Windows 10 1703 (Creators Update) wrongly reports ESET EAV 6.5.2107 as out of date.

[fxcd 2]

On all computers in our company running Windows 10 Enterprise 1703 (Creators Update, Build 15063), Windows constantly reports that ESET Endpoint Antivirus (version 6.5.2107.0) is out of date (in the Action Center, as well as under "Control Panel\System and Security\Security and Maintenance"). However the ESET EAV GUI itself claims that the virus signature database is up to date.

FYI: we test-installed the current BETA EAV 6.6.2031.0, where the problem appears to be fixed. However, we cannot deploy a BETA version to production systems, especially as it is not fully configurable via the current ERA release. Is there any chance there will be a hotfix for this bug in 6.5 before 6.6 is released?

I noticed this problem has been mentioned as part of another thread in
https://forum.eset.com/topic/12132-eset-endpoint-security-65-cant-install-on-windows-10-with-creators-update/?do=findComment&comment=62014

However I am opening a new topic for this, as it appears to me to be an unrelated issue to the "can't install" problem.

 

[MichalJ 430]

Hello, I would like to recommend to you to open a ticket with the official ESET Support. I have asked our internal QA teams to attempt to replicate the issues, but without success, so it might be related to specifics with your environment. 

Can you at least send us exported configuration of your Endpoint client, and check if the system time is correctly set. 

[fxcd 2]

The system time for all our endpoints is correct. Time is synchronized within our Windows Domain.

Note that the problem only affects endpoints running Windows 10 1703. Endpoints running Windows 10 Enterprise 2015 LTSB, Windows 8.1 or Windows 7 are not affected by the issue.

I will open a ticket with the official support and send in an exported configuration.

[maniel 0]

i also have this problem, on many machines (including new ones) the security center says eset is not up to date, eset itself says it's updated

[MichalJ 430]

Hello, was it an upgrade from previous version or a fresh install? Does the problem persist after uninstall, reboot and reinstall? 

[MichalJ 430]

One of the suggestions to try:
- temporarily disable Self-defense
- restart the computer
- run Regedit and delete the value HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WscState

- re-enable Self-defense

- restart the computer.

 

Looking forward to hearing about the result.

  0

[fxcd 2]

Hi,

Most of the machines were upgraded from version EAV 6.5.2094 (where the problem already existed). At least one got the current version 6.5.2107 right from the beginning. The problem persists after uninstall, reboot and reinstall.

I need a little more info to try your suggestion: Where do I find "disable Self-defense" in ESET Endpoint Antivirus? Is it equivalent to right-clicking the ESET icon in the systray and selecting "Pause protection"? (When I do that, both HIPS and Anti-Stealth protection stay enabled. Is that OK or do I need to disable them, too?)

[Peter Randziak 948]

Hello Fxcd,

no is not connected to the Pause protection.

To disable Self-defense open the ESET main GUI, press F5 to get to the advanced setup, go to Antivirus -> HIPS -> untick the Enable self-defense option. System reboot is required to apply the setting both for disabling and enabling Self-defense.

Regards, P.R.

[fxcd 2]

Thanks for the detail. Unfortunately, There is no value WscState under
HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info

I searched and found both a @WscState and a WscState value under
HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000600\settings\EKRN_CFG

Is it any of those?

I checked the registry on two computers (a physical and  a virtual machine, both running Windows 10 1703).

[fxcd 2]

Hi,

With the help of the ESET support, we finally found the source of the problem:

In our ESET policy, under "Advanced Setup -- Update -- Outdated Virus Signature Database Alerts", the EAV setting "Set maximum database age automatically" was set to FALSE, because we wanted a shorter maximum database age than the default of 7 days.

As soon as the setting "Set maximum database age automatically" was set to TRUE, Windows 10 1703 did not report EAV as being out of date anymore.

However, this appears to be a bug in ESET, as the problematic behaviour is caused by a legitimate ESET configuration setting and does not appear with Windows Versions earlier than Win 10 1703.

[Peter Randziak 948]

Hello Fxcd,

thank you for letting us know, we will check it internally.

Regards, P.R.

[avielc 48]

7 hours ago, Peter Randziak said:

Hello Fxcd,

thank you for letting us know, we will check it internally.

Regards, P.R.

@MichalJ @Peter Randziak

Just letting you both know. 
This is the same issue I've been seen on my side where ESET 6.5.2107 hasn't fixed.
I have tested that Maximum Age thing. 

It has successfully resolved it. but As @fxcd said. This is definitely a bug that shouldn't have occurred.

 

Thank you all for sharing the information @fxcd - Especially thanks for bringing it up again, as I was starting to wonder what happened to my request, and your detailed info helped me find that setting in our policy

Edited July 11, 2017 by avielc
Update

[Peter Randziak 948]

Hello guys,

thank you very much for your inputs.

Our QA has successfully reproduced in issue in house based on them and reported it to the Development team for analysis.

Regards, P.R.