Prasannamad 0 Posted August 7, 2018 Posted August 7, 2018 Hi, We have facing some detection engine update issues from today on words.We use update mirrors to deploy updates to clients.Mirror update completed successfully but clients getting failed with below error.Please look into this matter ASAP.I have also tried with clear update cache option also.But it not worked.
Administrators Marcos 5,408 Posted August 7, 2018 Administrators Posted August 7, 2018 How do you create the mirror? With the Mirror tool or you are using an ESET product for that? If so, what product and version? What is the version of Endpoint that is reporting the general compiler error?
Prasannamad 0 Posted August 7, 2018 Author Posted August 7, 2018 Thanks for the quick response.We use ESET product for mirroring. ESET remote administrator 6.5 version and for clients ESET endpoint security 6.5 and 6.6 versions.We identified this error reporting on ESET endpoint security 6.5 installed clients.
Administrators Marcos 5,408 Posted August 7, 2018 Administrators Posted August 7, 2018 And what product creates the mirror? Endpoint v6.5 or v6.6? Updates for EP6.5 and 6.6 are not compatible and a separate mirror needs to be created for each. Instead of using the mirror, we strongly recommend using HTTP Proxy which will save you a lot of traffic. The thing is a big portion of files downloaded to the mirror with each update is not used by clients at all.
jkknight 2 Posted August 14, 2018 Posted August 14, 2018 I am having this same issue with EPS for Windows, but we are not using the mirror function as recommended. The last successful update for this machine was Aug 3 which was the last time it was used. Just installed 6.62086.1 on a machine that had the previous version and was getting module updates fine. After upgrading to newest release the "updating product" just sits as if it's trying to connect to the server and will eventually fail (or time out). I've cleared the update cache under UPDATE>GENERAL, changed UPDATE>PROFILES>BASIC>update type to pre-release, uninstalled and reinstalled EPS, made sure that UPDATE>PROFILES>BASIC>UPDATE SERVER was set to choose automatically and checked that the Firewall was not blocking anything important. The Event Logs show that the download was interrupted by user NT AUTHORITY\SYSTEM Is there anything I am missing to double check?
jkknight 2 Posted August 14, 2018 Posted August 14, 2018 Just a bit of an update - I have turned off the proxy settings for both the server and the clients to force it to connect to the ESET update servers. The IP it is trying to connect to is 38.90.226.39 (um10.eset.com) - our trace route is below. traceroute to 38.90.226.39 (38.90.226.39), 64 hops max, 72 byte packets 1 internal gateway 0.727 ms 0.299 ms 0.320 ms 2 external IP 2.635 ms 1.843 ms 1.826 ms 3 xe0-0-1-0.agr01.chrx01-nc.us.windstream.net (169.130.167.181) 1.772 ms 1.846 ms 1.771 ms 4 xe5-3-3-0.pe07.chrl01-nc.us.windstream.net (40.130.35.235) 1.846 ms 1.800 ms 1.798 ms 5 et8-0-0-0.cr02.chrl01-nc.us.windstream.net (40.128.248.160) 1.994 ms 1.873 ms 1.857 ms 6 ae8-0.cr02.atln02-ga.us.windstream.net (40.132.59.32) 6.668 ms 6.884 ms 6.748 ms 7 atl-bb1-link.telia.net (80.239.194.9) 9.330 ms 6.900 ms 7.227 ms 8 cogent-ic-332070-atl-b22.c.telia.net (62.115.157.143) 7.496 ms 7.030 ms 7.108 ms 9 be2848.ccr42.atl01.atlas.cogentco.com (154.54.6.117) 7.345 ms 7.144 ms 7.220 ms 10 be2690.ccr42.iah01.atlas.cogentco.com (154.54.28.130) 25.962 ms 26.054 ms 26.013 ms 11 be2928.ccr21.elp01.atlas.cogentco.com (154.54.30.162) 48.273 ms 48.148 ms 48.334 ms 12 be2930.ccr32.phx01.atlas.cogentco.com (154.54.42.77) 57.055 ms 56.960 ms 56.720 ms 13 be2941.rcr52.san01.atlas.cogentco.com (154.54.41.33) 57.064 ms 57.313 ms 57.108 ms 14 te0-0-2-3.nr12.b036483-1.san01.atlas.cogentco.com (154.24.24.186) 57.663 ms 57.534 ms 57.488 ms 15 38.88.58.18 (38.88.58.18) 57.646 ms 57.685 ms 57.940 ms 16 um10.eset.com (38.90.226.39) 57.239 ms 57.650 ms 57.257 ms The client still says that the download is interrupted... I can ping that IP address from inside our network so I know it's not an issue with the connection being made. I am actually able to watch the ekrn.exe process make the connection over HTTP and then it kicks off several HTTPS connections to several different IP's which I assume are where the modules are to be downloaded from?
Administrators Marcos 5,408 Posted August 14, 2018 Administrators Posted August 14, 2018 The error "download interrupted" has always been a communication error between users' pc and ESET's update servers. In some cases, we suspected a firewall or trasparent proxy at users to be causing these issues. Please do the following: - enable advanced update engine and firewall logging under Tools -> Diagnostics - try to update Endpoint - stop logging - collect logs with ESET Log Collector - drop me a personal message with a download link to the generated archive with logs.
Recommended Posts