itman 1,806 Posted August 2, 2018 Posted August 2, 2018 I am "bowing out" from any further replies. Again, you need to contract your in-country Eset tech support for further assistance in this matter.
Samoréen 8 Posted August 3, 2018 Author Posted August 3, 2018 16 hours ago, itman said: I am "bowing out" from any further replies. Again, you need to contract your in-country Eset tech support for further assistance in this matter. Thanks for your time, itman. I'll continue feeding this thread with the information I'll be able to collect.
Samoréen 8 Posted August 8, 2018 Author Posted August 8, 2018 (edited) Latest news : - Clearing the Update Cache didn't help. - MalwareBytes is not the culprit. Edited August 8, 2018 by Samoréen
ESET Moderators Peter Randziak 1,182 Posted August 16, 2018 ESET Moderators Posted August 16, 2018 Hello @Samoréen, I'm sorry for the delayed answer, I had an vacation. Can you please provide us with a fresh set of logs to investigate? Regards, P.R.
Samoréen 8 Posted August 16, 2018 Author Posted August 16, 2018 Peter, As I already explained multiple times, the problem appears randomly so I'm unable to anticipate. I cannot reproduce at will. Thus, providing consistent logs along with a Process Monitor log as you requested in your message from June 12 is a problem. The problem didn't re-appear since about 8 days. It may re-appear at any time without any warning. I will be notified of the error by the ESET UI after a failed attempt. So any log collecting procedure implying a before/after backup is a no go. Otherwise, I can provide any file you want.
ESET Moderators Peter Randziak 1,182 Posted August 21, 2018 ESET Moderators Posted August 21, 2018 Hello @Samoréen, sure I understand. I talked with the dev and it seems that the original files are crucial for us as it's highly probably corrupted somehow. I will send you a message privately, I think one tool can cover it. Regards, P.R.
Samoréen 8 Posted August 21, 2018 Author Posted August 21, 2018 Hi Peter, The problem didn't re-appear since 12 days now. Meanwhile, I noticed that something had been changed (by my ISP) in the settings of my DSL box. The acceptable margin for the SNR (signal noise ratio) has been set to a higher value, which means that the box is now less tolerant to transmission errors. This could explain why the problem didn't show up since almost 2 weeks although I never had any file corruption problem with the previous settings (with exception of the ESET updates). I don't see why only the ESET update files should be corrupted. Maybe they go a specific route where some device between your servers and my PC is generating the problem. Anyway, I will download the tool and use it if the problem shows up again.
Phil_S 3 Posted August 21, 2018 Posted August 21, 2018 I doubt it's of any help, but since my previous post in this thread on 24th June, I had a flurry of these differential update notifications from her laptop over a period of 3 days, seemingly affecting every download attempt, but since then nothing untoward at all. Since she has changed nothing on her laptop, I suspect some kind of external influence must have been involved.
ESET Moderators Peter Randziak 1,182 Posted August 21, 2018 ESET Moderators Posted August 21, 2018 Hello @Samoréen, sadly the tool has to be running when the error happens, most likely some file corruption on disk causes it. In case it would be corrupted during the download, you would receive invalid signature error. @Phil_S hmm strange as well. I would probably start with a check disk, in case it bothers her,.. Regards, P.R.
Samoréen 8 Posted August 21, 2018 Author Posted August 21, 2018 1 hour ago, Phil_S said: I had a flurry of these differential update notifications from her laptop over a period of 3 days, seemingly affecting every download attempt, but since then nothing untoward at all. Phil_S, It would be interesting to see whether we get these notifications for the same updates. They might be triggered at a different time (or date) but they can be identified by their version number. For example, the last one that failed for me was this one Time;Module;Event;User 08/08/2018 17:11:56;ESET Kernel;Detection Engine was successfully updated to version 17850 (20180808).;SYSTEM The above is the success notification after 2 failed attempts.
Samoréen 8 Posted August 21, 2018 Author Posted August 21, 2018 1 hour ago, Peter Randziak said: sadly the tool has to be running when the error happens, most likely some file corruption on disk causes it. I have understood that the tool must be running when the problem occurs. If the problem was related to my internet connection, it should not re-appear. If not, I will see it again one of these days and it will happen more than once. So if I see it again in the near future, I will activate all the available reporting tools and wait for the next failure. Re: disk failure If you re-read this thread, you'll see that I have done everything I could do to confirm or invalidate this possibility. For the moment, I exclude the idea that the 2 SSDs that are/were used to store the update files are having problems only with ESET update files.
Phil_S 3 Posted August 21, 2018 Posted August 21, 2018 2 hours ago, Samoréen said: Phil_S, It would be interesting to see whether we get these notifications for the same updates. They might be triggered at a different time (or date) but they can be identified by their version number. For example, the last one that failed for me was this one Time;Module;Event;User 08/08/2018 17:11:56;ESET Kernel;Detection Engine was successfully updated to version 17850 (20180808).;SYSTEM The above is the success notification after 2 failed attempts. No, as I say all updates have completed without any errors since the end of June. I'm afraid I deleted all the notifications that I has, as there have been no problems for three weeks now, and my mailbox was filling up with successful notifications due to the bug in the current version. It is interesting though that my daughter's laptop also has an SSD.
ESET Moderators Peter Randziak 1,182 Posted August 28, 2018 ESET Moderators Posted August 28, 2018 It seems to be an excalibur issue ? :-), but I hope it will either disappear by itself or we will crack it together.
Samoréen 8 Posted September 12, 2018 Author Posted September 12, 2018 On 8/21/2018 at 11:49 AM, Samoréen said: The problem didn't re-appear since 12 days now. Meanwhile, I noticed that something had been changed (by my ISP) in the settings of my DSL box. The acceptable margin for the SNR (signal noise ratio) has been set to a higher value, which means that the box is now less tolerant to transmission errors. This could explain why the problem didn't show up since almost 2 weeks although I never had any file corruption problem with the previous settings (with exception of the ESET updates). I don't see why only the ESET update files should be corrupted. Maybe they go a specific route where some device between your servers and my PC is generating the problem. OK. The problem didn't re-appear since more than one month. Nothing has changed on my system beside what's explained above. So there's a good chance that this was the problem - crossing my fingers - (although I still don't understand why only the ESET update files were affected).
ESET Moderators Peter Randziak 1,182 Posted September 18, 2018 ESET Moderators Posted September 18, 2018 Hello @Samoréen, thank you for for keeping an eye on it and for your patience. I hope, that this ghost issue won't reappear as it is really tough one to debug,... Regards, P.R.
Samoréen 8 Posted October 11, 2018 Author Posted October 11, 2018 Additional information about this issue... The problem now appears to be clearly related to my DSL box settings. Quoting a previous message : Quote I noticed that something had been changed (by my ISP) in the settings of my DSL box. The acceptable margin for the SNR (signal noise ratio) had been set to a higher value, which means that the box was now less tolerant to transmission errors. As soon as I have tried to lower again the acceptable SNR value, the problem re-appeared within the next 24 hours. After setting it to a higher value, it was gone again. Now, I'm still wondering why this caused problems to ESET NOD32 updates only. I'm downloading a lot of files that have to be error free (images, Windows updates, installation files, etc.) and I never observed a file corruption or a failure due to a corrupted file. These downloads are too frequent to merely consider a coincidence. No idea about what could make ESET downloads specific.
itman 1,806 Posted October 11, 2018 Posted October 11, 2018 1 hour ago, Samoréen said: Now, I'm still wondering why this caused problems to ESET NOD32 updates only. I'm downloading a lot of files that have to be error free (images, Windows updates, installation files, etc.) and I never observed a file corruption or a failure due to a corrupted file. Many file downloads are not signed. Even if they are signed, the software employing those files does not usually compared download hash value to that in the certificate to ensure file corruption has not occurred. Most software installers rely exclusively on the certificate validity check; e.g. not expired, revoked, etc., to ensure the file is valid.
ESET Moderators Peter Randziak 1,182 Posted October 12, 2018 ESET Moderators Posted October 12, 2018 Hello @Samoréen, nice spot, thank you for the info and your investigation of it. As far as I know our update files are downloaded via HTTP/1.1, served from a standard web server and checked once download, no idea how special our downloads could be,... Regards, P.R.
Samoréen 8 Posted October 12, 2018 Author Posted October 12, 2018 Peter, The only difference with other sensitive files that I can think of is the way these files are following to reach my PC. I agree with Itman's statements but I'm sure I have downloaded a lot of files that would have been rejected if they were corrupted. Well, we are now aware that the problem was due to some corruption caused by an SNR value on my DSL line that was too low. What we don't know is what was actually corrupted. Referring to a message from Itman at the beginning of this thread : Eset modules use a code signed Eset certificate. This cert. is not stored in Windows root CA store. As such, cert. "pinning" path to root CA issuer must be validated via Internet connection. If this chain validation lookup is blocked locally, Eset certificate validation will fail. So maybe the files themselves were not corrupted but something repeatedly went wrong during the exchange mentioned by Itman OR the firmware of my DSL box was not able to recover FEC errors (which are normally recoverable) during this exchange because of the SNR value. The exchanged data during the certificate validation could have a particular "signature" that caused the bug while other certificates are not affected. I guess we'll never know.
itman 1,806 Posted October 12, 2018 Posted October 12, 2018 Eset is unique among security vendors in that their modules are not downloaded as executable code. Rather they are assembler code than is assembled on the device. As such, Eset has much more stringent checking on download tampering that is found in conventional software update downloads. Also to my best knowledge, you have been the only one that has been affected by this checking on a continuous basis.
Recommended Posts