As of February 8, 2020, Endpoint 6.5, Endpoint 5.0 and server product v6.5 stopped working due to a bug in verification of binaries' signature against ESET's certificate. As a result, affected products do not work.
Endpoint 6.6 and v7.0 - 7.2 Endpoint and server products are not affected whatsoever.
If you have an ESET product version affected by the issue which works, make sure the latest modules listed in FAQ below (question What to do if I have an affected version of an ESET product that still works?) are installed. We strongly recommend that even after the patching modules (different for v5 and v6.5) were installed you upgrade the product to the latest version v7. If upgrade is not possible yet for some reason, install the latest fixed version of the product that you have.
A quick solution for other than Windows XP systems and bigger networks:
- shift the system date to February 7, 2020 or earlier
- reboot the machine so that your ESET Security product loads alright
- uninstall the ESET Security product and reboot the machine
- set a correct system date
- install the latest version (Endpoint 7.2 or the latest server product v7 in case of servers)
Fix for Endpoint v5:
Fixed v6.5. installers:
ESET File Security
ESER Mail Security for Microsoft Echange
ESET Mail Security for Lotus Domino:
For more information, visit https://support.eset.com/en/alert7396-legacy-products-startup-issue.
Update (March 25, 11:20 CET):
Users with "fragile" ESET products 6.5 who have applied Certfix should upgrade to the latest version 7.2 to get an ultimate fix. If upgrading to it is not possible, upgrade to the latest v6.5 or v6.6 at least. Security products 6.5 that have not been upgraded to the latest v6.5 or newer will start displaying a notification about outdated product soon.
Update (Feb 14, 9:30 CET):
A new version of CertFix for affected 6.5 products which addresses crashes on certain server systems has been released and is downloadable from https://forum.eset.com/files/file/20-certfix/.
Update (Feb 13, 19:40 CET):
A fix for Endpoint v5 and new Endpoint v6.5 installers are available, please find the download links above (EFSW installers will be available later). Links are different for 32 and 64-bit systems and for ESET Endpoint Antivirus and ESET Endpoint Security. For other languages, change "enu" to the appropriate language code. When run on an affected system with Endpoint v5, it will upgrade it to the latest version 5.0.2272. After upgrade, it may be necessary to reboot the machine.
1, What products and versions are affected by this issue?
Affected are all Endpoint and server products 6.5 as well as all versions of Endpoint v5.0.22xx except the last version 5.0.2271. Newer versions of security products 6.6, 7.0, 7.1 and 7.2 were not affected whatsoever.
2, How do I find out if my ESET product works if I have an affected version?
The issue typically manifests by protection settings missing in the advanced setup and by protection status reporting "Antivirus and antispyware protection is non-functional" (v6.5). Endpoint v5 displays a logo of ESET Smart Security and an error occurs when attempting to save changes in the advanced setup.
3, What to do if I have an affected version of an ESET product that still works?
If the machine has not been restarted after Feb 7, avoid any restarts unless you make sure that you have the appropriate module installed. For Endpoint v5 it's Antivirus and antispyware module 1559.4, for versions 6.5 it's the Update module 1074.2 which address the issue. To find out what version of modules you have, check information about installed modules in the Update panel or in About program information.
4, Do I have to install the latest version 6.5 if I applied Cerfix?
Yes. Users with "fragile" ESET products 6.5 who have applied Certfix should upgrade to the latest version 7.2 to get an ultimate fix. If upgrading to it is not possible, upgrade to the latest v6.5 or v6.6 at least. Security products 6.5 that have not been upgraded to the latest v6.5 or newer will start displaying a notification about outdated product soon.
5, I have Endpoint v5 affected and malfunctioning. How should I carry on?
A fix for Endpoint v5 which will install the latest unaffected version 5.0.2072 is available for download from links above.
6, I have Endpoint 6.5 or ESET File / Mail Security v6.5 affected and malfunctioning. How should I carry on?
The current version of CertFix downloadable from https://forum.eset.com/files/file/20-certfix/. The password to the archive is "CertFix2" (without qutation marks). After applying the fix, we strongly recommend installing the latest version 7 of the product or at least the latest v6.5 from links above if upgrade to the latest version is not possible for some reason.
7. I have run CertFix but it ended with the message "no need to patch".
Most likely you have attempted to run the first version of CertFix on a system with a version of Endpoint unsupported by the fix. Please use the latest version of CertFix which works for any version 6.5.
Update (Feb 13, 17:15 CET):
We have pinpointed an in Cerfix2 (220.127.116.11) when it crashes with a specific version of EFSW. Another version of Certfix addressing the issue should be available within today.
Update (Feb 13, 15:40 CET):
Version 6.5 installers with a fix have been uploaded to the repository. Download links will be published momentarily in the KB article https://support.eset.com/en/alert7396-legacy-products-startup-issue. Use this new version for fresh installations of Endpoint v6.5 on systems where installation of the latest v7 is not possible for some reason at this point (e.g. Windows XP systems).
We have received reports of CertFix2 crashing under certain circumstances on server OS's. We have managed to reproduce the crash and developers are looking into it right now. We expect a new version of CertFix for these systems to be available soon.
Update (Feb 13, 11:55 CET):
We are uploading a fix for affected Endpoint v5 versions for machines that have been restarted and Endpoint is malfunctioning. There will be different version for different languages, bittness of the OS (x86/x64) and products (Endpoint Antivirus / Endpoint Security). Once uploaded, we will publish download links in the KB article https://support.eset.com/en/alert7396-legacy-products-startup-issue. The current version will not work on Windows XP yet; we are also preparing a Windows XP compatible version.
Update (Feb 13, 8:40 CET):
A new version of CertFix is available for download also from https://forum.eset.com/files/file/20-certfix/
Update (Feb 12, 17:40 CET):
In a few hours we expect to have a fix for Endpoint v5. As mentioned before, it will smoothly upgrade affected clients to the latest version 5 not affected by the issue. We are also going to release another module update for Endpoint v5 users who have not restarted the machines yet and can update.
Besides that we are going to publish a fix for all v6.5 versions. The fix is intended for any v6.5 version that is already broken. However, after patching v6.5, it will be necessary to upgrade either to the latest Endpoint v7 or to a fixed version 6.5 that we're about to publish as well if upgrade is not possible yet for whatever reason.
We'll keep you posted.
Update (Feb 12, 17:40 CET):
We have released Antivirus and antispyware module 1559.4 as a staggered update. The module fixes Endpoint v5 on machines which have not been restarted yet.
Update (Feb 12, 12:40 CET):
Today we expect to have the following:
- Update of the Update module for affected Endpoint v5 products that have not been restarted and are not affected yet
- A fix for all remaining Endpoint v6.5 products
- A fix for most common language versions of Endpoint v5 (will upgrade Endpoint to the latest v5 version)
Update (Feb 11, 19:00 CET):
Update module 1074.2 is currently being distributed as staggered update for all users.
Update (Feb 11, 17:00 CET):
Update module 1074.2 is currently on the pre-release update channel and fixes the issue for any v6.5 products on machines that have not been restarted yet and the product is in working state (ie. update and protection works). We plan to release the module for all users in an hour (18:00 CET).
Update (Feb 10, 22:40 CET):
A fix for issues with v6.5 server products that emerged on February 8, 2020 is available for download from https://forum.eset.com/files/file/20-certfix/
This first version of the fix is intended only for the following products:
Endpoint 6.5.2118, 6.5.2123, 6.5.2132
EFSW / EMSX 6.5.10057, 6.5.10059, 6.5.12017, 6.5.12018, 6.5.14026
The fix must be run with elevated administrator rights. We recommend trying it on 1-2 computers first.to make sure it works alright in your environment.
If ESET is already malfunctioning, running the fix will replace ekrn with a fixed version. No system restart should be required and ESET should start working.
If you have an affected version of ESET and it's still working alright, applying the fix will replace ekrn which will prevent the issue from occurring.
The password to the archive is "certfix1" (without quotation marks).
Tomorrow (on Feb 11, 2020) we should have a fix ready for Endpoint v5 as well as for other 6.5 versions that are not easily remediable. We will be also releasing a new version of the Loader module that will patch affected products on machines that have not been restarted yet and where ESET is not malfunctioning.
Update (Feb 10, 16:30 CET):
1, A fix tool that will replace ekrn.exe with a fixed version will be ready within today (Feb 10). The tool will need to be run on machines with affected ESET Security products that are malfunctioning. No restart should be needed to get the product work. The tool should work for affected Endpoint v5 as well as v6.5 products also on Windows XP and Windows Server 2003.
2, If you have an affected version of the product and it still works alright, do not restart the computer yet. Tomorrow (Feb 11) we'll be releasing a Loader module which will patch ekrn to fix the issue.
3, We should have 6.5 installers with a fixed ekrn.exe ready by tomorrow and will replace them in the repository too.
4, After remedying the issue, please consider upgrading to the latest Endpoint v7.2 wherever possible. While Endpoint v5 and 6.5 products will work until they reach EOL, we strongly encourage you to use the latest version which not only addresses bugs and issues from older versions but also brings substantially better protection against current threats.