Jump to content
Samoréen

Error when applying differential update

Recommended Posts

Posted (edited)

Hi,

Since 11.1. 54, I systematically get the following message when updates are available :

Modules update failed
Error occurred when applying differential update to base file

If I click on "Check for updates" in the main window, I get the same error again. If I click again on "Check for updates", then the update succeeds. Very same process each time. The error appears upon system startup, just after the logon. Using Windows 10 1709.

In Tools | Log files | Events, I can see 2 error lines :

Update Module - Compiler error (1af8)
Update Module - Error occurred when applying differential update to base file

Anyone having the same problem ?

Edited by Samoréen

Share this post


Link to post
Share on other sites

I have cleared the update cache. Now waiting for the next module update to see if that helped...

Share this post


Link to post
Share on other sites

Hello @Samoréen

please let us know how it went, I would start with a system reboot (we had an issues, where updates were failing when Windows updates were applied and the system was not rebooted)

In case you need a further assistance with this issue, please enable the Update engine advanced logging, wait until the issue occurs again.

Regards, P.R.

Share this post


Link to post
Share on other sites
1 minute ago, Peter Randziak said:

please let us know how it went, I would start with a system reboot (we had an issues, where updates were failing when Windows updates were applied and the system was not rebooted)

Hi Peter,

I'll tell you when the next module update is released. Any known schedule ?

My system is rebooted every morning and after each Windows update, so this is not the cause of the problem, I guess.

Share this post


Link to post
Share on other sites

Hello,

new set of modules is prepared and it's distribution should start in few moments,...

Regards, P.R.

Share this post


Link to post
Share on other sites

OK. The last updates succeeded. Now I'm wondering what could have corrupted the update cache.

Share this post


Link to post
Share on other sites
Posted (edited)

The problem is back. Same error message. It re-appeared just a few minutes ago.

I still have to click twice on Check for Updates before the update succeeds. The fist attempt always fails.

UpdateModule.JPG

Edited by Samoréen

Share this post


Link to post
Share on other sites

We'll also need the content of the c:\ProgramData\ESET\Updfiles and c:\program files\eset\eset security\modules folders from the time when the error occurs. When reproducing the issue, enable advanced logging in the main gui -> help and support -> details for customer care. After reproducing the issue, disable advanced logging, gather logs with ELC and also provide the content of the above mentioned folders.

Share this post


Link to post
Share on other sites

Marcos,

My updfiles folder is here : https://www.dropbox.com/s/y36yumgvpiwxrqa/updfiles.zip?dl=0

As of the Modules folder, there's no file or folder there having a Date Modified timestamp corresponding to the date and time of the error. It's rather hard to explore these folders because the Date modified date and time of the folders and subfolders are not in sync.

There's only one DLL that has been modified yesterday : em042_64.dll . But the timestamp doesn't correspond to the time of the error. Here are the top level folders having a Date Modified timestamp corresponding to yesterday : https://www.dropbox.com/s/j7h88q0ux3l1bme/Modules.zip?dl=0

I'll wait until the next module update to reproduce the issue. Just to be sure : for me, reproducing the issue is clicking on the Check for updates  button once I have got the error message again because I'm sure that the error comes up again once when clicking that button the first time.

 

Share this post


Link to post
Share on other sites

Marcos,

Please also note that there's no problem with the Detection Engine updates. There was an update one hour ago and it succeeded.

> It's rather hard to explore these folders because the Date modified date and time of the folders and subfolders are not in sync.

More about this. When you say "c:\program files\eset\eset security\modules folders from the time when the error occurs", I don't really understand what this means. For example, I have a C:\Program Files\ESET\ESET Security\Modules\em042_64 folder, Date modified 05-15-2018. It contains 2 subfolders named 2225 and 2227, Date Modified 05-14 and 05-15. The files in these subfolders have the same timestamps. There are 31 folders in the Modules folder and each of these subfolders also have subfolders with various timestamps. This makes finding the "module folders from the time the error occurs" rather hard because I don't exactly know what to look for.

Share this post


Link to post
Share on other sites
Posted (edited)
13 hours ago, Marcos said:

enable advanced logging in the main gui -> help and support -> details for customer care.

Does enabling advanced logging affect system performances ?

The "I" icon in that window, on the right of the "Create Advanced Logs" button is grayed. No effect. No information displayed.

Edited by Samoréen

Share this post


Link to post
Share on other sites
2 hours ago, Samoréen said:

Does enabling advanced logging affect system performances ?

The "I" icon in that window, on the right of the "Create Advanced Logs" button is grayed. No effect. No information displayed.

It may have negligible effect on performance. Create advanced logs should always be clickable, at least I can't think of a scenario when it would be greyed out (at least as long as you have administrator permissions).

image.png

Share this post


Link to post
Share on other sites
Posted (edited)
9 minutes ago, Marcos said:

Create advanced logs should always be clickable, at least I can't think of a scenario when it would be greyed out (at least as long as you have administrator permissions).

image.png

The Create Advanced Logs button IS enabled. I was talking about the (i) icon on its right. Such a button is supposed to give information about what the associated command does. This icon does nothing in my case. It is grayed out.

icon.JPG

Edited by Samoréen

Share this post


Link to post
Share on other sites
Posted (edited)

I got a bunch of module updates this afternoon. None failed. No error message. Some had a return code apparently indicating that they were not needed ( ? ? ). See attached Event log captures.

By the way : could it be possible to make the main UI window resizable ? Viewing all the reported data requires a lot of horizontal and vertical scrolling and makes it difficult to upload useful screen captures.

The logs are here : https://www.dropbox.com/s/tf97b4vmwg93772/eav_logs2.zip?dl=0

The updfiles folder is here : https://www.dropbox.com/s/vd9y0h1o4xs3nlz/updfiles2.zip?dl=0

Today's modified Modules folders are here : https://www.dropbox.com/s/7qeuzoiflch3mlb/Modules2.zip?dl=0 (Please wait at least one hour before the upload of this one completes. The Modules folder contains huge DLLs. Uploading everything is just impossible. So I just uploaded those folders having a Date Modified timestamp for today - just waiting for an answer to my question above about this issue; I don't exactly know what to upload).

Please note that Advanced logging disabled itself multiple times after I enabled it. It also disabled itself just after the last module updates.

EventLog1.JPG

EventLog2.JPG

Edited by Samoréen

Share this post


Link to post
Share on other sites
11 minutes ago, Samoréen said:

Today's modified Modules folders are here : https://www.dropbox.com/s/7qeuzoiflch3mlb/Modules2.zip?dl=0 (Please wait at least one hour before the upload of this one completes. The Modules folder contains huge DLLs. Uploading everything is just impossible. So I just uploaded those folders having a Date Modified timestamp for today - just waiting for an answer to my question above about this issue; I don't exactly know what to upload).

If you just want a directory listing of the Modules folder, here it is :

https://www.dropbox.com/s/o5is1ixfxdzhm6v/listing.txt?dl=0

Share this post


Link to post
Share on other sites
Posted (edited)

The problem is back. Since I didn't get any feedback about my previous uploads, I guess that it is useless to upload again the log files.

ProblemBack.JPG

Edited by Samoréen

Share this post


Link to post
Share on other sites
Posted (edited)

At least, there's one thing I'd like to know : when these errors occur, clicking on "Check for updates" re-launches the update process. In that case, no error message is displayed and the Event log doesn't show any additional error. But it doesn't acknowledge a successful installation either. So finally, are these modules actually updated ? Is there any way to check this ? If there is only one thing I'd like to be sure for an antivirus software, it is that it's correctly updated. Below, my list of components...

Components.JPG

Edited by Samoréen

Share this post


Link to post
Share on other sites

Hello @Samoréen ,

I'm sorry for the delay :-(, I opened a ticket with our devs to check your logs.

I can see many Detection Engine was successfully updated to version ,... entries in your log so in that attempts the update was successful.

I will keep you posted about the logs analysis results.

Regards, P.R.

Share this post


Link to post
Share on other sites

The problem occurred again today. I clicked on Check for updates, and the update failed again. I clicked a second time on Check for updates and the update succeeded. Immediately after that, the event log reported a successful Detection Engine update. So, I guess that these module updates are actually Detection Engine updates. If I'm correct, this means that if I do not update manually, my system is not protected against the latest threats normally detected by the Detection Engine. Time to do something...

 

UpdateBug.JPG.f44da52ad7f5bfc8fc02fa2f620861f3.JPG

UpdateBug.JPG

Share this post


Link to post
Share on other sites

The "Invalid digital signature" error appears if update files were tampered with on their way, ie. between your computer and your ISP or between your ISP and ESET's update servers (outside ESET's infrastructure). If the error occurs frequently, I'd suggest trying to connect to the Internet via another ISP, if possible and avoiding any proxy servers. You can capture such communication with Wireshark so that we can check what modifications were made to the update files.

Share this post


Link to post
Share on other sites

Hi,

Strange. I have no other corruption problem when downloading files from other sources. And I'm daily downloading a lot of files that are potentially sensitive to corruption. Why should especially the Eset files be corrupted on their way to my PC ?

Share this post


Link to post
Share on other sites

Do you monitor outbound firewall communication? Given you are using NOD32, this would be done by some non-Eset based software.

Eset modules use a code signed Eset certificate. This cert. is not stored in Windows root CA store. As such, cert. "pinning" path to root CA issuer must be validated via Internet connection. If this chain validation lookup is blocked locally, Eset certificate validation will fail.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×