Endpoint agent appeared to be interfering with the operation of a QA configuration where a Windows desktop running the agent was being used to test mainframe operations using HP Quick Test Professional 10 (aka QTP) and mainframe terminal emulator IBM Personal Communications 5.7 (aka PCOMM). QTP was connecting to a mainframe through the PCOMM emulator, running specific operations as a terminal user, and copying the results to WINWORD.exe.
While not verified by the vendors (HP or IBM), it was assumed that lag introduced by EDPA was the likely suspect in causing interference and subsequent crashes of this particular QA configuration.
Using "Procmon", logs were captured from the system running the QA script, specifically with an arrangement that had failed in the past.
Browsing the output, a shortlist of executables were identified not only based on their association with HP QC, PCOMM, and WINWORD, but based on lag created and interdependence.
From the shortlist, these programs were identified for fingerprinting and "Print/fax" (print monitoring) exclusion:
With these excluded, the issue vanished and the customer was able to continue their unique QA operations.
A similar situation was encountered with the IBG iSeries terminal emulation software. Excluding the processes below through whitelisting resolved the issue: