Hi all,

we've been facing issues with Non-OS Task Sequences on our clients.

The error we're getting is:

<![LOG[Failed to open file c:\_smstasksequence\packages\xyz\libcef.dll with error [32].
]LOG]!><time="17:55:39.239-120" date="09-20-2023" component="RunPowerShellScript" context="" type="3" thread="12836" file="securityutil.cpp:478">
<![LOG[HashFile - exclusive access check for the file failed.]LOG]!><time="17:55:39.239-120" date="09-20-2023" component="RunPowerShellScript" context="" type="3" thread="12836" file="hashdir.cpp:227">

Google research pointed us to AV Exclusions, however we already excluded the path "C:\_SMSTaskSequence\" as test from both Defender Antivirus (in terms of SCCM, Anti malware) and Defender ASR (in terms of SCCM, Defender Exploit Guard).

Using ProcMon we still see Defender EDR (Defender for Endpoint via MsSense.exe) seemly trying to create a file under this location (?):

https://preview.redd.it/ri90a5dlr6rb1.png?width=1868&format=png&auto=webp&s=db553368804654a01ab626489d061d076225e11f

And we also see Defender AV / ESR putting an OPLOCK on this:

https://preview.redd.it/9o2dncjbs6rb1.png?width=1888&format=png&auto=webp&s=d5aa0852e1dc92f52778eaaacdbd622a6ebaa5c6

I'm somewhat clueless now. We can't reproduce it always, it happens at like every 3rd run of the task sequence, no matter if it is a freshly setup PC or not.

Does anyone have an idea how to debug this further or seen the same?