Jump to content

Is ESET blocking KB4058258 (Windows 10 16299.214)?


howardagoldberg
 Share

Recommended Posts

I just formatted my laptop and didn't install NOD32, the latest updates offered were only up to 16299.125 so something is going on with Microsoft ESET has nothing to do with this.

Link to comment
Share on other sites

1 hour ago, Phoenix said:

I just formatted my laptop and didn't install NOD32, the latest updates offered were only up to 16299.125 so something is going on with Microsoft ESET has nothing to do with this.

@Phoenix There must be another issue at play, and I suspect it is this: To get the .192 build that was released in early January that started the Spectre/Meltdown patching madness, you had to have a registry key set by an AV vendor or manually, otherwise the update would not be pulled by Microsoft (see MS's own notes on this). In order to get builds released beginning in January 2018, at least that key needs to be set. You may need to let Defender do its thing for a bit (update definition, etc.), or enter the key yourself.

Otherwise, install ESET. Make sure you get the latest AV and anti-stealth modules (as detailed in this thread), which update the needed registry keys, and try to pull the updates again.

That's your issue :-) With a new install today, I would actually expect the exact behavior you described (as annoying as that behavior is).

ESET has already acknowledged that there was an issue which was resolved with the anti-stealth module that was released this morning.

Edited by howardagoldberg
Link to comment
Share on other sites

35 minutes ago, howardagoldberg said:

@Phoenix There must be another issue at play, and I suspect it is this: To get the .192 build that was released in early January that started the Spectre/Meltdown patching madness, you had to have a registry key set by an AV vendor or manually, otherwise the update would not be pulled by Microsoft (see MS's own notes on this). In order to get builds released beginning in January 2018, at least that key needs to be set. You may need to let Defender do its thing for a bit (update definition, etc.), or enter the key yourself.

Otherwise, install ESET. Make sure you get the latest AV and anti-stealth modules (as detailed in this thread), which update the needed registry keys, and try to pull the updates again.

That's your issue :-) With a new install today, I would actually expect the exact behavior you described (as annoying as that behavior is).

ESET has already acknowledged that there was an issue which was resolved with the anti-stealth module that was released this morning.

Ok I installed NOD32 and rebooted and was immediately offered KB4074595 and KB4058258 which to my build up to 16299.214

Link to comment
Share on other sites

So, with the anti-stealth update 1124, I got at least the Flash update and a bunch of Office updates (I'm not sure if these are patch Tuesday updates). Interestingly my computer BSOD'd when or right after installing the Office updates! Coincidence? :D

It seems 16299.248 release notes (KB4074588) were just pushed, so let's see if I get that later.

As said, it will be a forever mystery why I was stuck at 16299.19 in the first place.

EDIT: My desktop and another laptop without ESET just updated to 16299.248. My laptop with ESET cannot see the update yet. Gonna wait till tomorrow and then try uninstalling ESET if it does not appear and see what happens then. (Is there some registry thing again?)

EDIT2: The last event log entry before the BSOD is:

Quote

Installation Started: Windows has started installing the following update: Windows Malicious Software Removal Tool x64 - February 2018 (KB890830)

This update is not offered to me anymore after the BSOD?

Edited by Jani
Link to comment
Share on other sites

1 hour ago, howardagoldberg said:

@Phoenix There you go! Of course stand by, because patch Tuesday starts in 5 minutes!

you are absolutely right man.

 

Just got KB4074588 which updated by Windows 10 to build 16299.248

Link to comment
Share on other sites

50 minutes ago, Jani said:

EDIT: My desktop and another laptop without ESET just updated to 16299.248. My laptop with ESET cannot see the update yet.

Yeah, I updated everything except KB4074588 which is Win 10 1709 Feb. cumulative update. KB4074588 was not offered via Windows Update.

Appears to me there still might be an issue with Eset blocking the update. Maybe not. The Windows Update Catalog shows the Feb. service stack update but not the cumulative update which is strange.

Edited by itman
Link to comment
Share on other sites

1 hour ago, itman said:

Yeah, I updated everything except KB4074588 which is Win 10 1709 Feb. cumulative update. KB4074588 was not offered via Windows Update.

Appears to me there still might be an issue with Eset blocking the update. Maybe not. The Windows Update Catalog shows the Feb. service stack update but not the cumulative update which is strange.

For what it is worth -- all of today's updates (Windows 1709 build .248, the office security patches, malicious software removal tool) all came down without issue on my primary Win10 system. As far as I can tell and according to the Adobe flashplayer guidance page, there is no Flash update for any platform being released today.

Have not run WU on my other Win10 system for today's patches, but this morning, the "missing" .214 and Flash updates came down with no issue.

For those still having trouble, certainly make sure that ESET is up to date with the latest modules, but you may also now need to begin exploring other additional conflicts as well (are you running other security software concurrently, for example). Good luck everyone. Keep us posted. I will update my findings, if I find anything new ;-).

UPDATE: My other Win10 system also is pulling down the .248 update and the malicious software removal tool. So far, so good.

Edited by howardagoldberg
Link to comment
Share on other sites

  • ESET Moderators

Hello guys,

@howardagoldberg 

18 hours ago, howardagoldberg said:

Out of pure curiosity, why was the first registry key set through the anti-virus engine module, while the next key needed to be set through the anti-stealth module?

The Antivirus and antispyware scanner module (do not confuse it with Detection engine module) is used for various purposes including such special tasks like setting the registry flag to signalize readiness for the patches. The second flag was set by the Ant-stealth module as this module contained also required fixes to be compatible with the new patches so i make sense to signalize the readiness as well,...

18 hours ago, howardagoldberg said:

Are you aware of any issues we should anticipate with today's updates (I assume there will be another cumulative update along with other security updates for Office products)?

 

The only issues we are aware of is possible BSOD, when someone installs old ESET product (with an old installer) on updated system.

Users with installed version are O.K. as they received / will receive compatible Anti-stealth 1124.

Users downloading installers from the ESET web site are O.K. as well as we repacked the installation packages with the new modules to be compatible as well.

18 hours ago, howardagoldberg said:

I thought this was interesting, as such updates do not generally contain changes, except to have the latest modules as part of the install package for new installs.

The generally do not contain other changes than modules / localization fixes, but this time it was an exception and it contains a new version of OppMonitor.dll (used in Banking and payment protection feature) which will allow us to upgrade it easily in the future and there are also changes allowing us to update eelam driver quickly,...

 

@Jani  / @all if you have a full memory dump from the crash you can send me a link to download via private message and I can check it

 

If i remember correctly the updates were not offered to me on the first attempt, but not sure.

Regards, P.R.

Link to comment
Share on other sites

10 minutes ago, Peter Randziak said:

@Jani  / @all if you have a full memory dump from the crash you can send me a link to download via private message and I can check it

Sadly I do not have one. The percentage sat at 0% when the bsod occurred and event log says: "Dump file creation failed due to error during dump creation."

Link to comment
Share on other sites

I can confirm that the latest and up-to-date version of ESET Smart Security (6.6.2072.4) is blocking the latest Windows 10 updates including the newest KB4074588. As soon as it is uninstalled the patches become available in Windows Update.

Link to comment
Share on other sites

  • Administrators
1 hour ago, SieraZ said:

I can confirm that the latest and up-to-date version of ESET Smart Security (6.6.2072.4) is blocking the latest Windows 10 updates including the newest KB4074588. As soon as it is uninstalled the patches become available in Windows Update.

Do you have AntiStealth module 1124 installed? If so, is HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WindowsCompatibilityLevel set to 1?

It may take some time for Windows to re-check another patch compatibility value after this value has been set. I assume that a system restart could speed it up but I'm not sure 100%.

Link to comment
Share on other sites

  • Administrators
4 minutes ago, SieraZ said:

@Marcos Yes, the Anti-Stealth module version is 1124 but I don't seem to have this registry key at all

It looks like ESET is not installed, otherwise the key HKLM\SOFTWARE\ESET\ESET Security would exist.

Link to comment
Share on other sites

5 minutes ago, Marcos said:

Do you have AntiStealth module 1124 installed? If so, is HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WindowsCompatibilityLevel set to 1?

I have EEA 6.6.2072.4 installed, all updated modules and registry keys present, and only february update available is for Flash Player. I'm stuck on  W10 16299.192

PC without EEA updated to 16299.248

Link to comment
Share on other sites

24 minutes ago, Marcos said:

Do you have AntiStealth module 1124 installed? If so, is HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WindowsCompatibilityLevel set to 1?

I haven't received the .248 update yet, nor I have had the time to uninstall ESET to investigate this. I just checked and I do not have that WindowsCompatibilityLevel key. My registry looks sameish as @SieraZ's above.

I'm on ESET Endpoint Antivirus 6.6.2072.4 and anti-stealth 1124.

EDIT: I read this as the key should exist? I wonder why it does not currently exist for (and others).

Edited by Jani
Link to comment
Share on other sites

I have reinstalled ESET and the value still does not exist. I am also unable to manually add it even if running regedit as the inbuilt Administrator account.

EDIT: The value has appeared after a refresh! Does this mean I will have to fully uninstall and reinstall all the endpoints (around 150) for this to work properly? Before this the endpoints were upgraded from 6.4.2014.0 without uninstalling it first.

Edited by SieraZ
Link to comment
Share on other sites

  • Administrators
3 minutes ago, SieraZ said:

EDIT: The value has appeared after a refresh! Does this mean I will have to fully uninstall and reinstall all the endpoints (around 150) for this to work properly? Before this the endpoints were upgraded from 6.4.2014.0 without uninstalling it first.

By "refresh" you mean uninstalling and installing the latest Endpoint from scratch? Definitely this should not be needed.

If you see Antistealth module 1124 among installed modules and the WindowsCompatibilityLevel is not created even after a computer restart, please create a Procmon boot log as per the instructions at https://support.eset.com/kb6308/. When done, compress it, upload the archive to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with a download link.

 

Link to comment
Share on other sites

No, i meant i just didn't wait long enough for the program to be fully installed. Once fully installed the value was there, but also yes, it took a full uninstall/reinstall cycle for it to appear.

I will find another affected PC and try and get you the required logs.

Link to comment
Share on other sites

OK, so here are my findings: when upgrading directly from 6.4 to 6.6 the aforementioned registry key is not populated with the required value. As a result some Windows patches are not being offered when checking for updates. Then after uninstalling 6.6 and reinstalling it again the value gets populated and the patches become available. 

@Marcos Here's the link to the bootlog created on a PC with 6.6 after the upgrade. Anti-stealth module version is 1124.

https://www.dropbox.com/s/s7mldq7p09x7z7w/Bootlog.zip?dl=0

Link to comment
Share on other sites

  • Administrators

We have found out that under certain circumstances the module may fail to write the WindowsCompatibilityLevel value to the registry. A new AS module addressing this potential issue is being prepared and will be released probably tomorrow.

As a workaround you can create the value HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WindowsCompatibilityLevel and set it to 1 yourself in safe mode or wait until the new AS module is released.

Link to comment
Share on other sites

  • Administrators
Just now, SieraZ said:

@Marcos Thank you. Will the new version of AS write this value for existing installations after being updated to?

Yes, we attempt to write this value whenever modules are reloaded.

Link to comment
Share on other sites

I also never received KB4074588  and all Eset related reg. keys are set properly and Anti-Stealth module is a correct ver.. I again just downloaded KB4074588 from the Win Update Catalog.

Also another thing that appears not to be working is Eset's notification that Win Updates are available. I have my network connection set to metered and used to rely on this feature to inform me critical updates were available. Appears Microsoft has changed the way things are classified with most updates now being classified as "Security Update" versus the previous "Critical Security Update."

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...