Long exe load time when offline

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
Posts: 2
Joined: Tue Jul 19, 2016 4:50 pm

Long exe load time when offline

Post by joshrizzo »

Windows 10 Pro Active Directory managed, network environment where all client workstations are "offline" insofar as all ports are blocked.

What we found is that, if 443/80 are blocked but 53 (DNS) is open, scripts take a LONG time (20-30 Sec) to open. Once DNS is blocked, they launch quicker, but not as fast as if they were all open.

Our scripts do not call any remote resources and are self contained.
All scripts are signed with a cert from DigiCert.

Any ideas?

Product, version and build:
32 or 64 bit version of product: 64Bit
Operating system: Windows 10
32 or 64 bit OS: 64 Bit

User avatar
Site Admin
Posts: 650
Joined: Thu Jun 01, 2017 7:20 am
Answers: 8
Been upvoted: 6 times

Re: Long exe load time when offline

Post by brittneyr »

[Moved to correct forum by moderator]
Brittney Ryn
SAPIEN Technologies, Inc.

Posts: 14672
Joined: Tue May 22, 2007 9:57 am
Answers: 6
Has voted: 1 time
Been upvoted: 5 times

Re: Long exe load time when offline

Post by jvierra »

This sounds like an operating system issue or a network configuration issue. Have you network techs put a niffer on the net and see what is happening. You can also use the TCPView to check pots opened by every process on the system.

Port 443 and 53 outbound need to be open for the system to work correctly. Inbound they are not used and can be blocked to prevent malware attacks. Port 443 inbound is only required when a web server is installed and port 53 inbound when a DNS server is installed.

There are many malware packages that use these ports to subvert a system so be sure your AV is up to date.

In an AD network you cannot block all ports or the client system will behave badly and cannot correctly access AD resources when needed which is almost continuously.