Jump to content

kamiran.asia

Members
  • Posts

    259
  • Joined

  • Last visited

  • Days Won

    1

Kudos

  1. Upvote
    kamiran.asia gave kudos to itman in HIPS registry Rules not work at Services   
    For registry subordinate keys under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\", you need to code the following, "HKEY_LOCAL_MACHINE\SYSTEM\*\".  For example:
    HKEY_LOCAL_MACHINE\SYSTEM\*\Services\USBSTOR\Start
  2. Upvote
    kamiran.asia received kudos from Vodzoo in Agent Srv couldn't be stop while upgrading to V8   
    Hi dear ESET Admins.
    In some endpoint we are facing this problem : ( Upgrading 7.0.579.0 to 8.0.1238.0 )
    MSI (s) (40:9C) [11:01:33:439]: Product: ESET Management Agent -- Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.
    Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.
    Full Log is Attached.
    What can we do remotely for this problem ( except safemode and uninstaller tool ) ?
     
    For more info : Upgrade task did not work in this network because of this problem in below link so we are using a deployment software to install new MSI, this solution success at 98% of endpoint but about 5 system has proble.
    https://forum.eset.com/topic/26914-agent-v7-show-as-updated-in-eset-protect-v8/
     
    Log.txt
  3. Upvote
    kamiran.asia gave kudos to Marcos in Limited Connection in AntiSpam Module   
    You received a communication error for servers 38.90.226.21-38.90.226.25, e.g.:
    Sending requests to host h5-ars05-v.eset.com (38.90.226.25).
    Direct DNS request, UDP protocol, port 53, A record: response 127.0.4.210, TTL 120
    Direct DNS request, UDP protocol, port 53, TXT record: response s:2130707666, TTL 120
    Direct DNS request, TCP protocol, port 53, A record: DirectComm: Timeout occurred after (12000)ms on fd(476) reading(0) B
    DirectComm: Failed to receive direct response: -1
    Sending direct DNS request has failed.
    Direct DNS request, UDP protocol, port 53535, A record: DirectComm: Timeout occurred during socket read after (6000)ms on fd(476)
    DirectComm: Failed to receive direct response: -1
    Sending direct DNS request has failed.
    If you run the tool multiple times at different times, are you repeatedly getting the errors only for these servers ?
  4. Upvote
    kamiran.asia gave kudos to Marcos in Win10 Antivirus Protection is non-functional   
    That's because you are installing old versions with an old eelam.sys driver. Because of that, the product cannot update and load modules. Please always use the latest installers from the web or repository.
  5. Upvote
    kamiran.asia gave kudos to Marcos in All Modules are not functional in over 50 PCs   
    The issue is with adding drivers to the driver store:
    Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted.
    Try installing this update:
    https://support.microsoft.com/en-ie/help/3004394/support-for-urgent-trusted-root-updates-for-windows-root-certificate-p
    Also read https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn265983(v=ws.11)?redirectedfrom=MSDN
    Last but not least I'd recommend installing the latest v7.3.2036 instead of v7.1.
  6. Upvote
    kamiran.asia gave kudos to Marcos in WebAccess not Functional after Upgrade from 6.5   
    You can fix this by running the following command as an administrator:
    "sc delete epfwwfpr"
    I would strongly recommend upgrading to Endpoint 7.2 which should be able to fix this automatically if the old driver remains registered in the system for whatever reason.
  7. Upvote
    kamiran.asia received kudos from mcrouse in Endpoint Security Anti phishing non functional   
    In large network you can use some software like https://www.exemsi.com/
    to convert EXE to MSI file and install in by Software install task.
    We test it and it is working find , just set to run certfix.exe after installation.
     
  8. Upvote
    kamiran.asia gave kudos to Marcos in IDS on Server2008 R2   
    It's because of this: https://support.microsoft.com/en-us/help/2664888/computer-stops-responding-when-you-run-an-application-that-uses-the-wi
    So the solution is to make sure the hotfix is installed, then install EFSW and enable Web & Network protection during installation.
  9. Upvote
    kamiran.asia gave kudos to Marcos in Realtime module not functional   
    The problem with the machine from which the latest logs were taken is that you have an old eamonm.sys driver from v4.5 running. Did you upgrade to EFSW v7 from EFSW v4.5? If so, a restart is needed after installation for new drivers to get loaded. Did you reboot the server? If so, please uninstall EFSW completely, make sure there is no eamonm.sys driver in c:\windows\system32\drivers and install EFSW v7 from scratch.
  10. Upvote
    kamiran.asia gave kudos to Marcos in Realtime module not functional   
    I was right, real-time protection doesn't activate because of the image state IMAGE_STATE_UNDEPLOYABLE. There's something wrong with Windows, it should be in IMAGE_STATE_COMPLETE state.
  11. Upvote
    kamiran.asia gave kudos to itman in Realtime module not functional   
    Also McAfee has an article on how to reset the affected registry key back to IMAGE_STATE_COMPLETE. Note that by doing so is at your own risk since the IMAGE_STATE_UNDEPLOYABLE status indicates an unsuccessful OS deployment:
    https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&locale=en-US&articleId=TS102833&_afrLoop=1087443705220366&leftWidth=0%&showFooter=false&showHeader=false&rightWidth=0%&centerWidth=100%#!%40%40%3FshowFooter%3Dfalse%26locale%3Den-US%26_afrLoop%3D1087443705220366%26articleId%3DTS102833%26leftWidth%3D0%25%26showHeader%3Dfalse%26wc.contextURL%3D%2Fspaces%2Fcp%26rightWidth%3D0%25%26centerWidth%3D100%25%26_adf.ctrl-state%3Dugptswwfq_9 
    I suspect the OOBE issue that affects McAfee successful installation might also be affecting Eset successful installation/operation.
  12. Upvote
    kamiran.asia received kudos from Nightowl in Win64.Vools.L Can not be cleaned   
    Yes a 0-Day malware !
    A Service with a Dll injector "FunctionRPCHelper.dll" that inject svchost.exe
    😎
×
×
  • Create New...