Endpoint agent interference with PCOMM Terminal Emulator software

book

Article ID: 159400

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Endpoint agent appeared to be interfering with the operation of a QA configuration where a Windows desktop running the agent was being used to test mainframe operations using HP Quick Test Professional 10 (aka QTP) and mainframe terminal emulator IBM Personal Communications 5.7 (aka PCOMM).  QTP was connecting to a mainframe through the PCOMM emulator, running specific operations as a terminal user, and copying the results to WINWORD.exe.

While not verified by the vendors (HP or IBM), it was assumed that lag introduced by EDPA was the likely suspect in causing interference and subsequent crashes of this particular QA configuration.

Resolution

Using "Procmon", logs were captured from the system running the QA script, specifically with an arrangement that had failed in the past.

Browsing the output, a shortlist of executables were identified not only based on their association with HP QC, PCOMM, and WINWORD, but based on lag created and interdependence. 

From the shortlist, these programs were identified for fingerprinting and "Print/fax" (print monitoring) exclusion:

pcsm.exe

pcscm.exe

pcsws.exe

With these excluded, the issue vanished and the customer was able to continue their unique QA operations.

 

 

Additional Information

A similar situation was encountered with the IBG iSeries terminal emulation software. Excluding the processes below through whitelisting resolved the issue: 

pcsws.exe
pcscm.exe. (passes to print channel)
cwbsvstr.exe
pcssnd.exe