-
Posts
306 -
Joined
-
Last visited
-
Days Won
1
Kudos
-
kamiran.asia received kudos from LesRMed in Many Servers become yellow in ESET Protect : Your operating system is outdated
Hi dears.
this week many of our servers become yellow in ESET Protect console with this alert :
Your operating system is outdated
You're using an outdated version of your operating system. To receive the latest product updates and stay protected in the future, upgrade your operating system. See your options: https://support-eol.eset.com
As you can see at the Screenshot attache " Windows 2012 - 2019 "
and this alert can not be disable in Application status !!!
What can we do for these many yellow servers that most of them are in isolated network !!
Why these alerts can not be off from application statuses . These are very annoying.
Best Regards
-
kamiran.asia gave kudos to Marcos in Server Security for Debian 11.4
Debian 11.4 is supported. You just need to sign the ESSL kernel module with a private key if you have Secure boot enabled as per the instructions at https://help.eset.com/essl/9/en-US/secure_boot.html.
-
kamiran.asia gave kudos to Marcos in Java Script Scanner Issue
Did you actually disable advanced scanning of browser scripts in tbe advanced setup?
-
kamiran.asia gave kudos to Marcos in Offline Repository Problem in Protect 9.1.1295.0
Since this will likely require deeper investigation, please open a support ticket so that the case is properly tracked.
-
kamiran.asia received kudos from FlorentF in Future changes to ESET products for Windows servers
AntiCryptor for Protecting Share Resources from being encrypted by infected clients in network. just Like what We have in some other AV-Vendors !
Application Control ( By hash / Certificate / Name )
-
kamiran.asia gave kudos to itman in HIPS registry Rules not work at Services
For registry subordinate keys under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\", you need to code the following, "HKEY_LOCAL_MACHINE\SYSTEM\*\". For example:
HKEY_LOCAL_MACHINE\SYSTEM\*\Services\USBSTOR\Start
-
kamiran.asia received kudos from Vodzoo in Agent Srv couldn't be stop while upgrading to V8
Hi dear ESET Admins.
In some endpoint we are facing this problem : ( Upgrading 7.0.579.0 to 8.0.1238.0 )
MSI (s) (40:9C) [11:01:33:439]: Product: ESET Management Agent -- Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.
Full Log is Attached.
What can we do remotely for this problem ( except safemode and uninstaller tool ) ?
For more info : Upgrade task did not work in this network because of this problem in below link so we are using a deployment software to install new MSI, this solution success at 98% of endpoint but about 5 system has proble.
https://forum.eset.com/topic/26914-agent-v7-show-as-updated-in-eset-protect-v8/
Log.txt
-
kamiran.asia gave kudos to Marcos in Limited Connection in AntiSpam Module
You received a communication error for servers 38.90.226.21-38.90.226.25, e.g.:
Sending requests to host h5-ars05-v.eset.com (38.90.226.25).
Direct DNS request, UDP protocol, port 53, A record: response 127.0.4.210, TTL 120
Direct DNS request, UDP protocol, port 53, TXT record: response s:2130707666, TTL 120
Direct DNS request, TCP protocol, port 53, A record: DirectComm: Timeout occurred after (12000)ms on fd(476) reading(0) B
DirectComm: Failed to receive direct response: -1
Sending direct DNS request has failed.
Direct DNS request, UDP protocol, port 53535, A record: DirectComm: Timeout occurred during socket read after (6000)ms on fd(476)
DirectComm: Failed to receive direct response: -1
Sending direct DNS request has failed.
If you run the tool multiple times at different times, are you repeatedly getting the errors only for these servers ?
-
kamiran.asia gave kudos to Marcos in Win10 Antivirus Protection is non-functional
That's because you are installing old versions with an old eelam.sys driver. Because of that, the product cannot update and load modules. Please always use the latest installers from the web or repository.
-
kamiran.asia gave kudos to Marcos in All Modules are not functional in over 50 PCs
The issue is with adding drivers to the driver store:
Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted.
Try installing this update:
https://support.microsoft.com/en-ie/help/3004394/support-for-urgent-trusted-root-updates-for-windows-root-certificate-p
Also read https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn265983(v=ws.11)?redirectedfrom=MSDN
Last but not least I'd recommend installing the latest v7.3.2036 instead of v7.1.
-
kamiran.asia gave kudos to Marcos in WebAccess not Functional after Upgrade from 6.5
You can fix this by running the following command as an administrator:
"sc delete epfwwfpr"
I would strongly recommend upgrading to Endpoint 7.2 which should be able to fix this automatically if the old driver remains registered in the system for whatever reason.
-
kamiran.asia received kudos from mcrouse in Endpoint Security Anti phishing non functional
In large network you can use some software like https://www.exemsi.com/
to convert EXE to MSI file and install in by Software install task.
We test it and it is working find , just set to run certfix.exe after installation.
-
kamiran.asia gave kudos to Marcos in IDS on Server2008 R2
It's because of this: https://support.microsoft.com/en-us/help/2664888/computer-stops-responding-when-you-run-an-application-that-uses-the-wi
So the solution is to make sure the hotfix is installed, then install EFSW and enable Web & Network protection during installation.
-
kamiran.asia gave kudos to Marcos in Realtime module not functional
The problem with the machine from which the latest logs were taken is that you have an old eamonm.sys driver from v4.5 running. Did you upgrade to EFSW v7 from EFSW v4.5? If so, a restart is needed after installation for new drivers to get loaded. Did you reboot the server? If so, please uninstall EFSW completely, make sure there is no eamonm.sys driver in c:\windows\system32\drivers and install EFSW v7 from scratch.
-
kamiran.asia gave kudos to Marcos in Realtime module not functional
I was right, real-time protection doesn't activate because of the image state IMAGE_STATE_UNDEPLOYABLE. There's something wrong with Windows, it should be in IMAGE_STATE_COMPLETE state.
-
kamiran.asia gave kudos to itman in Realtime module not functional
Also McAfee has an article on how to reset the affected registry key back to IMAGE_STATE_COMPLETE. Note that by doing so is at your own risk since the IMAGE_STATE_UNDEPLOYABLE status indicates an unsuccessful OS deployment:
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&locale=en-US&articleId=TS102833&_afrLoop=1087443705220366&leftWidth=0%&showFooter=false&showHeader=false&rightWidth=0%¢erWidth=100%#!%40%40%3FshowFooter%3Dfalse%26locale%3Den-US%26_afrLoop%3D1087443705220366%26articleId%3DTS102833%26leftWidth%3D0%25%26showHeader%3Dfalse%26wc.contextURL%3D%2Fspaces%2Fcp%26rightWidth%3D0%25%26centerWidth%3D100%25%26_adf.ctrl-state%3Dugptswwfq_9
I suspect the OOBE issue that affects McAfee successful installation might also be affecting Eset successful installation/operation.
-
kamiran.asia received kudos from Nightowl in Win64.Vools.L Can not be cleaned
Yes a 0-Day malware !
A Service with a Dll injector "FunctionRPCHelper.dll" that inject svchost.exe
😎