Mac OS High Sierra fully patched (10.13.4) ESET endpoint AV install fails

[mattfippard 0]

Have tried both deployment from Remote administrator server and local install with different results.

From Remote Administrator server the install completes and warning from MacOS appears so I can enable the extensions that are blocked.  Following this ESET Antivirus starts (observed in activity monitor) but no icon appears in top status bar. After approx 2 mins ESET process in not responding and needs to be force quit.

From local installation at the end it states:

"The installation failed. The installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance"

I can't find anything to indicate what fails though I do get one error in the system log which I believe to be the extension blocking but I get no prompt to enable it with the downloaded installer.

"esets[854]: error[03560000]: ESET Daemon: Command kextload failed. error:0x00"

 

Any help greatly appreciated.

[mattfippard 0]

Some additional information after a reboot I get the following log entry

kextd        Kext rejected due to insecure location: <OSKext 0x7fcb91489120 [0x7fffb10bdaf0]> { URL = "file:///Library/StagedExtensions/Applications/ESET%20Endpoint%20Antivirus.app/Contents/PlugIns/kext/eses_mac_64_109.kext/", ID = "com.eset.kext.esets-mac" }

 

[Peter Randziak 1,130]

Hello @mattfippard ,

can you please grab the logs by means of https://support.eset.com/kb3404/ right after the failed installation and send them to us for inspection, with a reference to this forum topic? 

Regards, P.R.

[mattfippard 0]

Thanks,  I have sent in a new support request as detailed above with the forum topic in the description.  As of yet (about 10 mins after submitting) I haven't received a reference or confirmation email though

[mattfippard 0]

@Peter Randziak  I still haven't heard back with regards to this issue.  I have had communication but only to verify this forum link.  Is there any progress with this issue, thanks

[aleksb 1]

@mattfippard I'm seeing same problem on my systems — two of iMac Pro fail to load this extension, while iMac 5k works perfectly fine. All of the systems on macOS 10.13.5. What's your systems? Did you find a solution?

[mattfippard 0]

@aleksb  I still have the one that this simply will not run on however I have set up a new machine since then and ESET has installed correctly, however I hadn't applied the 2018.1 patch prior to installing the AV software.  I don't really have any test systems to try this theory out on and I'm still awaiting reply from the logged issue.

[aleksb 1]

@mattfippardwhich systems do you have issue on? what os? I'm on latest high sierra with all latest updates and problem started after upgrading to the 6.6.800.1 of eset for business.

[mattfippard 0]

@aleksb I had problems with the previous ESET version 6.6.600.1 and with High Sierra 10.13.4 onwards.  As I said above I did manage to get an install to work before applying the 2018.1 patch from Apple (the meltdown/spectre patch??).

This seems like it could be a false positive though and may have stemmed from the reboot operation for the patch co-inciding with the install for ESET and the extension enabling process.  I'm still working with an older MacBook Air that I have found to test with and if I can replicate I'll post my findings.

[aleksb 1]

@mattfippard  Could you please run following command in the terminal and post output here?

kextstat | grep eset
sudo kextutil -verbose /Library/StagedExtensions/Applications/ESET\ Endpoint\ Security.app/Contents/PlugIns/kext/esets_mac_64_109.kext

 

Wondering if you ran into same issue as I'm seeing. 

Edited June 5, 2018 by aleksb

[mattfippard 0]

@aleksb Output of command is below

:~ $ sudo kextutil -verbose /Library/StagedExtensions/Applications/ESET\ Endpoint\ Antivirus.app/Contents/PlugIns/kext/esets_mac_64_109.kext
Defaulting to kernel file '/System/Library/Kernels/kernel'
Notice: /Library/StagedExtensions/Applications/ESET Endpoint Antivirus.app/Contents/PlugIns/kext/esets_mac_64_109.kext has debug properties set.
Kext rejected due to insecure location: <OSKext 0x7fad086126f0 [0x7fffb0139af0]> { URL = "file:///Library/StagedExtensions/Library/StagedExtensions/Applications/ESET%20Endpoint%20Antivirus.app/Contents/PlugIns/kext/esets_mac_64_109.kext/", ID = "com.eset.kext.esets-mac" }
Kext rejected due to insecure location: <OSKext 0x7fad086126f0 [0x7fffb0139af0]> { URL = "file:///Library/StagedExtensions/Library/StagedExtensions/Applications/ESET%20Endpoint%20Antivirus.app/Contents/PlugIns/kext/esets_mac_64_109.kext/", ID = "com.eset.kext.esets-mac" }
Diagnostics for /Library/StagedExtensions/Applications/ESET Endpoint Antivirus.app/Contents/PlugIns/kext/esets_mac_64_109.kext:
Warnings:
    Dependency lacks appropriate value for OSBundleRequired and may not be available during early boot:
        com.apple.iokit.IOSerialFamily - Safe Boot

So looking at that even though I accepted the loading of it, it still gets rejected.  Is there a way to remove the trust and let it prompt again?

[aleksb 1]

2 hours ago, mattfippard said:

Is there a way to remove the trust and let it prompt again?

Yes, it's KB6570.

I've actually followed it and it was helpful, but did not fix my problem.