Author Topic: Endpoint Protection Suite Plus on TS disconnects user session  (Read 6959 times)

0 Members and 1 Guest are viewing this topic.

rcsoges

  • Guest
Endpoint Protection Suite Plus on TS disconnects user session
« on: December 04, 2013, 08:55:11 PM »
Hello,
This is my first post so excuse me if I overlook any important forum rule.

I have a client running a terminal server with Endpoint Protection Suite Plus. One user is complaining about an error popup mentioning Avast in her TS session. The error message is something along the lines of "You are about to be disconnected from Avast Remote Installer..." (The message is in French and the user does not recall it verbatim).  Immediately after the popup, her TS session is disconnected and she has to log back in.

This is an unpredictable occurrence, about once a day. It can be at 8AM, 3PM, any time really.

I've scoured the Web to no avail. I taught the user how to take a screencap of the error message, but I doubt that she'll be able to send it before she gets booted out of her session (her email client runs on the TS as well).

Can you guys offer any help or advice? Any idea what might be causing this?

System info: Windows Server 2008 R2 x64 and Endpoint Protection Suite Plus v8.0.1490.0

Thanks in advance,
Roxanne

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: Endpoint Protection Suite Plus on TS disconnects user session
« Reply #1 on: December 04, 2013, 09:30:24 PM »
What shields are installed on that server?  The Network Shield can cause undesirable results, and should uninstalled if it is there.

Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

rcsoges

  • Guest
Re: Endpoint Protection Suite Plus on TS disconnects user session
« Reply #2 on: December 04, 2013, 09:54:28 PM »
Hi JR, thanks for the quick reply.
We've got File, Web, P2P, Chat, Script, Suspicious Actions, Exchange and SharePoint agents installed. No mention of network protection.

I do have a .INI file for NetworkShield in my Avast-generated support package. Here are the contents:

[Common]
ActionOnPackedFile=onlyfile
NetAlert=
OverwriteReport=0
PUPAction=trezor iffailed delete
PerformActionOnStartup=1
Report=TXT
ReportName=*
ReportRecords=Start;Stop;Infected;HardErrors
ScanFullFiles=0
ScanIgnoreTargeting=0
ScanPUP=0
ScanPackers=EXE;WinExec;Streams;Drop
ShowAppliedActionNotification=1
ShowInfo=0
SuspiciousAction=trezor iffailed delete
TaskSensitivity=80
UseCodeEmulation=1
VirusAction=trezor iffailed delete
[NetworkShield]
Logging=1
SendBlockedUrlStats=1
ShowMessage=1
ShowPopup=1

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: Endpoint Protection Suite Plus on TS disconnects user session
« Reply #3 on: December 04, 2013, 10:25:06 PM »
Where are you getting this list?

What is a Suspicious Action?

Is there Exchange and SharePoint on this server?

Open avast! User Interface, under Security, Current Status, you will see a list of all active shields.
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

Offline Avosec-UK

  • Avosec Technical Support
  • Avast Reseller
  • Sr. Member
  • *
  • Posts: 296
    • Avosec
Re: Endpoint Protection Suite Plus on TS disconnects user session
« Reply #4 on: December 05, 2013, 09:56:05 AM »
Do you have a scheduled remote installation/deployment job?

rcsoges

  • Guest
Re: Endpoint Protection Suite Plus on TS disconnects user session
« Reply #5 on: December 05, 2013, 02:25:18 PM »
Avosec: No, there is no job scheduled, it was a one-time deployment only.

JR: the list I gave was what was under the Security tab. As the software is in French, the names I'm giving you may not be the same as what they're called in English.
Here is a screenshot, maybe the icons are more helpful.

(edit) I was thinking, as this is a terminal server any application running in user mode would have trouble because standard users are locked down pretty tight.
Does Avast have any user-mode applications that you can think of, besides the GUI?
« Last Edit: December 05, 2013, 02:46:10 PM by rcsoges »

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: Endpoint Protection Suite Plus on TS disconnects user session
« Reply #6 on: December 05, 2013, 05:52:56 PM »
Dear rcsoges, OK, that was the Behavioral Shield, and no Network shield, so the config looks good.  Have your end-user take a photo (screen shot) with a camera or phone and have that sent to you, so we can see the full message.

Do you have other users with the same exact configuration that have no issues?

Avosec-UK - great question, that fits!
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

rcsoges

  • Guest
Re: Endpoint Protection Suite Plus on TS disconnects user session
« Reply #7 on: December 05, 2013, 08:54:19 PM »
Hey guys, all other TS users are configured the same. Nobody else is having this issue.

The bug occurred again early this afternoon (we're on the East Coast) and my user was unable to take a screenshot because it comes and goes so fast... Waiting for a camera photo when she can provide it, so please do not close the thread if there is a day or so without an update. Thanks a lot for the help!



REDACTED

  • Guest
Re: Endpoint Protection Suite Plus on TS disconnects user session
« Reply #8 on: June 17, 2014, 02:17:42 PM »
OP here, looks like the issue was fixed, I think we just changed AVs (don't recall the exact solution). Thank you for the kind help! The thread can be closed.