-
Notifications
You must be signed in to change notification settings - Fork 499
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some Antivirus (BeyondTrust/Avecto DefendPoint) may cause PowerShell Extension to stop responding #3077
Comments
Can confirm, I have the same issue with defendpoint and ps 5.1 desktop. Installed ps 7.1 core and the blocking issue isn't replicated. |
Have Avecto and PS5.1 and version 2020.1.0 of the VSCode extension is the last one that works for me. |
If I had to guess, your AV has started to more strictly monitor user space. You could attempt to add an exclusion for |
Howdy @cveld, thanks for opening an issue. The UI lock up in VSCode is, as far as I know, #2377. That's unrelated to Avecto/BeyondTrust, and is caused by a bad interaction between PSReadLine and VSCode's terminal's implementation of certain APIs. As far as the Avecto/BeyondTrust issues go, we would also like to understand what's going on. We've found through a number of startup issue threads that the usual common element is the presence of these security solutions. But trying to get more information on the topic has been difficult. We would love to know exactly when and why Avecto/BeyondTrust triggers a scan of the extension at startup and what we can do to alleviate it, but so far we haven't had much to go on there. Architecturally, the PowerShell extension is a client/server pair that talk to each other using LSP, which is pretty typical of VSCode extensions. VSCode + the PowerShell extension form the client (VSCode handles some LSP interactions directly, the extension handles some others). The PowerShell extension, when loaded, also starts the server, which is PowerShellEditorServices. This is a PowerShell process run to load in the PSES module and execute the So with this in mind, some responses to your questions:
The PowerShell terminal window simply starts PowerShell. The extension's PowerShell process begins at that point, then loads the PSES module, then executes
This is very interesting information. Thanks for sharing it.
Yes, I've also noticed this, but it's completely unclear as to why.
Unfortunately it's not something we know. If we did, we'd hopefully be able to do something about it.
This is also interesting. As far as I know there should be no significant change there. However, we did migrate from a startup script to a direct invocation of a cmdlet for a number of reasons. I have thought about adding an option to instead use a script. So to summarise:
|
i'm willing to hop into a Teams screenshare if you want to poke around.
…On Tue, Dec 1, 2020 at 5:45 PM Robert Holt ***@***.***> wrote:
Howdy @cveld <https://github.com/cveld>, thanks for opening an issue.
The UI lock up in VSCode is, as far as I know, #2377
<#2377>. That's
unrelated to Avecto/BeyondTrust, and is caused by a bad interaction between
PSReadLine and VSCode's terminal's implementation of certain APIs.
As far as the Avecto/BeyondTrust issues go, we would also like to
understand what's going on. We've found through a number of startup issue
threads that the usual common element is the presence of these security
solutions. But trying to get more information on the topic has been
difficult. We would love to know exactly when and why Avecto/BeyondTrust
triggers a scan of the extension at startup and what we can do to alleviate
it, but so far we haven't had much to go on there.
Architecturally, the PowerShell extension is a client/server pair that
talk to each other using LSP, which is pretty typical of VSCode extensions.
VSCode + the PowerShell extension form the client (VSCode handles some LSP
interactions directly, the extension handles some others). The PowerShell
extension, when loaded, also starts the server, which is
PowerShellEditorServices
<https://github.com/powershell/powershelleditorservices>. This is a
PowerShell process run to load in the PSES module and execute the
Start-EditorServices cmdlet, which starts the language server. This
process then hosts all the language services plus the integrated console,
so that all the context is shared in the same process.
So with this in mind, some responses to your questions:
The PowerShell terminal window inside vscode is immediately usable. So how
is the creation of this PowerShell terminal window different than the
PowerShell session the extension is trying to create?
The PowerShell terminal window simply starts PowerShell. The extension's
PowerShell process begins at that point, then loads the PSES module, then
executes Start-EditorServices, then creates the required named pipes,
then creates the session file, then waits for the client to connect, then
starts the Integrated Console and language services. In order to
effectively share context between editor completions and the Integrated
Console, these two functions are actually managed by the same thread
running the same PowerShell runspace, meaning there is extra complexity
here too. I've been working on improving that when I find time in
PowerShell/PowerShellEditorServices#1295
<PowerShell/PowerShellEditorServices#1295>.
Interestingly, when starting vscode elevated, BeyondTrust/Avecto
immediately pops up with to a dialog to confirm 'powershell.exe'. This
immediately enables the PowerShell terminal window to run.
The extension takes longer, eventually (1 minute?) BeyondTrust/Avecto pops
up with a dialog to confirm 'powershell.exe' again. After confirmation,
eventually (after 15 seconds?) the process proceeds.
This is very interesting information. Thanks for sharing it.
I see this behavior only occurring with PowerShell 5.1 64-bit.
Yes, I've also noticed this, but it's completely unclear as to why.
Can you shed some light in which process is being delayed by
BeyondTrust/Avecto?
Unfortunately it's not something we know. If we did, we'd hopefully be
able to do something about it.
Have Avecto and PS5.1 and version 2020.1.0 of the VSCode extension is the
last one that works for me.
This is also interesting. As far as I know there should be no significant
change there. However, we did migrate from a startup script to a direct
invocation of a cmdlet for a number of reasons. I have thought about adding
an option to instead use a script.
So to summarise:
- The UI freeze issue is something we know about, but we think is
unrelated to Avecto/BeyondTrust. It was supposed to be fixed by VSCode at
some point, but I'm not clear if the ostensible fix made it in. We're
following up on that in #2377
<#2377>.
- The Avecto/BeyondTrust startup issue is something we know about at a
high level by piecing together various user reports. We've looked through
crashdumps and other information but haven't been able to get any better
information than "everyone who reports this has Avecto/BeyondTrust
installed"
- The extension module and scripts are all signed with Microsoft
certificates
- I've tried to contact BeyondTrust, so hopefully they'll get back to
me
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#3077 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACYCRNPNY24M6XXW7FNNZV3SSVWXXANCNFSM4UGYQ3FQ>
.
|
My BeyondTrust/Avecto enterprise support team just upgraded my client to 5.6.148.0 and the problem went away! |
Ok, I've gotten in contact with BeyondTrust support. I'm not sure how far it will go, but they've asked for a PGCaptureConfig and a Service/Hook/Driver test. Given that I'm an intermediary here, I'm not sure how well this will go (I would encourage anyone seeing issues here to contact BeyondTrust support directly and discuss the issue with them, because I asked them directly in the email what we can do to prevent the issue and they've told me there are no best practices), but I'd like to give it a shot. Please email [email protected] if you want to follow up and I can send you instructions on how to capture logs (instructions I can't read since I'm not a BeyondTrust customer). EDIT: The BeyondTrust support representative I contacted told me that it's best that anyone experiencing this issue contact BeyondTrust directly. Probably at [email protected]. |
This issue is being closed as inactive, if this issue is still occurring it will be re-opened |
Issue Description
Visual Studo Code freezes completely for 4 minutes while starting up the PowerShell extension and then the extension fails to start up. It shows the infamous dialog 'The window is no longer responding' multiple times:
After analyzing your troubleshooting guide (https://github.com/PowerShell/vscode-powershell/blob/master/docs/troubleshooting.md) my hypothesis is that the language server is simply not able to start in the allotted time window and therefore the client will not find a session file in time. I guess BeyondTrust/Avecto is delaying the process for some reason. Refer to the log file:
vscode-powershell.log
I would like to understand why this is happening. The PowerShell terminal window inside vscode is immediately usable. So how is the creation of this PowerShell terminal window different than the PowerShell session the extension is trying to create?
Additionally, when I start the language server from this PowerShell terminal window, using the executed command shown in the log, it just immediately creates the session file.
So again the question, why is BeyondTrust/Avecto trusting this immediately?
Interestingly, when starting vscode elevated, BeyondTrust/Avecto immediately pops up with to a dialog to confirm 'powershell.exe'. This immediately enables the PowerShell terminal window to run.
The extension takes longer, eventually (1 minute?) BeyondTrust/Avecto pops up with a dialog to confirm 'powershell.exe' again. After confirmation, eventually (after 15 seconds?) the process proceeds.
Interestingly, when I wait with confirming the dialog, the same dialog 'The window is no longer responding' pops up 😉
I see this behavior only occurring with PowerShell 5.1 64-bit. With PowerShell 5.1 32-bit there is no observable delay, as well as with PowerShell 7.1.
Can you shed some light in which process is being delayed by BeyondTrust/Avecto?
Environment Information
Visual Studio Code
PowerShell Information
Visual Studio Code Extensions
Visual Studio Code Extensions(Click to Expand)
The text was updated successfully, but these errors were encountered: