Long exe load time when offline

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
joshrizzo
Posts: 1
Joined: Tue Jul 19, 2016 4:50 pm

Long exe load time when offline

Post by joshrizzo » Wed May 01, 2019 12:52 pm

Windows 10 Pro Active Directory managed, network environment where all client workstations are "offline" insofar as all ports are blocked.

What we found is that, if 443/80 are blocked but 53 (DNS) is open, scripts take a LONG time (20-30 Sec) to open. Once DNS is blocked, they launch quicker, but not as fast as if they were all open.

Our scripts do not call any remote resources and are self contained.
All scripts are signed with a cert from DigiCert.

Any ideas?

Product, version and build: 5.6.157.0
32 or 64 bit version of product: 64Bit
Operating system: Windows 10
32 or 64 bit OS: 64 Bit

User avatar
brittneyr
Site Admin
Posts: 162
Joined: Thu Jun 01, 2017 7:20 am

Re: Long exe load time when offline

Post by brittneyr » Thu May 02, 2019 11:17 am

[Moved to correct forum by moderator]
Brittney Ryn
SAPIEN Technologies, Inc.

User avatar
jvierra
Posts: 13732
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Long exe load time when offline

Post by jvierra » Thu May 02, 2019 11:37 am

This sounds like an operating system issue or a network configuration issue. Have you network techs put a niffer on the net and see what is happening. You can also use the TCPView to check pots opened by every process on the system.

Port 443 and 53 outbound need to be open for the system to work correctly. Inbound they are not used and can be blocked to prevent malware attacks. Port 443 inbound is only required when a web server is installed and port 53 inbound when a DNS server is installed.

There are many malware packages that use these ports to subvert a system so be sure your AV is up to date.

In an AD network you cannot block all ports or the client system will behave badly and cannot correctly access AD resources when needed which is almost continuously.

Locked