ESET File Security for Windows Servers and KB4056892

[mbublitz 1]

I have seen discussions on the KB4056892 compatibility with ESET Anti-Virus AV, but what about the Eset File Security protection for Windows servers?  Is there a registry change that needs to be applied to systems using this protection prior to doing the Microsoft Updates?  If so, can someone explain what it is?

Product version on the servers is 6.0.12035.0.

[Marcos 5,074]

We've added the necessary registry value on all Windows systems. However, to my best knowledge Microsoft has released a patch only for Windows 10 so far.

[mbublitz 1]

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

There are fixes for Windows Server as well.  Can you confirm if the registry setting change is the same for the Eset File Security as it is for the Eset AV product for Workstations?

 

[SDS 0]

I am also interested in the answer to this.  I presently have ESET File Security for Windows Servers 6.4.n.n installed on a Windows 2008 R2 Server and after the recent windows update the system blue-screened (BSOD) on boot. 

Fortunately, I was able to get to a Command Prompt and recover using dism.exe /image:C:\ /cleanup-image /revertpendingactions.

ESET do not appear to mention compatibility with their Server product range ?? I'm wondering whether I need to update to the new 6.5.n.n release or fall back to an the Endpoint Antivirus solution in order to be able to apply the Microsoft Patch successfully? 

One further question: is the ESET server product really only needed where a WIndows Server is acting as a Domain Controller, as we have a number of Windows Servers in our infrastructure but not all are domain controllers?

Edited January 6, 2018 by SDS
Text Updated

[PaulP 0]

Us too please

Our file server has ESET 6.5.12014.0 (just upgraded it and re started to be sure) and we do not yet have KB4056892 showing up as installed or available in windows update.

[itman 1,659]

You can download the patch manually from the Win Catalog web site. After the patch has been applied and only applicable to Win Server OSes, you have to manually enable it as noted from an extract of the above posted Microsoft link:
 

Quote

Switch | Registry Settings

To enable the fix

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

If this is a Hyper-V host and the firmware updates have been applied: fully shutdown all Virtual Machines (to enable the firmware related mitigation for VMs you have to have the firmware update applied on the host before the VM starts).

Restart the server for changes to take effect.

To disable this fix

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

Restart the server for the changes to take effect.

(There is no need to change MinVmVersionForCpuBasedMitigations.)

 

Edited January 11, 2018 by itman