brandobot
-
Posts
64 -
Joined
-
Last visited
Posts posted by brandobot
-
-
We noticed the same thing in our environment. The issue seemed to be fixed within half an hour.
-
11 hours ago, Peter Randziak said:
Hello @brandobot,
good, thank you for the answers and the logs.
I had them checked by my colleague, who has expertise in macOS support and I replied you via the private messages.
Regards, P.R.
Per US Support, they recommended we install ESET back onto these machines. Within 3 hours, 2 machines already restarted/crashed upon wake from sleep. Without it installed, we went about 4 days without any crashing. I'm running the log collector script now and will PM it to you.
-
9 hours ago, Peter Randziak said:
Hello @brandobot,
1. Does it crash only after the wake-up
2. If yes after each or just sometimes?
3. The issue is exclusive for the new ("t2 chipset macOS laptops (2018 and newer)") systems only?
4. What exactly crashes just the ESET app or entire system?
Can you please collect the logs right after the crash and send them to me to check via a private message with a reference to this thread so I can have them checked?
Regards, P.R.
1) Yes, only wake from sleep.
2) Only sometimes. We sent a survey to 150 of our users on 2018 Macbook Pros and they experience crashing 1-2 times per week on average.
3) Yes, only 2018 and newer. (t2 macs)
4) Entire system reboots. Upon waking up from sleep, we'll see an Apple logo, then get kicked back out to the login screen. Upon login, you'll find that all apps are closed and the system had rebooted. This is indicative of t2 performing a reboot when it thinks it detects an intruder.
I have removed Endpoint Security 6.7.654.0 from 4 of our test machines over the last 3 days and have not experienced a crash. I will keep running without endpoint security for a few more days to be sure this is the case.
On one of my test machines, I wrote down the date/times of two crashes. Is there any specific log files I should be looking at and gathering?
Edit:: I used the ESET log collector and have sent you logs from 2 of the affected machine and the date/time it experienced the unexpected reboot.I've also created a case with ESET support
-
On our t2 chipset macOS laptops (2018 and newer), we are seeing crashing on wake from sleep. On average, crashing happens 1-2 times per week for all of our users.
we are running 6.7.654.0. Is anyone else experiencing this?
-
The fix for me was to uninstall and re-install the new version.
I am still uncertain why installing over an existing install worked for about 90% of our machines, but required uninstalling for the other 10%. -
I'm trying to deploy 6.7.6 on top of 6.6 ESET Endpoint Security. On about 15% of our machines, they are failing. Is there any pre-requisites that need to be met to install properly? Any logs I can check that will tell me where it is exactly failing.
Downloading ESET Endpoint Security 6.7.600.0.pkg... Downloading https://use1-jcds.XXXXXXXXXXXXXXX... Verifying package integrity... Installing ESET Endpoint Security 6.7.600.0.pkg... Installation failed. The installer reported: installer: Package name is ESET Endpoint Security
installer: Installing at base path /
installer: The install failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.) -
Thanks for your help @TomasP Looking forward to the future release as the current 6.7 is not deployable with the current issue.
-
These errors are from SCCM. Is there somewhere on the local client that has the install logs so I can track down what may have happened?
-
32 minutes ago, TomasP said:
Hello,
Thanks everyone for providing your feedback. We have a new build ready in which we changed detection of granted FDA to EES.
I will be contacting you privately with the download link.
Regards,
TomasJust installed this new version. No pop-up once installed. I used my existing TCC exclusion profile. I will continue monitoring to make sure no other unexpected behavior pops up.
-
We are working on deploying ESET Endpoint Security/Agent upgrades for all our Windows endpoints.
On a small handful of machines, I am seeing Error: The extended attributes are inconsistent and "the application was not detected after installation completed.
Where is the log file for Windows endpoints so I can figure out what may be causing this error?
-
I had this issue on both 6.6 and 6.7 on Mojave. On multiple times on test machines, as soon as ESET installed, the whole Mac just froze and required a forced reboot. After reboot, it appeared fine.
We're holding off on 6.7 until they fix the TCC profile issue.
Unfortunately, we've been so busy and I don't have time to keep going back and forth collecting logs and trying betas...we've been doing this for over a year with the remote administrator...
-
Agreed, I do not think this is a TCC profile issue. I have 8 other TCC profiles in production for various apps and have not had an issue until ESET.
-
Same issue with the beta version. I've created a new config profile based on the beta to allow both all app data and system files.
I tested by uninstalling ESET, applying the configuration profile, restarting the Mac, then re-installing the Beta version.
-
I just tested suppressing the GUI upon install by creating an empty file into the "cache" folder and it apperas to work. The esets_gui process does not launch, there is no splash screen, and no icon in the menu bar. I am able to verify that the proxy, mac, fcor, daemon, pidmapper and ctl processes are running in activity monitor. Does this mean the machine is still being fully protected?
Not a huge issue, but Is there a way to suppress the splash screen upon install, but retain the ESET icon in the menu bar?
Another thing I noticed is that the "do_not_launch_esets_gui_after_installation" file is removed after the install. So after every upgrade, we'll have to re-create the file.
-
I'll test it.
Also, to verify codesign, try "codesign -dr - /Applications/ESET\ Endpoint\ Security.app/Contents/MacOS/esets_gui"
It is returning "anchor apple generic", which is invalid.
-
17 hours ago, Peter Randziak said:
Dear @brandobot,
The code signature is valid, just run in terminal:
codesign --verify --verbose /Applications/ESET\ Endpoint\ Security.app
the output should be exactly like this:
/Applications/ESET Endpoint Security.app: valid on disk
/Applications/ESET Endpoint Security.app: satisfies its Designated RequirementAlso the identifier is set to value "com.eset.ees.6", to see run in terminal:
codesign --display --verbose /Applications/ESET\ Endpoint\ Security.app
Output:
dan43:Src adam$ codesign --display --verbose /Applications/ESET\ Endpoint\ Security.app
Executable=/Applications/ESET Endpoint Security.app/Contents/MacOS/esets_guiIdentifier=com.eset.ees.6Format=app bundle with Mach-O thin (x86_64)CodeDirectory v=20200 size=39342 flags=0x0(none) hashes=1224+3 location=embeddedSignature size=9054Timestamp=23. 10. 2018, 21:28:45Info.plist entries=29TeamIdentifier=P8DQRXPVLPSealed Resources version=2 rules=13 files=424Internal requirements count=1 size=36So it is signed, clients aren't executing unsigned code.
Nevertheless, we are using only the "apple anchor generic" requirement which is pretty broad. This requirement is something that the application itself specifies for the system to know when it should consider its signature valid. It seems weird to me that TCC would look at the form of the requirement, but I guess its possible.
We are currently testing the possibilities how to add our product to the full disk access list in the macOS.
When it comes to the Silent installation, you need to create a flag file in advance in the following location: '/Library/Application Support/ESET/esets/cache/do_not_launch_esets_gui_after_installation'
To the GUI won't startl, then you should send them a policy to disable the splash screen and start the GUI manually.
Regards, P.R.
A majority of us are using Jamf’s PPPC utility to test. To test, create a configuration profile for eset endpoint security for full disk access, deploy via mdm, then install ESET Endpoint Security to see if the same pop up comes up.
When we talk about TCC, this is a built-in mechanism by Apple in the Mojave operating system.
Link to pppc utility:
https://github.com/jamf/PPPC-Utility
Link to tcc database reset script. Run this before testing a new config profile to reset the previous applied tcc exclusions:
https://gist.github.com/haircut/aeb22c853b0ae4b483a76320ccc8c8e9#file-tcc-reset-py
Thanks for the suppressing gui option. Just to confirm, just create an empty file with the name above?
-
Adding this link about privacy policy controls -- https://derflounder.wordpress.com/2018/08/31/creating-privacy-preferences-policy-control-profiles-for-macos/
#1 on the list - "Item being whitelisted must be code-signed"... so that explains why it's not working as the ESET app is not properly code signed
-
We allowed "All Files" in a configuration profile for our Macs on Mojave, but upon installing 6.7.500.0, we still get prompted to manually go to system preferences >> privacy and allow full disk permission.
Upon further investigating, we found that the app itself does not have a unique identifier and is just using the "anchor apple generic". I don't think the app is properly code signed, which is causing the TCC exception not to go through. Obviously this is a huge blocker as we cannot reliable deploy ESET to our environment. (see screenshots for ESET code sign vs Discord code sign. All apps should have a unique identifier.)Also, another huge annoying issue that has been around for years is the ESET splash screen and the console launches upon installing the .pkg. We do not want to pop up the splash screen and ESET gui during upgrades for all of our end users. Please give us an option to do a silent install.
-
On 11/2/2018 at 10:45 PM, MichalJ said:
What was the version before upgrade? Was it the latest 6.6? I will have it checked by our internal QA, whether they will be able to reproduce the issue.
Yes, it was the latest version, 6.6*. I was running macOS 10.14 and upgraded to 10.14.1. After reboot, this is when I noticed the error.
-
Reboot does not help, but I reinstalled the product and now it is working without errors.
-
This just happened on my own Mac. Was working fine for a few weeks, did a macOS Mojave update, restarted, and now it's saying the ESET kernel extension isn't loading. Maybe something similar is happening to other Macs?
-
I've had the 6.7 version installed for about a week now. I haven't seen any slowness or hanging. I'll keep monitoring...
-
4 hours ago, MichalJ said:
Hi Brandon, can you please share couple more details about the machines? What is the OS version, and what is the Mac Endpoint version? If I do recall correctly, this once happened to me, when I have upgraded the mac OS to High Sierra, however non-compatible Endpoint application was installed. But that´s just a guess.
Also, have you contacted ESET support with it already? If yes, I would like to follow up with them, transfer it to HQ support, so your issue could be analyzed.
About half were on ESET Endpoint Security 6.5 still. I will try to update these again. (I had updated through the ESMC a couple weeks ago but these must have failed.
All are running High Sierra (10.13.6)
The other half are up to date.
Products & LicensesESET Endpoint Security 6.6.866.1 Up-to-date version ESET Management Agent 7.0.418.0 Up-to-date version I will open a case now. I have a couple cases open and it generally takes a couple days to get a response. I normally get a faster response on the forums. Thanks.
-
HI @Marcos These are primarily on Mac machines. ESET is installed, but the processes are not running. Is there a script or a way I can re-start the services? We do not want restart end users machines.
ESET 6.7.500.0 and 10.14 Mojave TCC issue)
in ESET Endpoint Products
Posted
This is what we're using.