Endpoint agent interference with PCOMM Terminal Emulator software

book

Article ID: 159400

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Endpoint agent appears to be interfering with the operation of a configuration where a Windows desktop running the agent was being used with terminal emulator software.  Connecting to a mainframe through the emulator, running specific operations as a terminal user, and copying the results to Word.

 

Cause

The configuration creates a lag condition where scanning the executables causes communication issues due to lengthy processing ( timeouts or crashes).

This can be seen in the logs where it is still in progress while trying to perform other work:

WARNING | FileSystem.MessageListener | Failed to resolve path filter (%USERPROFILE%\Client_name\*) because of error: EnvVariableResolver::Resolve() - GetLongPathName failed. Error code: 2684354562

WARNING | CodeInjection.POMClient | Process Initialization is still in progress, Retry Count:1 for ProcessId:6216, Process Name:C:\Program Files (x86)\IBM\Personal Communications\pcsfe.exe. | C:\VontuDev\workDir\dev\native\src\endpoint\GeneralHooks\ProcessOperationMonitor\Src\POMHook.cpp(484)

Environment

Mainframe operations using HP Quick Test Professional (aka QTP). HP QTP is now MicroFocus UFT (Unified Functional Testing).

Mainframe terminal emulator IBM Personal Communications (aka PCOMM). 

A similar situation was encountered with the IBG iSeries terminal emulation software.

Resolution

Excluding the processes below through whitelisting resolved the issue. These programs were identified for fingerprinting and "Print/fax" (print monitoring) exclusion:

pcsm.exe

pcscm.exe

pcsws.exe

 

 

Additional Information

A similar situation was encountered with the IBG iSeries terminal emulation software. Excluding the processes below through whitelisting resolved the issue: 

pcsws.exe
pcscm.exe. (passes to print channel)
cwbsvstr.exe
pcssnd.exe