[Win10 Antivirus Protection is non-functional]

Hi Dear ESET Support.

We find a special issue in V7.0 and 7.1 in some version of windows 10 :

GUI will become Red with "Antivirus Protection is non-functional" Error in Protection Status.

Real Time and all modules are work probably (As Screen Shots) but the AV is become Red in ESMC.

This issue occurred in last 7 days and the solution is upgrading to V7.3. But is there any changing in that versions cause not support win10 any more in some circumstances ?

Or it is a bug in those legacy versions ?

Statistic of this issue is about 40% of all Win10 in network.

 

Best regards.

 

[Real-time protection not funtional]

Hi dears ,

Same Problem for many of our Customers.

We Think that old Version of V7 ( 7.0 , 7.1 ) on Windows 10 have this problem , Repair old version will fix the problem or Upgrade to V 7.3 and restart is needed.

But what is the problem ? It seems that there is problem in new updates.

[IP Block in Mail Security]

Hi Dears.

One of our customers have a problem with Mail Security For Exchange. EMS block their own Server IP address in Germany with this error : Found on Cloud Blacklist.

The IP is : 136.243.124.245

We check the ip in over 100 blacklist sources but nothing found.

What can they do ?

 

[Real Time Module not Funtional after Installation]

17 hours ago, Marcos said:

Please carry on as follows:
- in the adv. setup -> tools -> diagnostics, enable full application memory dumps and click OK
- in the same setup section, click Create to generate a dump of ekrn
- collect logs with ESET Log Collector and upload the generated archive here.

Hi Dear Marcos and thank you for your rapid reply.

Here is the requested logs : https://we.tl/t-SIJEPRtd04

[Real Time Module not Funtional after Installation]

5 hours ago, itman said:

Does restarting the device correct the Eset real-time issue?

Unfortunately Not.

[Real Time Module not Funtional after Installation]

Hi Dear ESET admins.

We Have Problem in a specific offline system, After install and first update from mirror or even online update Real-Time become not functional. (Endpoint 7.3.2039.0)

System is scanned with online Scanner and seems to be cleaned.

ESET Log Collector and SysInspector is attached.

 

 

ees_logs.zip SysInspector-TKT-200728-134740.zip

[All Modules are not functional in over 50 PCs]

The problem was : 7.1.2064 will not work on Outdated Win7 .

We install ESET Recommended updates for 7.3 , Then 7.1.2064 work Probebly !

Just 7.1.2053 work on outdated Win7 😐

 

[All Modules are not functional in over 50 PCs]

3 minutes ago, Marcos said:

The issue is with adding drivers to the driver store:
Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted.

Try installing this update:

https://support.microsoft.com/en-ie/help/3004394/support-for-urgent-trusted-root-updates-for-windows-root-certificate-p

Also I'd recommend installing the latest v7.3.2036 instead of v7.1.

Thank you dear marcos for rapid reply ! Ok We Will check this solution .

[All Modules are not functional in over 50 PCs]

Hi Dear ESET Support.

We are working on a project in over 100 PCs. All AV modules are Not Functional in over 50 Workstations !!!

Installing ver 7.1.2064 on Win7-32b

Previous Antivirus was Panda Cloud that uninstalled with Panda Tools , System are cleaned now ( Checked with ESET Online Scanner and Kaspersky Removal Tools)

ESET Log Collector and Sysinspector , and Installation Full Log in attached.

We have not seen such a problem before !

 

 

install.log ees_logs.zip SysInspector-MOJTABAEE-200704-114923.zip

[HW fingerprint could not be obtained]

Hi dears,

This month we see this error in many system that ERA Agent 7.0.577 could not  generate HW Fingerprint so it could not be connected to ECMC.

is there any solution to disable HWFP in V7 to avoid downgrade to Agent V6.

The agent Log :

2020-04-12 08:01:35 Error: AuthenticationModule [Thread 188c]: DeviceEnrollmentCommand execution failed with: HW fingerprint could not be obtained.
2020-04-12 08:01:35 Warning: CReplicationModule [Thread 1a78]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet)
2020-04-12 08:01:35 Error: CReplicationModule [Thread 1a78]: InitializeConnection: Initiating replication connection to 'host: "192.168.48.7" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in time
2020-04-12 08:01:35 Warning: CReplicationModule [Thread 1a78]: InitializeConnection: Not possible to establish any connection (Attempts: 1)
2020-04-12 08:01:35 Error: CReplicationModule [Thread 1a78]: InitializeFailOverScenario: Skipping fail-over scenario (missing last success replication link data)
2020-04-12 08:01:36 Error: CReplicationModule [Thread 1a78]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "192.168.48.7" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in timeReplication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 192.168.48.7:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 00000000-0000-0000-0000-000000000000, Sent logs: 0, Cached static objects: 0, Cached static object groups: 0, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
2020-04-12 08:01:36 Error: AuthenticationModule [Thread 188c]: DeviceEnrollmentCommand execution failed with: HW fingerprint could not be obtained.
2020-04-12 08:01:36 Warning: CReplicationModule [Thread 1a78]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet)
2020-04-12 08:01:36 Error: CSystemConnectorModule [Thread 1f98]: CWbemServices: Could not connect. Error code = 0x8004100e
2020-04-12 08:01:46 Error: CSystemConnectorModule [Thread 1f98]: CWbemServices: Could not connect. Error code = 0x8004100e
2020-04-12 08:01:56 Error: CSystemConnectorModule [Thread 1f98]: CWbemServices: Could not connect. Error code = 0x8004100e
2020-04-12 08:02:06 Error: CSystemConnectorModule [Thread 1f98]: CWbemServices: Could not connect. Error code = 0x8004100e

 

[Agent not Upgrdae to V7 - upgrade.json]

After Delete upgrade.json file and rerun the task , This Error accrued :

Error creating 'era-updater' service (0x430): (0x430), The specified service has been marked for deletion

After a Restart Agent upgrade correctly.

[Agent not Upgrdae to V7 - upgrade.json]

Hi Dears,

In one of our network we have problem with upgrading over 70% of Client's Agent from V6.5 to 7.0.577.0,

After sending Upgrade component Task, Most of them failed with this Error :

File already exists 'C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\upgrade.json'. Cannot continue with agent upgrade

 

What is the solution ?

[WebAccess not Functional after Upgrade from 6.5]

20 hours ago, Marcos said:

You can fix this by running the following command as an administrator:
"sc delete epfwwfpr"

I would strongly recommend upgrading to Endpoint 7.2 which should be able to fix this automatically if the old driver remains registered in the system for whatever reason.

"sc delete epfwwfpr" not helped. Error is persist in V7.0 even after restart as screen shots.

Upgrading to V7.2 solve the issue. But right now they can not upgrade quickly because they have old Win7 and they must install required windows updates for v7.2.

 

[WebAccess not Functional after Upgrade from 6.5]

14 minutes ago, Marcos said:

You can fix this by running the following command as an administrator:
"sc delete epfwwfpr"

I would strongly recommend upgrading to Endpoint 7.2 which should be able to fix this automatically if the old driver remains registered in the system for whatever reason.

@Marcos Thank you for quick reply. We will check this solution.

Their Console is 7.0.577 , Can they use Endpoint 7.2 and manage it with Agent and ESMC 7.0.577 with out any problem ?

[WebAccess not Functional after Upgrade from 6.5]

Hi Dear ESET Admins.

We have a special Problem that is occurred in over 150-200 PCs.

in First days of V6.5 Bug these system change date to 2020-01-01 and then upgrade to 7.0.2091 and 7.1.

in many cases from different customers we have Web Access and IDS Not Functional  problem. It seems that ESET Network drivers failed.

The problem will not solve with normal Uninstall , We must use uninstall tool in safe mode and reintsall V7.

simulated Problematic PC's ESET Log Collector : https://we.tl/t-yNwlcU3u8q

Because there is over 200 cases with this problem for over 10 Customer , we need solution that we can apply via ESMC.

 

 

[Endpoint Security Anti phishing non functional]

it seems that fixtool v1.0.0.3 can not solve the issue in V6.5.2094 without Restart.

We must Run Fixtool and then Restart , Then Anti phishing error will disappear.

[Endpoint Security Anti phishing non functional]

7 minutes ago, SandipThanki said:

Hello Team,

Problem not resolved in 6.5.2107.1 EES.any solution for that version??

Regards,

Sandeep

Right now the only solution for 6.5.2107.1 is change date to 6 Feb , Restart and update , Then Correct Date. ( Not Good for large network)

[Endpoint Security Anti phishing non functional]

32 minutes ago, AustinM. said:

Where do you find this Loader at?

Now it's in regular update channel and by updating to 20824 , loader module will update to 1074.2

[Endpoint Security Anti phishing non functional]

11 minutes ago, persianmcse said:

I changed the date and time
And I updated the 20823 update number
But there is still the problem

version 6.5.2107.1

20824 - With loader 1074.2  is work fine.

Open C:\Program Files\ESET\ESET Endpoint Security\em000_32.dat  with notepad and check file version. if it is 1074.2 issue must be solved.

[Endpoint Security Anti phishing non functional]

57 minutes ago, Marcos said:

Update (Feb 11, 17:00 CET):
The Loader module 1074.2 is currently on the pre-release update channel and fixes the issue for any v6.5 products on machines that have not been restarted yet and the product is in working state (ie. update and protection works). We plan to release the module for all users in an hour (18:00 CET).

1074.2 Pre-release solved 6.5.2132 Issue.

So if date change to 06-02-2020 and then AV update , problem will solve completely in v6.5 with out fixtool.

[Endpoint Security Anti phishing non functional]

1 hour ago, andyuni said:

 

you can send a Run Command task with this command :

date 01-02-2020 & Shutdown /r /f

then after restart send upgrade task for clients.

you must temporary disable Date sync and Be sure that Date not sync after restart with AD.

 

[Endpoint Security Anti phishing non functional]

1 hour ago, Marcos said:

A fix for Endpoint v5 will be ready within today for most common language versions. It will install the latest version of Endpoint 5.0.2271 which is not affected on already malfunctioning systems.

If you don't have many machines affected, you could do the following:
- temporarily shift the date to Feb 7 or earlier
- reboot the machine
- ESET should load alright. Uninstall it and reboot the machine.
- If you don't have old systems with Windows XP, install the latest version 7.2, otherwise download and install 5.0.2271. If you have Windows XP, we're going to publish v6.5 with the issue fixed, upgrade from 5.0.2271 to it when available.
- You can stay with Endpoint v5.0.2271 if you cannot afford to upgrade to newer versions for whatever reason, however, please take into account that Endpoint v5 is approaching End Of Life and it cannot provide as good and effective protection against current malware as v7+ does.

For XP 6.5.2132 is now working find with current patch.

is 6.5.2132 supported to WinXP ?

 

Official version for windows XP is

Business Products: Version 6.5.2118.x  that can be patched right now.

[Endpoint Security Anti phishing non functional]

In large network you can use some software like https://www.exemsi.com/

to convert EXE to MSI file and install in by Software install task.

We test it and it is working find , just set to run certfix.exe after installation.

 

[Endpoint Security Anti phishing non functional]

PowerShell is not working on windows XP and server 2003 ,

In large network that have legacy Windows it is better to install a MSI with Install Software Task.

is There any way to run the patch with RUN Command task in windows XP and server 2003 Environment ?

[Bug in Disabling Firewall at All ESET Versions]

This Bug is fixed in V7.2 .

So upgrading to V7.2 will solve this bug.