davidpitt

Please supply us with a complete memory dump as asked in my previous posts. There's no known bug on ESET's part that would be causing it; it's a bug in Microsoft Windows Filtering Platform that manifests on unpatched systems if ESET's agent or another application performs full-duplex communication or if application protocols are filtered in a specific manner by a 3rd party driver. You can't say it's because of unpatched systems as the update hasn't been released to windows update! It's not common after installing software to check through microsofts thousands of unreleased hotfixes to see if one may apply to the software you are installing. I still can't comprehend the fact you are releasing software that you know will cause systems to freeze. When this software was in the alpha/beta stages in your lab and you discovered this bug did you not think this was going to be a big problem, having all your customers install a hotfix before installing your software? Why not include the hotfix in your software or if you can't do that modify the installer so that it checks for this hotfix and warns the uesr to go get it themselves before installing or update the documentation or have a warning on the download page.... something.... anything would've been better than how you've handled this mess so far! It doesn't take a genius to work out that if a customer of yours installs your software and their system freezes, it's you that they are going to mad at, not Microsoft!

Is there not a rule/task we could create to automatically move machines to certain folders based on an expression?

I think I've asked this before but I want to be absolutely sure that this is not possible to achieve in some way. When I install Endpoint Security it will briefly disconnect the client machines network, which I've been told is because it needs to hook into the network driver and that is fine. I just really wish there was a way to maybe delay that network integration until a restart, I don't really care if the Firewall or AV component is not active until a restart, I just want a way to push out Eset to a load of clients without disrupting their network connection. As it is because the network disconnects I always have to make sure the user is not working on anything to install Eset which is a massive pain and makes the job 100x more difficult! Slightly more irritating is the fact that v5 was able to do it by delaying that part of the install but now I can't on v6. Is this possible at all? Thanks

I'm not sure that is quite right, direct URL is an option, it's there to be used by people who want to use it. If Eset didn't think it was appropriate they would only allow you to browse a repository. The web interface is a PIA too. Much easier to just copy/paste a URL then have to browse the online repository and then have to specify filters or browse the list manually. Be nice if the console would remember the last set of filters used. Besides we only have 64bit machines so the issue of getting the architecture wrong between 32/64 would never arise. Might be an issue if you were deploying across many multiple machines of varying types but the OP here was asking about deploying to individual remote machines.

I don't see how that direct URL is going to work, as it just points to the thank you for downloading page and then that prompts to download the installer. I use this method all the time without problem but I use the direct URL of - hxxp://download.eset.com/download/win/ees/ees_nt64_enu.msi That is for Endpoint Security 64bit version for windows (without AV Remover - I do this through a client task using the agent before the AV is installed) The direct URL needs to point to an actual installer file. I can see in your case you are using Endpoint Security x64 with AV Removal so I think your direct URL would be - hxxp://download.eset.com/download/win/ees/avremover_ees_nt64_enu.exe There doesn't seem to be an .msi version of the installer with AV Remover but I cant see why it shouldn't work like the one I use

I find this very annoying too, I wish there was a 'Run Now' option so we can run it on demand without having to edit the job, remove and then re-add the target or having to duplicate the task just to perform the same operation again!

Are you sure the hotifx isn't already installed? I've just started a roll out to 150 machines for one of our existing customers migrating to Eset and during my pre-installation check found that 35 of the PCs already had the hotfix installed! I'm trying to work out now how they got it installed, maybe it comes with some other software, we wouldn't have installed it before because before Eset we weren't aware of the hotfix existing!

I too would like to know how to disable this warning. I keep thinking there is a problem with one of my clients and click on it to only see that they are in presentation mode.

Marcos, I'm confused by what you have just said. Does that mean all versions of Eset, 5.x, 6.0 and 6.1 before 6.1.171 that has the freezing issue don't use the new protocol filtering system? So does that mean they are ineffective because they are using obsolete tdi drivers which are no longer officially supported by Microsoft? It sounds like you're saying only the latest builds of 6.1 use the new protocol filtering system and this is causing the problems, yet you also say that disabling protocol filtering is not advised if the machine is on the internet. So how does the previous versions of Eset run without freezing and yet have adequate protocol filtering protection in them? Also you talk about the tdi drivers being not officially supported in modern operating systems, what does that mean as this freezing issue only appears to affect Windows 7. The problem has been fixed by Microsoft in Windows 8/10/2012 it would seem as the patch doesn't relate to these operating systems. So this problem is never going to go away because Windows 7 is no longer on mainstream support by Microsoft, so patches like KB2664888 will never make it into windows 7 update!

Is anyone else able to comment on whether this new agent version fixes the freezing or as like rekun above still having the same issue?

I've installed 6.2 on a couple of 2008 R2 servers and several on 2012 R2 servers but never experienced the freezing on any servers, only desktops running W7. They were a mixture of upgrades from 6.1 and clean installs of 6.2. I took a bit of strong view on this in the fact that the freezing was completely unacceptable and it couldn't be allowed to continue for obvious reasons. Although I had no freezing events on servers I've seen others here say that they have so I have disabled HIPS on Endpoints and File Security just to be sure and I have had not had a single machine freezing across multiple individual set-ups of Eset. I've got lots more migrations to do and I plan on using 6.1 until further information and/or a fix on this problem surfaces.

Good idea!

So what you're saying is Eset causes this bug, (albeit a windows bug) but you knew about it a year ago with v5 and yet still haven't done anything about it or advised your customers to make sure the hot fix is installed before installing Eset or bundled the hot fix with your software. So if this hot fix is essential why is there no notice on your website to install it alongside your software or no prerequisite check with the installer? It's hardly a problem that's just affecting a few users either. Just on this forum alone the number of affected endpoints is in the hundreds already. My personal experience is that this hot fix doesn't fix the problem in 100% of cases. I've had to disable HIPS too for some endpoints that were still freezing. I did get a call back from Eset Support to say it is a global issue and it is being investigated so hopefully something will come from that.

I'm getting this error too during remote installations. Never used proxy of any kind in Eset, changed the server IP address and now it's failing with that error. Same as posts above, checked that all proxy settings are turned off for server and client and they are *Edit: Never mind fixed it. I had to enable HTTP Proxy within the remote administrator agent policy, then specify the new IP address of the server, wait for clients to get policy changes and tried remote install again... success!

The issue does seem to be with the ERA Server as just updating the Remote Administrator alone causes freezing on the clients, even if those clients agents haven't been updated yet to the same 6.2.171 as the server But stopping the clients talking back to the server by removing the client agent somehow fixes the freezing. Freezing still occurs if the client agent is updated to 6.2.171 also. I can confirm the patch does work, I've installed it for two separate clients now over about 20 machines where 5 of them had problems and the freezing has gone away but it is not a solution.

Thanks for the reply. I think I'll stick with having interactive services enabled for now as that has solved the issue. I can't seem to find much information about it and what implications that may have on security, etc I found some articles on it from Microsoft but they are just coding articles describing how to code your software differently to not run services interactively.

I had this same problem a few days ago after just updating the ERA to 6.2.171, called support and they had no reported cases of it before. I've had to uninstall Eset AV and Agent on one of the really badly affected machines which has stopped the freezing and I'm currently re-installing the client agent on the machines which seems to be working but only been a day or two so need more testing This patch looks like it was released/updated on the 12th August, well before my call to support so disappointing I wasn't told about it So I'm going to have to install this patch on all clients then for each of our customers? Which version of Eset are affected, just the latest 6.2.171? Will it be fixed by Eset/MS in future versions or will this patch be a permanent solution?

Hi, Can anyone tell me why I am geting the following error in the windows event logs? The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Event ID: 7030 This is for both Business (Endpoint Advanced) and Home (Smart Security) versions of Eset On my home PC I was having issues with the audio cutting out after playing games or listening to music for 5 or 10mins and the only way to fix it was to restart the windows audio service or reboot the PC. I got the error "another application is using your audio device, please close any programs playing sound" I rebuilt windows 10 and carefully installed all my programs one by one leaving enough time between each one for the problem to re-occur. I had no problems for 2 weeks but then as soon as I installed Eset my audio would cut out again. I have since modified the registry to allow interactive services and the problem has gone away and hasn't now re-occurred for 4 days so that is obviously what was causing the sound issue. I checked my work computer where I am running Eset Endpoint Advanced protection 6.2 and I can see the same interactive service error on this PC... although not experiencing any issues as yet! I got my colleagues to also check theirs and they get the same errors also, so just curious as to what the error means and why it would be stopping my audio playback?! Also what it could mean for our customers now that we are slowly migrating them to Eset !! Thanks

Ok Thanks for the reply. Shame really, seems like a wasted opportunity. The software has the ability to read all of that information in great detail and it just goes to waste by not being able to record it

Hi, I'm new to Eset so I've been looking around the client softwar and notice in the Tools section > Network Connections it lists all the applications and their current network usage. My question is would I be able to record this information or at least be able to get totals from it? So for example I could have a report or simple log file of applications and their usage, So I could see that 'ApplicationA' sent 30Mb data last 7 Days and recevied 66Mb. I suppose I could setup a proxy server and manage it all from there but I monitor the websites visited and am able to block/allow these through Eset already so not really in need of a proxy server. Thanks