Endpoint agent interference with PCOMM

book

Article ID: 159400

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Endpoint agent appeared to be interfering with the operation of a QA configuration where a Windows desktop running the agent was being used to test mainframe operations using HP Quick Test Professional 10 (aka QTP) and mainframe terminal emulator IBM Personal Communications 5.7 (aka PCOMM).  QTP was connecting to a mainframe through the PCOMM emulator, running specific operations as a terminal user, and copying the results to WINWORD.exe.

While not verified by the vendors (HP or IBM), it was assumed that lag introduced by EDPA was the likely suspect in causing interference and subsequent crashes of this particular QA configuration.

Resolution

Using "Procmon", logs were captured from the system running the QA script, specifically with an arrrangement that had failed in the past.

Browsing the output, a short list of executables were identified not only based on their association with HP QC, PCOMM, and WINWORD, but based on lag created and interdependence. 

From the short list, two programs were identified for fingerprinting and "Print/fax" (print monitoring) exclusion:

pcsm.exe and pcsws.exe

With these excluded, the issue vanished and the custoemr was able to continue their unique QA operations.