Failed login to Windows 7 after Endpoint Agent install

book

Article ID: 159769

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Vontu Endpoint Agent 10.0/10.5 causes Windows 7 not to load.

User logs in and is confronted with a black screen. If Task Manager is started (Ctrl-Alt-Del), and a new task is begun (launching cmd to kill edpa), Explorer will then complete its load.

Resolution

Confirm that the default filters have not removed final "Ignore" wildcard:

Enforce > System > Servers > Overview > {endpoint server} > Configure > Agent Monitoring

Ignore          CD/DVD, Local Drive               type = *

If leaving a wildcard in place is unacceptable, at a minimum, be sure the above filter includes *.ini. That is because this issue relates to the desktop.ini file (a hidden file).

Additionally, this may be related to having both SEP & DLP on the machine - in at least one case the following was recorded by the DLP Agent log:

DIM File Detection Request Details :
file: C:\Users\<username>\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

In the above instance, it was found that "If SEP excludes the users directory, or if we ignore *.ini for CD/DVD, then there is no issue".

Regardless of the detail, this seems to occur only if customers have changed the default filters on the Agent Monitoring tab in an Endpoint Server's configuration.

--------------