search cancel

Endpoint agent interference with PCOMM Terminal Emulator software

book

Article ID: 159400

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite

Issue/Introduction

Endpoint agent appears to be interfering with the operation of a configuration where a Windows desktop running the agent was being used with terminal emulator software. 

Connecting to a mainframe through the emulator, running specific operations as a terminal user, and copying the results to Word.

 

Environment

Mainframe operations using HP Quick Test Professional (aka QTP). HP QTP is now MicroFocus UFT (Unified Functional Testing).

Mainframe terminal emulator IBM Personal Communications (aka PCOMM). 

A similar situation was encountered with the IBG iSeries terminal emulation software.

Cause

The configuration creates a lag condition where scanning the executables causes communication issues due to lengthy processing ( timeouts or crashes).

This can be seen in the logs where it is still in progress while trying to perform other work:

WARNING | FileSystem.MessageListener | Failed to resolve path filter (%USERPROFILE%\Client_name\*) because of error: EnvVariableResolver::Resolve() - GetLongPathName failed. Error code: 2684354562

WARNING | CodeInjection.POMClient | Process Initialization is still in progress, Retry Count:1 for ProcessId:6216, Process Name:C:\Program Files (x86)\IBM\Personal Communications\pcsfe.exe. | C:\VontuDev\workDir\dev\native\src\endpoint\GeneralHooks\ProcessOperationMonitor\Src\POMHook.cpp(484)

Resolution

Excluding the processes below through whitelisting resolved the issue. These programs were identified for fingerprinting and "Print/fax" (print monitoring) exclusion:

pcsm.exe

pcscm.exe

pcsws.exe

Additional Information

A similar situation was encountered with the IBG iSeries terminal emulation software. Excluding the processes below through whitelisting resolved the issue: 

pcsws.exe
pcscm.exe. (passes to print channel)
cwbsvstr.exe
pcssnd.exe
 
For steps on whitelisting please see our article How to whitelist or exclude an application from DLP Endpoint agents