Endpoint Security 5.0.2126.0 lock at startup and web control slowdown

Discussion in 'ESET Endpoint Products' started by mcferrero, Nov 7, 2012.

Thread Status:
Not open for further replies.
  1. mcferrero

    mcferrero Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    20
    Hi, we currently have more than 900 PCs with NOD 4.2 and we are migrating to Endpoint Security 5.0.2126.0.

    I encountered the following issues with this client:

    *On 5% of our PCs this client slow the pcs to a crawl when booting up and locks the taskbar for a really long time (SYSTEM process on task manager shows high CPU usage). I cant find out what is making this problem. NOD 4.2 do not reproduce this problem. The same exact issue happened to us before and 4.0.417 fixed it, now its happening again:

    From NOD CHANGELOG:
    March 31, 2009 - 4.0.417

    Fixed several issues in firewall module:
    Detection for Conficker added
    Fixed detection of TCP stream
    Fixed detection of binary rules in ipv6
    Fixed BSOD on Vista caused by entering mapped drives
    * Removed potencial deadlock during Windows log on process*
    Fixed detection for DNS cache poisoning attack
    Fixes and changes in ICMP filtering
    Fixed scanning of ARP
    Fixed issue with disconnecting of routers and data transfer cards from internet


    *When activating WEB CONTROL INTEGRATION, web access turns unsuable, really slow and cant reach many web pages. We have to get this functioning to preven users from entering many forbidden pages (porn,drugs for example).
    If it gets disabled, the PC surfs fine (with no restrictions). When enabling its ultra slow and prevents porn pages. Any help?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Perhaps there's an issue with DNS queries to the Parental control server. Please capture the network communication using Wireshark while reproducing the issue, then compress the pcap log, upload it to a safe location and pm me the download link.
     
  3. mcferrero

    mcferrero Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    20
    Will do. What about the deadlock? It happens with Web Access Control deactivated too.
     
  4. mcferrero

    mcferrero Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    20
    Hi Marcos, my boss doesnt let me give anyone a Wireshark capture *but* I can tell you this:
    If the PC logins on AD = Deadlock. Using a local user on the same pc it doesnt hang. *BUT* if I disable "Startup Scanning" the error does not occur. So its an error on Startup Scanning producing a deadlock when login in on AD Domains.
    There you go for one of the two issues.
    Can you try to reproduce it and let me know?
     
  5. mcferrero

    mcferrero Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    20
    Well, I tested it and still doesnt work. The user logins fine but the pc is unusable. I dont know whats happening but I cant get the damn thing work. I'm back to 4.2.71. Please help!

    The sad thing is that older XP SP3 images work, but newer images dont. Maybe a WU Patch that Endpoints dislikes? There are dozens of them and dont have time to test it. Please Marcos help! If a Wireshark capture is a must, will insist to my boss.
     
  6. mcferrero

    mcferrero Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    20
    The solution is excluding from realtime protection C:\Windows\CSC folder. I hope it gets fixed next version.
     
  7. mcferrero

    mcferrero Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    20
    Hi, I still have problems with WEB CONTROL setting. The moment I enable it, internet browsing slows to a crawl. The fun fact is that I cant see why it can have problems with DNS as the client connects to the ERA server by IP and not by name. Please help! Its been months!
     
  8. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    Hi mcferrero,

    I understand your situation... we tried to switch to version 5 on XP SP3 as well, and encountered several issues similar (but not the same) as yours, I reported on the forum but no solutions are forthcoming.
    Usually ESET ask for all kinds of tracing activity by the customer, using external tools the customer has to install in his environment (the ESET products themselves cannot do debug logging for most cases), and often it is against company policy to do this, or it just costs too much time to setup the test environment.
    The resulting stalemate means the problem will not be solved. There appears to be no way to get detailed questions in the hands of people who know the internal structure and workings of the program.
     
  9. mcferrero

    mcferrero Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    20
    The funny part is that I already sent them the capture (wireshark) they asked without no answer. What do I have to do to get help, I work for an organization which bought more than 4000 Endpoint Licences and every year they renew it.

    Regarding WEB CONTROL problem, I decided to start fresh, installed on a clean pc (not connected to the main AD, but plugged on the same network), with the latest Endpoint 5.0.2214.7, no custom policies, no configs, no ERA servers. The client surfs the web fine. THE MOMENT I TURN ON WEB CONTROL (with or without a rule to block sites on Endpoint) web browsing turns slow as hell. So ERA config / Client config problem is ruled out. There is something wrong with Endpoint+WebControl in combination with my network.

    Please Marcos/Admins HELP ME.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Not sure whether you provided the logs to ESET LLC or another ESET distributor or reseller. Could you supply me with a link from which I could download the Wireshark log? It's always been an issue with receiving DNS responses when there was an issue with web pages loading with a delay with Web control enabled.
     
  11. mcferrero

    mcferrero Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    20
    Marcos, did you recieved and analyzed the file I sent you?
     
Thread Status:
Not open for further replies.