-
Posts
185 -
Joined
-
Last visited
-
Days Won
1
Posts posted by sdnian
-
-
30 minutes ago, MichalJ said:
No other language version?
-
Why are the contents of these two files different?
hxxp://repository.eset.com/v1/com/eset/apps/business/ees/windows/v6/6.5.2132.5/ees_nt32_enu.msi
hxxp://download.eset.com/com/eset/apps/business/ees/windows/v6/6.5.2132.5/ees_nt32_enu.msi
-
8 minutes ago, rudyooms said:
Really soon? about 9 hours ago... Please finish the fix for the other 6.5 versions..
About 7 hours ago, there is a new version fixing tool. It works these versions now:
6.5.2094.0
6.5.2094.1
6.5.2107.0
6.5.2107.1
6.5.2118.0
6.5.2118.1
6.5.2118.2
6.5.2118.3
6.5.2118.4
6.5.2123.5
6.5.2123.7
6.5.2123.8
6.5.2128.0
6.5.2132.1
6.5.2132.2Read this: https://support.eset.com/en/alert7396-legacy-products-startup-issue
-
If I have ESET Endpoint product 6.5.2132 running on Windows XP. After use the fixing tool, do I need to upgrade 6.5.2132.5 ?
-
I've few EEA 6.5.2132.2 (XP SP3), run this tool failed. The message is "Can't rename ekrn.exe!" How to resolve? Others work well.
-
39 minutes ago, Glitch said:
True but 6.6 can’t update anymore due to a certificate change on January 27th. We are eagerly awaiting a hot fix.
This issue only occurs with 6.6.0.0-6.6.2063.x. 6.6.2089 can be updated normally.
-
How Windows XP / Server 2003 solves this problem?
-
Thanks for your reply, I know how to manage the new exclusions.
-
-
-
The EES version is 7.1.2053. I've set a password protect in EES. When I right click the EES icon in the systray, click 'Pause firewall (allow all traffic)', a popup window appears asking for a password on the screen. Just ignore it, right click the EES icon to pause firewall again. Then the firewall been disabled now. It seems a bug, please check it.
-
Hello Peter,
There are two servers (um11.eset.com and um13.eset.com) still get error code 4100 so far, could you check it?
-
2 minutes ago, Peter Randziak said:
Hello @sdnian,
A workaround has been applied to our update servers and Mirror Tool should be able to download the updates again.
We apologize for the inconvenience,
Peter
It work now. Thanks for your help.
-
56 minutes ago, MartinK said:
Error indicates some problem with accessing or copying files. Could you verify there are no files blocked for such access or there is enough disk space?
I don't think there are some files blocked and I have make sure there are enough disk space. I use Procmon to record the process. I hope to help identify this issue.
-
Since yesterday, the MirrorTool (Windows version) could not get updated with error code 4100. I checked several ESMC servers and all showed the same error. If something wrong? How to fix this situation?
PS: The Linux version of Mirrortool still works.
Mirror Tool, Copyright (c) ESET, spol. s r.o. 1992-2018. All rights reserved. Creating mirror for product: ep7. Mirror type changed to regular Initialization Initialization finished Perform full mirror started Update status for product 'ep7' changed to: Preparing structures and analyzing Update status for product 'ep7' changed to: Finished Perform full mirror finished Uninitialization Uninitialization finished Error: Perform full mirror failed with error: Error extracting file. Error code is: 4100 Error occured.
-
3 hours ago, Marcos said:
Probably you have insufficient free memory or the available memory is too fragmented. Please collect logs with ESET Log Collector and upload the generated archive. Try rebooting the server.
You are right. It can be updated successfully after a reboot. I will consider how to avoid memory problems. Thank you for your help.
-
I have a server, EFSW modules update failed. I've tried to clear cache. But it doesn't help. The log show: Compiler error (1b5a). How to fix this problem? I've tried to uninstall and reinstall EFSW. It can work well. But few days later, this issue happened again.
Windows Server 2008 SP2, EFSW 7.1.12006
-
Thanks for @MartinK and @Peter Randziak help.
I have found a solution to resolve this issue. The Sophos Firewall have a function - Web Proxy, it works as transparent proxy mode by default, after I added a rule to bypass transparent proxy for ESMC host, the product activation works well.
-
15 hours ago, Peter Randziak said:
Hello @sdnian,
thank you for the packet capture, I will have it checked.
May I ask you you have any SSL inspection in place?
Regards, Peter
tracking key: P_EESW-3955I think it might be related to Firewall - Sophos XG115w. But I can't confirm if there is SSL inspection so far.
-
Product activation failed.
The two days ago, I just installed a new server, ESMC 7.0.577, the client is EEA 7.1.2045. I tried to activate the product many times. But don't work all the time. I entered the license key directly in the Client and got the error code of ECP.20006.
On the ESMC, use Wireshark to find the red line below, always get the 404 Not Found error, the full content can be found in the attachment. Please help me to resolve this problem, thanks!
-
37 minutes ago, Marcos said:
Please provide the dump for analysis so that we can determine the cause of the crash. Although it seems to have been caused by the firewall, there's a chance it was caused by stack exhaustion because of another driver.
PM sent, please check it.
-
Hello,
I've a Windows Server 2012 R2, it happened BSOD. Could someone help to take a look whether it is caused by EFSW? Thanks!
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV* C:\Symbols *hxxp://msdl.microsoft.com/download/symbols
Symbol search path is: SRV* C:\Symbols *hxxp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8.1 Kernel Version 9600 MP (24 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 9600.19228.amd64fre.winblue_ltsb.181208-0600
Machine Name:
Kernel base = 0xfffff800`ee20c000 PsLoadedModuleList = 0xfffff800`ee4d05f0
Debug session time: Wed Mar 6 04:50:55.765 2019 (UTC + 8:00)
System Uptime: 12 days 2:08:33.568
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
PEB is paged out (Peb.Ldr = 00007ff6`eea09018). Type ".hh dbgerr001" for details
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************Use !analyze -v to get detailed debugging information.
BugCheck 133, {0, 501, 500, 0}
*** ERROR: Symbol file could not be found. Defaulted to export symbols for em008k_64.dll -
*** ERROR: Module load completed but symbols could not be loaded for epfw.sys
*** ERROR: Module load completed but symbols could not be loaded for epfwwfp.sys
*** ERROR: Module load completed but symbols could not be loaded for b57nd60a.sys
Page ffe3b7 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : em008k_64.dll ( em008k_64!module_init_entry+25858 )Followup: MachineOwner
---------14: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending
component can usually be identified with a stack trace.
Arg2: 0000000000000501, The DPC time count (in ticks).
Arg3: 0000000000000500, The DPC time allotment (in ticks).
Arg4: 0000000000000000, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding this single DPC timeoutDebugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 9600.19228.amd64fre.winblue_ltsb.181208-0600
SYSTEM_MANUFACTURER: Dell Inc.
SYSTEM_PRODUCT_NAME: PowerEdge R620
SYSTEM_SKU: SKU=NotProvided;ModelName=PowerEdge R620
BIOS_VENDOR: Dell Inc.
BIOS_VERSION: 2.5.4
BIOS_DATE: 01/22/2016
BASEBOARD_MANUFACTURER: Dell Inc.
BASEBOARD_PRODUCT: 0PXXHP
BASEBOARD_VERSION: A03
DUMP_TYPE: 1
BUGCHECK_P1: 0
BUGCHECK_P2: 501
BUGCHECK_P3: 500
BUGCHECK_P4: 0
DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED
CPU_COUNT: 18
CPU_MHZ: 7d0
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 2d
CPU_STEPPING: 7
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x133
PROCESS_NAME: wermgr.exe
CURRENT_IRQL: d
ANALYSIS_SESSION_HOST: ESMC
ANALYSIS_SESSION_TIME: 03-06-2019 18:29:20.0409
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from fffff800ee368e96 to fffff800ee34c1a0
STACK_TEXT:
ffffd000`20b94c88 fffff800`ee368e96 : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx
ffffd000`20b94c90 fffff800`ee249311 : 00000000`00000000 00000000`03fc0864 00000000`00000001 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x7fa6
ffffd000`20b94d20 fffff800`ee992ac5 : ffffd000`215cf7a0 00000000`00000001 ffffe001`e359e660 ffffd000`20b55180 : nt!KeClockInterruptNotify+0x91
ffffd000`20b94f40 fffff800`ee2be713 : fffffb90`54a625a8 fffff800`ee2de201 00000000`00000000 ffffd000`20b8ac60 : hal!HalpTimerClockIpiRoutine+0x15
ffffd000`20b94f70 fffff800`ee34d6aa : ffffe001`e2607bc0 ffffd000`2604c918 ffffd000`20b8acd8 ffffd000`20b8ac60 : nt!KiCallInterruptServiceRoutine+0xa3
ffffd000`20b94fb0 fffff800`ee34db57 : ffffe002`0f456d38 00000000`00000001 ffffe001`e359e260 fffff801`68736154 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffffd000`2604c4e0 fffff800`ee28b54f : 00000000`00000000 ffffaaf6`9894f0ac ffffaaf6`9894f0cc 00000000`00000005 : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffffd000`2604c670 fffff801`6872aa08 : 00000000`014db5d8 00000000`00000002 ffffc000`27bcf010 fffff801`67bd7737 : nt!KxWaitForLockOwnerShip+0x27
ffffd000`2604c6a0 fffff801`68729e0b : ffffc000`27bcf010 ffffd000`0000005c ffffd000`28e70ed8 00000000`00000000 : em008k_64!module_init_entry+0x25858
ffffd000`2604c9a0 fffff801`6873c1a7 : ffffd000`20b8a960 00000000`00000000 00000000`00000000 00000000`00400000 : em008k_64!module_init_entry+0x24c5b
ffffd000`2604ced0 fffff801`6873c0db : ffffd000`20b8a870 00000000`00000040 ffffe801`dc33a880 ffffd000`20b8a740 : em008k_64!module_init_entry+0x36ff7
ffffd000`2604cf40 fffff800`ee34fc87 : ffffd000`266173f0 00000038`b0cddf20 00000000`40000000 00000000`00000000 : em008k_64!module_init_entry+0x36f2b
ffffd000`2604cf80 fffff800`ee34fc4d : ffffd000`20b8a902 ffffd000`2604d000 ffffe801`dc33a880 fffff800`ee25670a : nt!KxSwitchKernelStackCallout+0x27
ffffd000`20b8a740 fffff800`ee25670a : 00000000`00000002 ffffd000`20b80001 fffff6e8`00130230 ffffd000`20b8ab70 : nt!KiSwitchKernelStackContinue
ffffd000`20b8a760 fffff801`6873c185 : fffff801`6873c0b0 ffffd000`20b8a870 00000000`00000000 fffff801`00000004 : nt!KeExpandKernelStackAndCalloutInternal+0x4ba
ffffd000`20b8a840 fffff801`6873c335 : ffffd000`20b8a928 ffffd000`20b8ab20 ffffe001`e3386340 ffffe001`e3386340 : em008k_64!module_init_entry+0x36fd5
ffffd000`20b8a8b0 fffff801`68705144 : ffffd000`20b8aa70 fffff800`ee277c4e ffffffff`00000000 fffff800`ee353945 : em008k_64!module_init_entry+0x37185
ffffd000`20b8a8f0 fffff801`686f0aea : 00000000`00002711 ffffd000`20b8ac60 00000000`00000040 ffffd000`20b8acd8 : em008k_64+0x3144
ffffd000`20b8a920 fffff801`686f154f : ffffe001`e33864f0 ffffd000`20b8ac60 00000000`00000040 ffffd000`20b8acd8 : epfw+0x1aea
ffffd000`20b8a9b0 fffff801`686f1973 : ffffd000`20b8ab70 fffff801`686f1930 ffffd000`20b8ab90 00000000`00000011 : epfw+0x254f
ffffd000`20b8aa40 fffff801`67807239 : ffffd000`20b8ab90 00000000`00000002 ffffd000`20b8aba0 ffffe001`e305b4b0 : epfw+0x2973
ffffd000`20b8aaa0 fffff801`6780753e : 00000011`00000000 00000000`00000000 ffffd000`20b8ac60 fffffb00`000012ff : epfwwfp+0x7239
ffffd000`20b8ab50 fffff801`6780ea0a : ffffe001`e45e542a 00000000`00000004 00000000`00000021 00000000`00000000 : epfwwfp+0x753e
ffffd000`20b8ac10 fffff801`6780eb16 : ffffe002`1f3cc770 ffffe002`1f3cc610 00000000`00000000 00000000`00000000 : epfwwfp+0xea0a
ffffd000`20b8acc0 fffff801`6780b556 : ffffd000`20b8b0f8 ffffd000`20b8ad90 ffffe001`e3944f50 ffffe801`dab05a68 : epfwwfp+0xeb16
ffffd000`20b8ad10 fffff801`6780b5d2 : ffffe001`e2dd9b40 00000000`00000000 ffffe002`1f3cc610 ffffd000`20b8b6b0 : epfwwfp+0xb556
ffffd000`20b8adc0 fffff801`6773d902 : ffffe001`e2dd9b40 ffffd000`20b8af10 ffffd000`20b8b2d0 ffffd000`20b8b1d0 : epfwwfp+0xb5d2
ffffd000`20b8ae10 fffff801`67724549 : ffffe002`1f3c0018 ffffd000`20b8b698 ffffe801`b0e80860 ffffe002`1f3cc610 : NETIO!ProcessCallout+0x8b2
ffffd000`20b8af80 fffff801`67723250 : 00000000`00000000 ffffd000`20b8b698 00000000`00000000 ffffd000`20b8b3f0 : NETIO!ArbitrateAndEnforce+0x2c9
ffffd000`20b8b180 fffff801`67fd3c81 : ffffd000`00000001 00000000`00000000 ffffe002`1f3cc610 00000000`00000001 : NETIO!KfdClassify+0x831
ffffd000`20b8b640 fffff801`67f4c834 : 00000000`00000000 ffffe801`d2c24a00 00000000`00000001 00000000`00000000 : tcpip!WFPDatagramDataShimV4+0x44d
ffffd000`20b8ba40 fffff801`67f0943b : 00000000`00001500 ffffd000`20b8be70 00000000`00000000 00000000`00000000 : tcpip!ProcessALEForTransportPacket+0x49e24
ffffd000`20b8bd20 fffff801`67f06cb9 : 00000000`00000000 ffffd000`20b8c4f8 00000000`0000004c ffffd000`20b8c508 : tcpip!WfpProcessInTransportStackIndication+0xd9b
ffffd000`20b8c180 fffff801`67f05dcf : 00000000`00000000 ffffe801`dad158c0 ffffd000`20b8c3b0 ffffe001`e33773c0 : tcpip!InetInspectReceiveDatagram+0x269
ffffd000`20b8c2b0 fffff801`67f06945 : ffffd000`20b8c550 ffffd000`20b8c550 ffffe801`b0df9140 ffffe801`dad158c0 : tcpip!UdpBeginMessageIndication+0x7f
ffffd000`20b8c450 fffff801`67f06fe8 : 00000000`0000eb00 ffffe801`dad158c0 ffffe001`00000018 ffffd000`20b8c668 : tcpip!UdpDeliverDatagrams+0x3f5
ffffd000`20b8c600 fffff801`67f0797d : 00000000`00000000 00000000`00000000 ffffe001`e324e0b0 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x298
ffffd000`20b8c840 fffff801`67f0364b : ffff4f03`12d8ad1f ffffd000`20b8d208 ffffe801`b0e83cd0 00000000`00000003 : tcpip!IppDeliverListToProtocol+0x5d
ffffd000`20b8c900 fffff801`67f01aa2 : 00000000`00000000 ffffd000`20b8ca19 00000000`00000011 ffffe001`e47ff3f0 : tcpip!IppProcessDeliverList+0x6b
ffffd000`20b8c960 fffff801`67effe80 : 00000000`fc0000e0 ffffe001`e3c2bae0 ffffe001`e331c000 ffffe001`e331c000 : tcpip!IppReceiveHeaderBatch+0x232
ffffd000`20b8ca80 fffff801`67efeba2 : ffffe001`e6472370 00000000`00000000 ffffd000`20b8ce01 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x680
ffffd000`20b8ce00 fffff801`67eff5c5 : ffffe001`e64b0002 00000000`00000000 fffff801`67eff610 ffffd000`00000101 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x318
ffffd000`20b8cee0 fffff800`ee256529 : ffffd000`20b8d028 ffffe001`e32ae9c0 ffffe001`e33bec12 ffffe801`dc33a880 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x155
ffffd000`20b8d010 fffff801`67eff7b6 : fffff801`67eff470 ffffd000`20b8d120 00000000`00000000 ffffe001`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x2d9
ffffd000`20b8d0f0 fffff801`6760ba53 : 00000000`00000000 ffffd000`20b8d1d1 00000000`00000004 fffff801`6761b2e5 : tcpip!FlReceiveNetBufferListChain+0xb6
ffffd000`20b8d170 fffff801`6760be7f : ffffe001`e644a601 ffffd000`20b80008 00000000`00000000 ffffe001`00000004 : NDIS!ndisMIndicateNetBufferListsToOpen+0x123
ffffd000`20b8d230 fffff801`6760c6b2 : ffffe001`e4ffe1a0 ffffe001`e43fa501 fffff801`67618560 00000000`00000000 : NDIS!ndisMTopReceiveNetBufferLists+0x22f
ffffd000`20b8d2c0 fffff801`68c0f814 : ffffd000`20b8d610 ffffe001`e4feb510 ffffe001`e43fa590 ffffe001`e4fb9460 : NDIS!NdisMIndicateReceiveNetBufferLists+0x732
ffffd000`20b8d4b0 fffff801`68c0f23e : ffffe001`e4ff01f0 ffffe001`e4fec000 00000000`00000001 ffffe001`00000004 : NdisImPlatform!implatTryToIndicateReceiveNBLs+0x1e8
ffffd000`20b8d520 fffff801`6760ba53 : 00000000`0001ff00 00000000`00000000 ffffd000`20b8d601 ffffd000`00000004 : NdisImPlatform!implatReceiveNetBufferLists+0x1a2
ffffd000`20b8d5a0 fffff801`6760bf19 : ffffd000`20b8d6e0 fffff801`67ec4071 ffffe001`00000000 ffffe002`00000004 : NDIS!ndisMIndicateNetBufferListsToOpen+0x123
ffffd000`20b8d660 fffff801`6760c6b2 : ffffe801`b0c451a0 00000000`00000001 fffff801`67618560 fffff801`67ec43b2 : NDIS!ndisMTopReceiveNetBufferLists+0x2c9
ffffd000`20b8d6f0 fffff801`68ab67f4 : 00000000`00000000 ffffd000`20b55180 ffffd000`20b8d978 fffff801`68a8c0de : NDIS!NdisMIndicateReceiveNetBufferLists+0x732
ffffd000`20b8d8e0 fffff801`68ab6108 : ffffe001`e411d000 ffffd000`20b8d9b9 00000000`00000004 00000000`00000001 : b57nd60a+0x497f4
ffffd000`20b8d930 fffff801`68a79553 : 00000000`00000004 ffffe001`e411d001 00000000`00000000 fffff800`00000000 : b57nd60a+0x49108
ffffd000`20b8da20 fffff801`68a701ac : ffffe001`e411d000 00000000`0000000e 00000000`00000003 00000000`00000004 : b57nd60a+0xc553
ffffd000`20b8da60 fffff801`68a70b8c : 000cc49c`d9773b6f ffffe001`e411d000 ffffd000`20b8db79 00000000`00000000 : b57nd60a+0x31ac
ffffd000`20b8dab0 fffff801`6760de12 : ffffe801`b0c451a0 ffffd000`20b8db79 00000000`00000000 00000000`0000ffff : b57nd60a+0x3b8c
ffffd000`20b8db00 fffff800`ee24b5f0 : 00000000`0000ffff 00000000`00000000 ffffd000`20b8de90 ffffd000`20b5ae68 : NDIS!ndisInterruptDpc+0x1a3
ffffd000`20b8dbe0 fffff800`ee24a937 : ffffd000`20b8de80 00000000`0000000e 00000000`00000000 ffffd000`20b55180 : nt!KiExecuteAllDpcs+0x1b0
ffffd000`20b8dd30 fffff800`ee34f285 : 00000000`00000000 ffffd000`20b55180 00000000`00000000 ffffe001`e359e210 : nt!KiRetireDpcList+0xd7
ffffd000`20b8dfb0 fffff800`ee34f089 : fffff800`ee229470 ffffc000`227ab000 ffffc000`2ccbf1d2 fffff801`6794c0f8 : nt!KxRetireDpcList+0x5
ffffd000`2caf2bf0 fffff800`ee351963 : ffffb001`3f140040 ffffb001`3f1400a8 fffff43a`0cb79c55 ffffb001`3f140178 : nt!KiDispatchInterruptContinue
ffffd000`2caf2c20 fffff800`ee26ca97 : ffffffff`ffffffd2 fffff801`6874a855 00000000`00000010 00000000`00000286 : nt!KiDpcInterrupt+0x2a3
ffffd000`2caf2db0 fffff801`6874a96a : ffffe001`e359e210 00000000`00000000 ffffe801`b1f5ae01 00000000`000019cc : nt!KeReleaseInStackQueuedSpinLock+0x67
ffffd000`2caf2de0 fffff801`6872803c : ffffffff`ffffffff 00000000`00000001 ffffd000`2caf2e73 ffffd000`2caf2f40 : em008k_64!module_init_entry+0x457ba
ffffd000`2caf2e40 fffff801`687295ab : ffffd000`2caf3301 00000000`00000015 ffffe001`e359de80 00000000`00000000 : em008k_64!module_init_entry+0x22e8c
ffffd000`2caf3060 fffff801`6873c1a7 : ffffd000`2caf3838 fffff801`69596bc0 00000000`00000000 00000000`00000000 : em008k_64!module_init_entry+0x243fb
ffffd000`2caf3590 fffff801`6873c0db : ffffd000`2caf3750 00000000`00000015 ffffe801`dc33a880 00000000`00000000 : em008k_64!module_init_entry+0x36ff7
ffffd000`2caf3600 fffff800`ee256529 : 00000000`00000001 00000000`00000000 fffff800`ee4e7b78 ffffe002`15d018b8 : em008k_64!module_init_entry+0x36f2b
ffffd000`2caf3640 fffff801`6873c185 : fffff801`6873c0b0 ffffd000`2caf3750 00000000`00000000 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x2d9
ffffd000`2caf3720 fffff801`6873c335 : ffffd000`2caf3808 fffff800`ee4e7b88 ffffd000`2caf38e8 ffffe001`e3386340 : em008k_64!module_init_entry+0x36fd5
ffffd000`2caf3790 fffff801`68705144 : 00000000`00000000 fffff960`0022aa6c 00000000`00000001 00000000`00000000 : em008k_64!module_init_entry+0x37185
ffffd000`2caf37d0 fffff801`686f0949 : ffffe801`00002711 ffffd000`2caf38a0 00000000`00000015 00000000`00000000 : em008k_64+0x3144
ffffd000`2caf3800 fffff801`686f1b0a : ffffe801`dad80900 00000000`00000001 ffffe801`dc33a880 00000000`00000001 : epfw+0x1949
ffffd000`2caf3870 fffff800`ee5bb8d4 : ffffe801`dad80900 ffffe801`dad80900 00000000`00000001 ffffe801`dad80900 : epfw+0x2b0a
ffffd000`2caf38d0 fffff800`ee5bbe73 : 00007ff6`eea0e000 ffffd000`2caf3980 00000000`00000000 ffffe001`e8d40590 : nt!PspExitProcess+0x150
ffffd000`2caf3920 fffff800`ee80950f : 00000000`00000000 00000000`00000000 ffffe801`dad80900 ffffe801`dc33a880 : nt!PspExitThread+0x52f
ffffd000`2caf3a30 fffff800`ee35c0a3 : 00000000`00000011 00007ffb`7ac10000 ffffe801`dc33a880 00007ffb`7ac35710 : nt!NtTerminateProcess+0x32f
ffffd000`2caf3b00 00007ffb`7d9f0a1a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000e8`dbc0fac8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`7d9f0a1a
THREAD_SHA1_HASH_MOD_FUNC: 156cff2b8f7a4e711db6b634c9a7eb045f38fc3eTHREAD_SHA1_HASH_MOD_FUNC_OFFSET: ca2d548a0be612ce6402f432eb4a41723267d3a2
THREAD_SHA1_HASH_MOD: dd27c095ddeb040031c7bf0c5597932106e7f4de
FOLLOWUP_IP:
em008k_64!module_init_entry+25858
fffff801`6872aa08 498b8590960000 mov rax,qword ptr [r13+9690h]FAULT_INSTR_CODE: 90858b49
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: em008k_64!module_init_entry+25858
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: em008k_64
IMAGE_NAME: em008k_64.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 5c17b304
IMAGE_VERSION: 0.0.1523.0
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 25858
FAILURE_BUCKET_ID: 0x133_DPC_em008k_64!module_init_entry
BUCKET_ID: 0x133_DPC_em008k_64!module_init_entry
PRIMARY_PROBLEM_CLASS: 0x133_DPC_em008k_64!module_init_entry
TARGET_TIME: 2019-03-05T20:50:55.000Z
OSBUILD: 9600
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-12-09 01:18:05
BUILDDATESTAMP_STR: 181208-0600
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.19228.amd64fre.winblue_ltsb.181208-0600
ANALYSIS_SESSION_ELAPSED_TIME: 4416
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x133_dpc_em008k_64!module_init_entry
FAILURE_ID_HASH: {0237b88b-a781-f28c-ed3a-0dfc36284ef7}
Followup: MachineOwner
---------windbg> .hh dbgerr001
-
Here is another example that ESET can't stop ransomware again.
There are three key points:
1. These two ransomware viruses are already detectable by ESET.
2. ESET does not block it when it starts up.
3. After startup, ESET can detect it, but it cannot terminate it. Finally, all files been encrypted. -
1 minute ago, novice said:
That I understand!
My question is " In the scenario presented above, was ESET disabled by the "attacker"????
ESET has not been destroyed. Its function can work normally.
Can't block YouTube from Chrome
in ESET Endpoint Products
Posted · Edited by sdnian
I'd like to block https://www.youtube.com/. In URL ADDRESS MANAGEMENT, I add a record *.youtube.com. I've tried IE/Firefox/Vivaldi, https://www.youtube.com/ been blocked. But if I use Chrome to browse https://www.youtube.com/, EEA don't block it.
If I block others domain, for example: *.facebook.com, then https://www.facebook.com/ been blocked in IE/Firefox/Vivaldi/Chrome.
EEA version: 7.2.2055
How can block YouTube form Chrome?