, 2016 Start off by disabling real-time protection, next disable HIPS (requires a system restart) and finally disable protocol filtering. We'll need to know which of these makes the issue go away. Link to comment Share on other sites More sharing options...
Recommended Posts