Jump to content

Archived

This topic is now archived and is closed to further replies.

m4v3r1ck

CSP 6.4.128.0 crash / kernel panics OS X 10.10.5 on cloud-based apps!

Recommended Posts

Hi fellow CSP users,

I just had a very bad and disappointing update cycle to ESET CSP 6.4.128.0.

1. My Mac Pro OS X 10.10.5 freezes-up right after EVERY reboot and returning to desktop lags so much. The new CSP even sends out a warning pop-up to the desktop, that ESET has issues

58ae3d73a2d09_ScreenCap2017-02-23at02_23_59.jpg.97387fda40aa7d93245f253d2d237ff2.jpg

 

2. Even ESET itself is not responding after each reboot!


58ae3d8d5e67a_ScreenCap2017-02-23at02_29_08.jpg.7144e5e79c13e079a2efe2a361eea24c.jpg
 

3. Has major issues with cloud-based apps

3a. Messages

3b. Dropbox

3c. iTunes?

4. When running check processes my Mac Pro had a severe and harsh Kernel Panic on Dropbox.
 

Anonymous UUID:       250C95C6-CA0B-F80C-AACC-2AFC90E655E6
	Thu Feb 23 02:31:02 2017
	*** Panic Report ***
panic(cpu 8 caller 0xffffff8002c16f72): Kernel trap at 0xffffff7f851c6654, type 14=page fault, registers:
CR0: 0x0000000080010033, CR2: 0x000000000000002c, CR3: 0x0000000550b70107, CR4: 0x00000000000226e0
RAX: 0x0000000000000000, RBX: 0x0000000000000000, RCX: 0x0000000001000000, RDX: 0xffffff8031f40650
RSP: 0xffffff82dd3ebb60, RBP: 0xffffff82dd3ebba0, RSI: 0xffffff7f851c8448, RDI: 0xffffff8031f40650
R8:  0xffffff803c0cea24, R9:  0x0000000000000006, R10: 0x0000000000000301, R11: 0xffffff82dd3ebdcc
R12: 0xffffff804ef0f000, R13: 0x0000000000000000, R14: 0x00000000000001f5, R15: 0xffffff803c0cea24
RFL: 0x0000000000010246, RIP: 0xffffff7f851c6654, CS:  0x0000000000000008, SS:  0x0000000000000010
Fault CR2: 0x000000000000002c, Error code: 0x0000000000000002, Fault CPU: 0x8
	Backtrace (CPU 8), Frame : Return Address
0xffffff82dd3eb810 : 0xffffff8002b2ae01 
0xffffff82dd3eb890 : 0xffffff8002c16f72 
0xffffff82dd3eba50 : 0xffffff8002c33e23 
0xffffff82dd3eba70 : 0xffffff7f851c6654 
0xffffff82dd3ebba0 : 0xffffff7f851c3911 
0xffffff82dd3ebc00 : 0xffffff7f851bf279 
0xffffff82dd3ebcc0 : 0xffffff800303ab80 
0xffffff82dd3ebd20 : 0xffffff8003014801 
0xffffff82dd3ebe10 : 0xffffff8002ff23a6 
0xffffff82dd3ebe40 : 0xffffff8002fec2c5 
0xffffff82dd3ebef0 : 0xffffff8002fec112 
0xffffff82dd3ebf50 : 0xffffff800304b4f6 
0xffffff82dd3ebfb0 : 0xffffff8002c34626 
      Kernel Extensions in backtrace:
         com.eset.kext.esets-pfw(640.12.80f1)[E47BEF73-3CEE-3A39-9C70-43F616F9D849]@0xffffff7f851bb000->0xffffff7f851c8fff
	BSD process name corresponding to current thread: Dropbox
Boot args: nvda_drv=1
	Mac OS version:
14F2109
	Kernel version:
Darwin Kernel Version 14.5.0: Sun Sep 25 22:07:15 PDT 2016; root:xnu-2782.50.9~1/RELEASE_X86_64
Kernel UUID: 0434E5F3-9E3A-3CC2-97AC-46B0C312A783
Kernel slide:     0x0000000002800000
Kernel text base: 0xffffff8002a00000
__HIB  text base: 0xffffff8002900000
System model name: MacPro5,1 (Mac-F221BEC8)
System uptime in nanoseconds: 320746091091
last loaded kext at 42044214580: com.apple.filesystems.msdosfs    1.10 (addr 0xffffff7f83cb4000, size 69632)
last unloaded kext at 219175407137: com.eset.kext.esets-kac    640.12.80f01 (addr 0xffffff7f851c9000, size 77824)


5. Is this the same CSP issue that we encountered a while back? We then got notified by ESET to make changes for the cloud using below exclusions.

58ae41293c90b_ScreenCap2016-01-26at12_29_16.jpg.8bf463df2b5cb106ea469245586129dc.jpg

Could this be reviewed asap? Thanks in advance!

Cheers

 

Share this post


Link to post
Share on other sites

Hi @planet! If you have time, could you please review my post and findings caused by the new in-app update?

Cheers

Share this post


Link to post
Share on other sites
5 hours ago, m4v3r1ck said:

Hi @planet! If you have time, could you please review my post and findings caused by the new in-app update?

Cheers

 

Hi @m4v3r1ck,

Really unfortunate to read your bad experience with 6.4.128.0.
With number 1 to 4, I have had this experience occur to me in the past with Yosemite/El Capitan & earlier ESET v6 builds, related to the firewall part.

Based on what you provided, there are a few ideas in mind as to why the firewall part is causing these issues, and it may boil down to an upgrade instead of uninstalling the older version and reinstalling the new version from scratch, and issues with existing settings/configuration or other issues.

  1. First thing I would do is uninstall Cyber Security Pro (if you have trouble due to the freezing, force-shutdown your mac and go into Safe Mode by holding down shift right after the start up sound, and uninstall from there).
  2. Restart, and download and install Cyber Security Pro's latest version. Restart as soon as the update is complete.
  3. Create new rules and configure setting from scratch, do not import.
  4. Restart once more to see if freezing occurs.

If issues persist, uninstall again. I would then try using Cyber Security to see if not using the firewall part resolves the issue (It did for me in the past). If it does, it may be an issue between the firewall and using OS X Yosemite. In that case I would keep using Cyber Security and contact your local ESET Support so they can figure out what's going on.

 

5 hours ago, m4v3r1ck said:

Is this the same CSP issue that we encountered a while back? We then got notified by ESET to make changes for the cloud using below exclusions.

ESET mentioned to exclude those with Yosemite when Yosemite was released those few years back, and since you are still using Yosemite I would continue to include those exclusions until you update your mac to a more up to date version.

Share this post


Link to post
Share on other sites

Hi @planet,

A big thanks for your prompt reply, much appreciated! So agreed, let's boil down the in-app update issue. For being still on Yosemite has a reason. I always wait to upgrade my workflow machine to a higher macOS, until Apple has released the minimum delta update of .3 / .4. I never bothered to look at El CheapO, because I like new features, but hay what a sloppy OS that was and I never risk my workflow macOS with the trial-and-error cycles, I use VM's for that part.

BUT, perhaps I could upgrade to macOS Sierra with the upcoming 10.12.4 release! :unsure:   

I'll use your abovementioned troubleshooting workflow today, thanks for that. Nevertheless, I find it very strange to encounter these issues again, running CSP (a few build & .updates later) in almost the same macOS release as back then when the cloud-based application issues arose!

Thanks again and I'll keep you posted! Have a nice day. ;)

Cheers
 

 

Share this post


Link to post
Share on other sites

UPDATE | Work in progress!

RED ALERT! - CSP is quitting unexpectedly while writing this post! Reverting back to 6.3.70.1! 

58aecb1340a84_ScreenCap2017-02-23at12_40_44.jpg.c9422dd684c640acbe253da228e451d2.jpg

Done with this trial-and-error atm! :angry:
 

Re-installation workflow:

1. Downloaded the full installer for CSP 6.4.128.0

2. Killed my internet connection 

3. Uninstalled CSP 6.3.70.1

4. Installes CSP 6.4.128.0

5. Rebooted Mac OS X 10.10.5

6. Changed automatic to interactive

7. Fired up my internet connection

8. Rebooted Mac OS X 10.10.5

==========================

Findings / Issues / Work in progress
 

I-1. While booting-to-desktop, the CSP splash screen has a very hard time reaching full 0% transparantie screen

58aec6cdd9883_ScreenCap2017-02-23at11_05_15.jpg.6896abc515d2e30b5d904cbae540d40c.jpg

I-2. CSP still 'crashes' when performing a Running Processes scan

58aec6ce7d2b6_ScreenCap2017-02-23at12_11_13.jpg.5d3fb19a67cc2916ba572d742d40fdcd.jpg

F-1. Crushing cloud-based applications seems to be solved

W-1. Performing an In-Depth Scan
==========================

Oh my, what a hassle this update!

Cheers
 

Share this post


Link to post
Share on other sites

I need work to be done today!

58aed2f32d0f8_ScreenCap2017-02-23at13_17_34.jpg.e28be856ee0993d8b16e7e3a34e28841.jpg

At least CSP 6.3.70.1 will keep my mind at ease while at work, and yes I need that atm! ;)

Cheers

Share this post


Link to post
Share on other sites

Do you run ECSP on a virtual machine or Mac hardware? Were you doing something specific when the crash occurred? We've tried to reproduce the issue to no avail.

I'm gonna drop you a pm with instructions how to gather diagnostic logs for further analysis.

Share this post


Link to post
Share on other sites

Hi @Marcos, thanks for your reply. This thread is about my native Mac OS X 10.10.5 on my Mac Pro, so no VM.

1. First did the in-app update in CSP 6.3.70.1 to CSP 6.4.128.0, no luck.

2. As @planet advised and instructed, I then later uninstalled (with the ESET uninstaller) CSP 6.4.128.0 and clean installed it again, with no imported rules and set-up the regular GUI settings.

Either way of installing didn't bring me much joy, so I look forward to your PM! Thanks.

Cheers

Share this post


Link to post
Share on other sites

Did you switch to interactive mode immediately? We'd need to be sure about whether the crash occurred with default settings and with automatic firewall mode or only after switching the firewall mode to interactive.

Share this post


Link to post
Share on other sites

Both, update to and clean install for CSP 6.4.128.0 were set to interactive mode.

Share this post


Link to post
Share on other sites

Ok, so the issue may not occur in automatic mode but we cannot confirm nor deny that assumption. We've also tried interactive mode but yet could not reproduce the issue. Let's see if the logs will shed more light.

Share this post


Link to post
Share on other sites

It's really interesting as the experience you've documented was exactly the issue I had with earlier ESET v6 builds and Yosemite & El Capitan, before using macOS Sierra which resolve this for me. Also, I recently had this occur again when using other third-party security or network apps, in particular RansomWhere (ECSP froze at boot and never loaded), BlockBlock (if you don't allow ESET processes) and VPN client software (openvpn conflicting with esets_proxy). So it'd be interesting to learn what's causing this to occur for you in this particular situation.

Either way, happy to see @Marcos helping out now, all the best @m4v3r1ck.

Share this post


Link to post
Share on other sites

Thanks @planet!

Yes I have some 3rd party network related apps/devices running:

- malwarebytes

- debookee

- istat server

- istat menus

- rubbernet

- Synolgy DS1812 machine

My question still remains, why 1-2 years later I'm having the exact same issues from the very past, when i comes to network- / (i)Cloud-based apps and/or machines.

@Marcos is investigating to for me right away thanks you! But I still have to send in the logs asap. First I need to finish my project(s), so maybe as per instantly after this weekend, I'll manage to send him the requested info's.

Marcos, do I need to re-install CSP 6.4.128.0 again? I for sure hope NOT!

Cheers all for your help and enjoy your weekends!

Share this post


Link to post
Share on other sites

@m4v3r1ck I will provide you with a newer version that should address the issue on Monday. Try it then with default settings and automatic mode first and if you're unable to reproduce it switch to interactive mode.

 

Share this post


Link to post
Share on other sites

Thank you again @Marcos for your prompt help. Please do send me the new release on monday, so I can provide you the log files it creates.

I 'expect' this release to nail down all my issues and live happely ever after! "-D

Cheers

Share this post


Link to post
Share on other sites
On 2/25/2017 at 2:07 PM, Marcos said:

@m4v3r1ck I will provide you with a newer version that should address the issue on Monday. Try it then with default settings and automatic mode first and if you're unable to reproduce it switch to interactive mode.

 

Hi @Marcos,

Just a reminder to send me the new version of CSP you promissed. 

Cheers

Share this post


Link to post
Share on other sites
On 3/2/2017 at 0:03 AM, m4v3r1ck said:

Hi @Marcos,

Just a reminder to send me the new version of CSP you promissed. 

Cheers

Bump!

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...