Jump to content

Mindflux

Members
  • Posts

    24
  • Joined

  • Last visited

About Mindflux

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA

Recent Profile Visitors

469 profile views
  1. I too received this. If I had to guess it's related to the Cloud maintenance: Apr 24, 2023 ESET Inspect Cloud planned maintenance Completed - The scheduled maintenance has been completed. Apr 24, 17:00 CEST In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Apr 24, 09:30 CEST Scheduled - Dear customers, we would like to inform you about the upcoming production upgrade of ESET Inspect Cloud which is planned for this Monday, April 24th. You can expect 2 outages between 9:30 and 17:00 CEST. The 1st one will last around 1 minute and the 2nd up to 10 minutes. Customers will not be able to access their ESET Inspect Cloud console during these outages. We apologize for any inconvenience.
  2. Thanks. I'll have to wait for the next BSOD and report back.
  3. Attached is the minidump. 012323-5984-01.zip
  4. I have been having sporadic reboots, mostly in the evening or early morning when I am not at my desk. I had one happen last night after checking event viewer and analyzing the minidump: nt!KeBugCheckEx: fffff807`7e820fb0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffd03`c17b77f0=0000000000000153 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_LOCK_ENTRY_LEAKED_ON_THREAD_TERMINATION (153) A thread was terminated before it had freed all its AutoBoost lock entries. This is typically caused when a thread never released a lock it previously acquired (e.g. by relying on another thread to release it), or if the thread did not supply a consistent set of flags to lock package APIs. Arguments: Arg1: ffff8887295e4080, The address of the thread Arg2: ffff8887295e47e0, The address of the entry that was not freed Arg3: 0000000000000002, Thread pointer reserved bits were set Arg4: 0000000000000000 Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 1296 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 1319 Key : Analysis.IO.Other.Mb Value: 0 Key : Analysis.IO.Read.Mb Value: 0 Key : Analysis.IO.Write.Mb Value: 0 Key : Analysis.Init.CPU.mSec Value: 186 Key : Analysis.Init.Elapsed.mSec Value: 6911 Key : Analysis.Memory.CommitPeak.Mb Value: 92 Key : Bugcheck.Code.DumpHeader Value: 0x153 Key : Bugcheck.Code.Register Value: 0x153 Key : Dump.Attributes.AsUlong Value: 808 Key : Dump.Attributes.KernelGeneratedTriageDump Value: 1 FILE_IN_CAB: 012323-5984-01.dmp TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b DUMP_FILE_ATTRIBUTES: 0x808 Kernel Generated Triage Dump BUGCHECK_CODE: 153 BUGCHECK_P1: ffff8887295e4080 BUGCHECK_P2: ffff8887295e47e0 BUGCHECK_P3: 2 BUGCHECK_P4: 0 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: ekrn.exe STACK_TEXT: fffffd03`c17b77e8 fffff807`7e893fa0 : 00000000`00000153 ffff8887`295e4080 ffff8887`295e47e0 00000000`00000002 : nt!KeBugCheckEx fffffd03`c17b77f0 fffff807`7eb17d0e : 00000000`00000000 ffff8887`295e4050 fffffd03`c17b7a09 00000000`00000000 : nt!KeCleanupThreadState+0x1c88d0 fffffd03`c17b7840 fffff807`7eacdb0e : ffff8887`295e4080 ffff8887`295e4050 fffffd03`c17b7a09 ffffffff`ffffffff : nt!PspThreadDelete+0x1e fffffd03`c17b78b0 fffff807`7e692f63 : 00000000`00000000 00000000`00000000 fffffd03`c17b7a09 ffff8887`295e4080 : nt!ObpRemoveObjectRoutine+0x7e fffffd03`c17b7910 fffff807`7eaca418 : 00000000`00000001 00000000`00000001 00000000`00001050 fffff807`7eacac17 : nt!ObfDereferenceObjectWithTag+0xc3 fffffd03`c17b7950 fffff807`7eac7b09 : 00000000`00000000 000000b2`45364000 00000000`00001050 000000b2`45364000 : nt!ObpCloseHandle+0x2d8 fffffd03`c17b7a70 fffff807`7e833968 : ffff8887`360d6080 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtClose+0x39 fffffd03`c17b7aa0 00007fff`1f84ef54 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28 000000b2`47dff8e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`1f84ef54 SYMBOL_NAME: nt!KeCleanupThreadState+1c88d0 MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe IMAGE_VERSION: 10.0.22621.525 STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: 1c88d0 FAILURE_BUCKET_ID: 0x153_KERNEL_LOCK_ENTRY_LEAKED_ON_THREAD_TERMINATION_RESERVED_BITS_SET_nt!KeCleanupThreadState OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {aeb5bb18-b52c-51eb-af16-9ae73af5d4a8} Followup: MachineOwner This is actually Windows 11 Enterprise, but I'm guessing Windbg hasn't been updated to detect the Windows 10 version number.
  5. In protect I have a schedule programmed to run AV scans at 2AM on all devices. The scheduler list shows it's set for 20:00:00. But when I click into the scheduled event it does show 2AM. If I bump it to 3AM, it moves it up to 21:00:00. I'm guessing it's not showing LOCAL time? Is there a way to adjust that? Other date/times match my local time, like the "last connected" column for computers... and so on and so forth. https://i.imgur.com/cGyeGK1.png
  6. Is there a way to display the module version in the list of computers talking to ESMC? It shows the AV version, and the Modules column simply says "Updated". I'd like it to show me what version of the modules is loaded. ERAS/ERAC showed this.
  7. Hi, I've done that. How do I confirm it's working? I see data in the access_log, but I also see some messages like "AH01797: client denied by server configuration: proxy:esmc:2222" in the error_log. I do see /var/cache/httpd has grown since last night.
  8. That's to USE the HTTP proxy, not configure it for client use if I am not mistaken?
  9. I do see in the docs there was a checkbox I missed. I don't see how to enable it after the fact, without using SSH, though.. which has been done. I guess I'll see where this goes.
  10. That should work.. perhaps it should be a default ON sort of thing, though?
  11. Is there a technical limitation to why ESMC cannot also host a definitions mirror? If I use the mirror tool I have to use up one of my license seats to allow the tool to download updates... which ESMC should already do and distribute them for you. I skipped v6 of the entire line of products because of how wonky things were, v7 seems better but this would be great if ESMC could host the updates too...
  12. Also it seems if you make an offline license file you eat up 1 (or more) of your license count doing this? Just to distribute it with ERA? :facepalm:
  13. Yes I found the offline documentation, but if you look at my screen grab there's not even an "OFFLINE" column header. Under settings you have Offline license files - Show offline license file download option Yes I found the offline documentation, but if you look at my screen grab there's not even an "OFFLINE" column header. Under settings you have Offline license files - Show offline license file download option Alright. Got it. Thanks. Still not sure I wanna go with ERA6/AV6. What a pita. I'm still "testing" it since it came out, but I won't take it to production. 6.5 sounds promising, they mentioned it will be released in December. They're so far behind the AV version (9?). I know business versions rely on reliability but it seems we're really lagging behind here.
  14. Yes I found the offline documentation, but if you look at my screen grab there's not even an "OFFLINE" column header. Under settings you have Offline license files - Show offline license file download option Yes I found the offline documentation, but if you look at my screen grab there's not even an "OFFLINE" column header. Under settings you have Offline license files - Show offline license file download option Alright. Got it. Thanks. Still not sure I wanna go with ERA6/AV6. What a pita.
  15. Here you get offline license file hxxp://IP_ADDRESS:PORT https://help.eset.com/ela/en-US/index.html?downloading_offline_legacy_licenses.htm Yes I found the offline documentation, but if you look at my screen grab there's not even an "OFFLINE" column header.
×
×
  • Create New...