Jump to content

ESET EndPoint Antivirus - Domain Kixtart Logon Script Network issue


Recommended Posts

Hello Everyone,

 

We have started the migration from ESET EndPoint AV 5.x to EndPoint AV 6.4 latest build. Since the update on the workstation we get issue with our domain logon script :

 

The affected OS is Windows 7 Pro x64 confirmed, on others OS I have no information if they are affected or not. The issue description is :

 

1) We use a logon script for our domain users that connected the drive share and network printers to the users. The script is created by Kixtart tool. The script is define in the logon script field in the AD for each user.

 

2) We have the GPO "Computer\Admin Template\System/Scripts\Run logon scripts synchronously" enable in the domain --> The desktop will not show up until the logon script finish the processing. I haven't tested the issue with this parameter disable for now

 

3) When a user logon, the logon script is processed, during the process we connect drives from network shares and connect the printer from our Print Server. The script is executed correctly (I mean he startup without any problem, wkix32.exe executable that run the script is located in the Netlogon share of the domain controllers --> So we run the executable through the network, not copied locally). But the script is unable the connect the network share or the printers. Like ESET AV 6.4 is blocking the script to access the network. After a few minutes, because every catch of accessing the network resources get a timeout, the script processing end and the user get the desktop, but the network drives and printers are not connected. If I execute manually my logon script again after the desktop is displayed, the logon script process successfully and all the network share and printers are available to the users. Also the time needed to run the script when invoked manually is 4-5 seconds, but when run automatically during the logon is about 3-5 minutes (until every command get a timeout).

 

4) I have try disable all the features in ESET AV 6.4 (Heuristic scanning, Network File Scan, HIPS, Realtime Scanner, Scan file on "Open, Write, etc.", even create an exclusion for every network share) --> So everything we can disable without success, the script cannot access network ressources.

 

5) Uninstalling ESET EndPoint AV 6.4 resolve the issue

 

6) Installing ESET EndPoint AV 5.x doesn't broke the script and everything is working as expected.

 

Additional information :

We see the problem 9 of 10 times at the first user logon after booting the desktop. Login off and login in again solve the problem 4 of 10 time.

It may be related to ESET starting in user mode after the login, it block the network resources for already started process, like my logon script run just after the logon process and before the desktop is loaded.

I have try to disable everything in ESET, and when I mean everything is all Realtime scan, Document scan, Web and Mail, etc. without any success. So I think it's related to the network driver of ESET

I will try to disable "Run logon scripts synchronously" GPO and post the result back.

 

Anyone else have this problem with v6 release?

Thanks

Link to post
Share on other sites
  • Administrators

You wrote that you had tried disabling HIPS. Could you confirm that you also restarted the computer afterwards for the change to take effect? Also did you try temporarily disabling automatic start of real-time protection followed by a computer restart?

Link to post
Share on other sites

Not trying to start an argument or a deep discussion here but......using scripts to map network drives went out of fashion 5 years ago, when GPPs became mainstream. It may or may not resolve your problem, of course, but it's surely worth looking at?

 

Scripts to map drives is a bit "legacy", IMHO.

 

 

 

Jim

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...