Skip to main content

Hi all,
Has anyone else seen massive performance issues during logon with Agent Protection enabled (on Windows 11 endpoints in my case)?

I have a customer that has been seeing problems for a while, and I also got my own environment set up and running in the last week and see the same thing.

Basically, after a clean logon to the device (happening on multiple, not isolated to 1 or 2), it just takes forever to get a usable desktop. For me, it can take a minute or more for even the taskbar to show.

To test, I created an identical EPM policy to my production policy, but with AgentProtectionState=0. When I flick my machine over to the associated Computer Group it is responsive again during logon (reboot, log on; taskbar loads almost instantly, apps load, desktop responsive…. normal operation).

Running latest versions of agent and client (leveraging Package Manager for that and double-checked manually).

The customer that raised it has been having issues for several months, so I feel this is a semi-recent issue, but not something that was a problem say 4 months ago (at a guess).

I’ll get a case open with support but interested if anyone else has seen similar problems and has any ideas.

Thanks.

That to sounds like a ticket with BeyondTrust Support, I have not seen the issue but would be happy to test it out. I would need your version information for all components involved.

PM Client version:
PM Cloud Adapter version:
Windows 11 Version:

Then ensure that you have excluded other security products from touching the EPM Client. Could be a delay as they attempt to touch EPM with Agent protection turned on.

Procmon boot logs or Traceconfig boot process would be needed for support to validate the issue.

 

Thanks Jens.

I’ve grabbed traces and will get a support case sorted. The problem only effects logon performance. System boot is basically identical with Agent Protection on and off.

I have all the recommended Defender AV exclusions in place in both my and the customer environment (I hoped they would fix it, but they didn’t sadly).

It is possible that ARM based device isn’t impacted (colleague has an ARM based Surface device and doesn’t have any performance problems on logon, I have an Intel based Surface and customer has DELL XPS).

If you want to try and simulate the problem then by all means, go for it, but don’t go to too much trouble.

Adapter Version: 25.6.554.0

Client Version: 25.4.270.0

Package Manager Version: 25.6.554

Win 11 24H2 Build 26100.4851 (Windows Defender defs all up-to-date).

Badge Earners

  • BCSE: Password Safe
    Kaenniehas earned the badge BCSE: Password Safe
  • 25 Courses Completed
    Daron Garrisonhas earned the badge 25 Courses Completed
  • BCSE: Privileged Remote Access
    AliBhas earned the badge BCSE: Privileged Remote Access
  • BCSE: Privileged Remote Access
    Krista Neunerhas earned the badge BCSE: Privileged Remote Access
  • BCSE: Password Safe
    Krista Neunerhas earned the badge BCSE: Password Safe
Show all badges
Terms & ConditionsCookie settingsAccessibility statement