Jump to content

djgera

Members
  • Posts

    4
  • Joined

  • Last visited

About djgera

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Argentina
  1. Also I set "SkipLegacyUpgrade" in all machines in order to avoid future wrong upgrades from ESET. reg.exe add "HKLM\SOFTWARE\ESET\Legacy Upgrade" /v "SkipLegacyUpgrade" /t REG_DWORD /d "1" /f Maybe setting a configuration password looks like a good idea, since "upgrade" to the same version is locked without entering the right password.
  2. For now I am tracking all machines if this directory [C:\Windows\Temp\eset\] exists and launch an alert to me. This has not happened again for the moment. Correction: In initial commment I said this incident was on 07:40 ART (so in GMT is 10:40).
  3. No, all installations of "ESET Endpoint Antivirus" are standalone, no management, no proxy, no mirrors, just plain with default config (only disabled warnings from windows updates) from the .msi downloaded from eset [#1]. In fact, my license does not have an "elegible" so I can not manage endpoints from cloud. Thanks. [#1] https://download.eset.com/com/eset/apps/business/eea/windows/latest/eea_nt64.msi
  4. Hello This happens on 2022/06/07 at around 07:40 GMT. I have the license (ESET PROTECT Essential On-Prem: ESET Endpoint Antivirus) for some numbers of machines. Many machines are running Windows 10 Pro (19044.1706) and few others remaining with Windows 7 Pro, all of them with ESET Endpoint Antivirus on latest version 9.0.2046.0. They are running 24 hours per day. I do not administer products via any cloud service (like ESET PROTECT), except with EBA, to track license status. Looks like on some machines 7 of 27, ESET decided that the product was obsolete, then execute a legacy upgrade automatically from 9.0.2046.0 (uninstalling it) to 9.0.2046.0 (installing it from C:\Windows\Temp\eset\bts.session\{UUID}\eea_nt64.msi) leaving the machine waiting for "accept" the license since "legacy product" was updated. This was bad, because non-admin users can not do this step since admin privileges are needed plus a reboot to work again. So machines was vulnerable until I can take the action. Indeed I tested with EICAR file and ESET did not anything to block it. On machines that this was not happens, only the executable from "legacy upgrade" keep running without doing any action. To avoid this fault in future (I guest), now all ESET are configured with "Disabled Product Upgrade". If more information is needed please let me know.
×
×
  • Create New...