OP System

@ewong look at this line: MSI (s) (7C:04) [14:19:50:909]: Product: ESET Endpoint Antivirus -- The app that you are trying to run is not supported on this version of Windows. See https://go.eset.com/acs23 Windows 7 doesn't support the new Code Signing platform (a.k.a. ACS / Trusted Signing) unless you have a ESU license and install KB5006743 or later as per here: https://support.microsoft.com/en-au/topic/kb5022661-windows-support-for-the-trusted-signing-formerly-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4 Basically you're stuck to latest version that was released before 9.1.2066.0. See also https://forum.eset.com/topic/38212-install-failing-on-2008r2-servers-with-acs-support/

Hi, same problem here with Win Server 2008 R2 x64 Both task and manual attempt fails

Thanks Marcos. Currently, the only way to install the pre-release version in ESET Protect Cloud is to perform an upgrade from 11.0.2032, but this can be tricky on workstations that were affected by the problem. Anyway this is good news, hoping that the fixed version will be officially released on stable channel ASAP.

@Marcos, do you have any prediction on when the patch will be released? Many of our clients are asking us what to do with the affected workstations (we are at 10% of total installed endpoints and still growing). Are there any settings we could tweak to mitigate the problem, beside installing v.10? I'm trying to avoid mass-redeployments on hundreds of machines. Thanks

Hello @ShaneDT , we're keeping removing ESET completely and letting users with native Windows 10 AV. This is the simplest solution for us. I hope this will get fixed soon Gabriele

I thought this could be somehow related to this . Unfortunately, even after Browser protection module update 1336, the problem persists and is affecting more and more clients. We're keeping uninstalling the product, as this is the only solution we found for now. @Marcos should we keep going with our ticket with local ESET support?

Hello all and sorry for this delay. @SBIT thank you for your comment, that gives us a possible workaround. @Marcos I've managed to create a manual dump and I sent you a download link as you requested. Our ticket is #00677791. Please let me know if advanced diagnostic logs are needed. I can confirm that the issue arises more often when a browser (firefox or Chrome) is opening.

Hello, this is a first hint of a problem we're facing since Endpoint ver. 11.0.2032.0 has been rolled out on our Windows 10 customers. I searched for similar recent posts in Forum but couldn't find anything similar so I assume it's related with our locale (IT) or our specific endpoint policies. About 2% of our managed endpoints are becoming unresponsive after boot: apps freeze, cannot interact with Explorer elements, network traffic stops, whole Windows GUI becomes unusable for several minutes. Sometimes all gets back to normal after waiting, sometimes we have to physically power cycle. Disabling Realtime protection or uninstalling Endpoint Protection is the only way to let users work normally. So far we've started working with our local reseller to collect logs and relevant information. CPU usage is normal, seems a memory lock issue to us, specifically during startup scan. I've tried disabling HIPS Advanced memory scanner but to no avail. If someone else is facing this issue or have suggestions, please let me know. Due to the nature of problem, performing any diagnostics in real time is nearly impossible, so any additional help will be appreciated. Thanks Gabriele

Hello, in Computer Details -> Detections & Quarantine, the "DETECTION RESOLVED" filter is always enabled (in un-flagged state) by default. This cannot be changed permanently, as the detections window will reset itself after leaving details area. Please allow users to change the default filter preset or, at least, remove the DETECTION RESOLVED filter as default. We would like to see the whole PC history when the detections list is opened. Thanks Gabriele

The problem with this is that computers which have not been scanned (i.e. software list is empty) will also be included. Currently I'm trying to find a way to exclude them, like adding a NOR rule with "CPU is n/d" but it seems not to be working.

Thanks for the info MartiniK!

Hello, sorry for n00b question, but is the upgrade task automatic for Eset Cloud customers? We've approx 1200 agents, all of them still have 8.0.1238.0 version, should I issue the upgrade command or just wait for next days? Thanks!

Thanks Marcos, Just for sake of knowledge, do you know why those operations get blocked or why on 2012 specifically? Maybe someone else already got through WMI tracing in the past…

Hello all, resuming from this comment by Nightowl we're still observing thousands WmiPrvSE.exe blocked operations by HIPS in all our MS 2012 Servers (see attachment). Yes I know, “Log all blocked operations” option can be disabled, but I’m wondering if all these events could impact system performance / stability somehow… why does this happen on 2012 (R2) only and not in subsequent versions? Thanks Gabriele

As a side note, policy propagation throughout nested groups takes A LOT (45 min for 1 policy to be applied to 100 clients). Is there a way to speed up this process? Like an "update policy" task or "re-apply policies"

Hello, simple question as title: we've hundreds of agents connected to a specific EPC instance, we’ll need to get them managed by another Protect Cloud account. Aside from migrating groups and policies, is it possible to change which EPC the agents connect to? Like Partial Migration from ESMC 7 / ESET PROTECT 8 to ESET PROTECT Cloud but from Cloud to Cloud... Thanks! Gabriele

Hello Marcos, In fact, the purpose is to set specific defaults values, but let users adjust them if they need. For example: set the reporting levels to “balanced”, but let users change it to “aggressive” or “off” if they want to be more / less notified about events. set specific HTTP scanner ports, but let user add/remove them when they use specific internal portals. enable notification for critical Windows Updates, but let user disable them … and so on This is nothing but a “hey, we configured all settings for you, but you can change them now” mood. Gabriele

Description: Set default setting in policy, but let user change it Detail: currently every setting in a policy can be applied in 3 ways: Not set (editable on client) Set (not editable on client) Enforced (not editable on client) I personally miss the “Set (editable on client)” option, i.e. I’d like to set the default value, but let the user change it permanently on his/her client. This is somehow similar to the override behavior, but without the temporal limitation and without the client being considered non-compliant. Gabriele

Hello MichalJ and thanks for answering. I’ve re-checked the client network connection and finally they received the policy as expected. However, when the “Manage Policies” menu is opened for a group, it does not show the inherited policies, AFAIK this is by design (only direct applied policies are shown) - Is there a way to know the resulting inherited policies for a static group without opening clients details? If not, I’d like to suggest this feature.

Hello, I think I may missing something here… I have this strange behavior, subgroup is not showing inherited policy from its parent. Weirdest thing is, “POLICIES” column shows 0 applied policies for a PC, but when I open the “Manage Policies” menu for that client, the policy is there. This does not appear to affect all the objects in the same way. What’s happening? Thanks!