Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by winstonsmith84

  1. Nevermind. Event Viewer shows the update never started because permission to stop the Eset Management Service was denied.
  2. Web console says "Login failed: Connection has failed with state Not Connected". I'm assuming I just keep waiting until the web console finally works again but this seems like it's taking a very long time and I don't know how I would even know if it failed or not.
  3. The update has been running for over an hour. I can't log into the web console during this obviously and there is no status update of any kind so I can't tell if this is actually updating or if it failed and just hung. At what point do I give up and assume failure and restore the VM? The tomcat service is running on the server and the eset management service on the server says "stopping". It has said this for a long time now. Is the upgrade actually happening or did it fail?
  4. Unfortunately the error happens sporadically across the network. I never know when it's going to happen and I can't force it to happen.
  5. I get these error messages frequently. "During execution of Update on the computer the following event occurred: File does not exist." If I run the update modules task on the affected computer then it updates. Why does this keep happening and how do I make these computers update themselves without having this error?
  6. The struts exploit is for Apache but the server listed in the threat log doesn't have Apache installed on it. So why would this be listed as a threat alert on this server?
  7. We recently upgraded to Eset File Security 7.0.12016 and now have a few entries in the threat log that I'm uncertain what to do about. All say Firewall Security Vulnerability exploitation. One is SMB/Exploit.MS17-10.B and the other three are CVE-2017-5638.Struts2. Does this alert mean that these servers were actively attacked or just that a potential vulnerability exists with these servers?
  8. Service is running. Status is all green. No issues. Trace Log doesn't appear to have any errors but there is this entry occasionally: Warning: Kernel [Thread 648]: Module library +EVSAConnector was not loaded Warning: Kernel [Thread 648]: Module library +ESLCConnector was not loaded
  9. Nothing in Lost and Found with the same name and it's not cloned. It's a physical desktop that used to show up as managed.
  10. I have one PC in our environment that always shows as unmanaged in the remote admin console but Eset is installed on this PC. When you log into that machine and check Eset it says everything is OK. It appears to be working just fine but the ERA just shows the status wrong. How do I make this machine show up correctly in ERA as a managed PC? This PC has no info listed in ERA either. Everything for it just says N/A.
  11. Also, if it matters, desktop hit with filecoder was Windows 7 and desktop hit with neshta was Windows 10 although the desktops of both users are redirected and stored on a server. User with filecoder has desktop redirected to Server 2008 R2 and user with neshta has desktop redirected to Server 2016 if this is relevant.
  12. All eset endpoints are password protected so the employee shouldn't have been able to disable eset on the affected desktop. All eset protections should have been running unless the attacker found a way to disable them. I do still have this particular PC available offline to look over if anyone has ideas of what exactly I should be looking for on it. I don't have access to the servers that were hit as they were wiped and restored from a backup. After the attack on this desktop we received alerts that certain servers had massive CPU spikes so I believe the server encryption began after this desk
  13. Logs are uploaded. Sent them in a personal message. Since this attack happened we were hit again with something called Nestsha.A as well. Eset caught this attempt except for 5 times when it said "error while performing action" and then this attack moved from that desktop to hit servers.
  14. We recently fell victim to a ransomware attack. The attack began on a user's PC that was protected with Eset 6. The remote admin console shows us that this machine was hit 20 times with something called Win32/Filecoder.NPA and that it was leaving an exe called f-new on the user's desktop. Eset claimed it was finding this infection and deleting it each time. The infection succeeded anyway as right after that server encryption began. Curious as to why Eset failed to stop this attack even though it noticed it. We have kept the infected desktop off the network after the attack and have not touched
  15. Really hoping that there will eventually be a better way of informing users they need to restart the computer after an Eset update. Users consistently refuse to restart when they get the "Eset needs attention" message in the system tray. I'm forced to send the pop up window message task telling them to restart. This message scares them because they think any message that pops up on the screen is a virus and they refuse to reboot after seeing it. There has to be a better way to make people restart after an update. Ideally, not requiring a restart after an update would be wonderful. What exactly
  16. Yes. This worked for me every time. About 3/4 of the computers would upgrade with no issues but those that failed required this step to correct it. You will have doubles of the same computer name in your license manager after doing this though it doesn't appear to take up a second license. You can just remove the duplicate. Best option is just to not update any computers at all. Skip this update and wait for the next one. I got about 130 computer up to this version but I won't be upgrading any others.
  17. uninstalls aren't possible. freeze on preparing uninstallation. only solution is forced uninstall via the command line uninstaller which has to be run in safe mode. this is a serious nuisance for affected PCs in other parts of the country that don't have anyone in that location to fix this.
  18. Same problem here. Having to uninstall via the command line uninstaller tool and then reinstall manually. Afterwards the license server shows duplicate entries for the same machine. I'm avoiding this update on any further machines. There's something seriously wrong with it.
  19. Push install and manual install will fail on 1 in 10 PCs. Affected computer will have the error "Modules update failed. Product is not activated." This only happens when installing version 6.6.2068.0. Older versions install without errors. The only way I've found to get around this is to use command line uninstaller tool and then reinstall manually. This is dramatically time consuming to update hundreds of computers one by one. Please, why is this happening? If no one knows, then I'm skipping this buggy update.
  20. I think the issue is that the installer says finished but it isn't actually done. I send a reboot to the PC and then it comes back up and says the installer is running again but Eset never functions again. It just says the modules can't be updated because there is no license file. I have to uninstall and manually reinstall to get around this. Why does the remote admin always say an install process is finished when it actually isn't?
  21. The install task says finished. Product is installed. Computer is restarted. Now the client install task once again says running and stays this way. Why?
  22. Never mind. Gave up and got rid of the computer. Replaced it with another one and this one works.
  23. This is still a problem. Cannot get this to work. Have uninstalled and resintalled and the problem persists. Tried running the following commands: sc query epfwwfpr Result was that the service epfwwfpr was running. sc qc epfwwfpr Result showed the kernel driver was set for system start and was located in the normal location The driver for this appears to be installed but it doesn't run for some reason. This computer is setup up as a training station kiosk so I had originally thought that perhaps the software that locks it down from regular users was causing the issue e
  24. Registering callouts and filters through BFE. Detected product with firewall: no Detected Windows version: 0x601 Detected product "eea", version: 6.5.2107.1 FwpmTransactionCommit0 error 0x1a91 Added 32 (0) filters, 16 callouts, 3 sublayers, 1 providers. Exit status 0x1a91: Transaction support within the specified resource manager is not started or was shut down due to an error. eea_logs.zip
  • Create New...