Yes, I have opened a case, but the first recommandation was to deactivate the security settings at the policy. 

Did TAC come up with something usefull ? Our TAC case seems to run silently nowhere - also, they did not confirm that it is a known issue...

No, currently not. 

After Update to client version 88.50, the issue seems to be resolved now !

Sorry, but this is off topic - the issue is with non-Kaspersky  AV/AM engine, not forensics....

Not really off topic, as issue happened AFTER update to DHS compliant version...

You did not write that...

Haha...never mind mate, I was more referring to an issue with DHS compliant version.

Cheers,

Andy

Forensics is the reason for 80% of our customers EPS tickets with CP...

My colleague was telling me it happened with only 3 users so far out of 300+, so its not that bad at all, thats 1%. 

For one application I see URL Reputation - Forensics. However, the log message goes on to say which applications have been moved to quarantine.
No log entries are created for other applications although the program freezes and crashes.

Ouch...mind sharing exact reason for the crash? MY colleague told me one of our customers also has same problem on few machines, but I did not inquire further.

Andy

The update did it - worked OK before. First solution attempt from TAC is to completely uninstall and re-install the client...

Thats usually first step, sometimes it does work...

@G_W_Albrecht does uninstall and reinstall solved the problems  ? We are facing more and more problems with other customers after changing to DoC compliant version.

I will ask one of my colleagues about it as well.

Andy

I would appreciate if someone tries that ! The RDS with the issue is in production and has over 60 users, so any change is only hard to do and has to be allowed by the customer. I would appreciate if this could be replicated by CP in Lab ! Last solution attempt was to update BIOS and all driver on the server, which is hard to do in a Hyper-V VM 😎 So i have now escalated the case.

We are still seeing issues with our RDS servers, even on E88.60. We are using FSLogix in our environment so maybe it has something to do with that. 

I'm actually getting really fed up with the Harmony endpoint protection software as a whole... 

Im upgrading a fleet of roughly 600 endpoints tomorrow, now i'm panicking reading this thread.

Would the recommendation be to go directly to 88.50?

Yes, CP gave the recommendation to use this version as the process crashing issue is resolved here.

Is this for older installations which were then upgraded to E2 or new ones also?

We have a few implementations with EPMaaS which were set from the beginning to EU/DHS compliant in the initial setup, running the recommended version and no big issues reported so far. The difference we see is the "DHS Compliant" label next the version, in the drop-down when choosing the version in the deployment options.

Hello,

You should absolutly manage this upgrade very carefully. We had many problems after upgrade to E88.32 and many SR's with TAC without progress. I would recommend you test E88.50 or E88.60 in a few machines for some days, and after you are sure it works ok do the massive change. We did that but only with IT machines and was not enough, normal users had different problems, so if you can, include machines from different areas on the test stage.

Regards

Thanks All,

I had a few POC machines in 88.32 which didnt have complaints.

I did the massive upgrade to 88.50 and no complaints either! (for now :D)

So all looks good so far.

Thanks all

That is the right way to do that 😎