after upgrade Agent to v7 old Agent is also visible

maiki · August 21, 2018

Quote

ESET Security Management Center (7.0.66.1)

In some cases, the “ESET Remote Administrator Component Upgrades task” will leave registry entries of ERA Agent version 6.5 despite successfully installing version 7 Management Agent, resulting in a state when both versions are reported and version check status will incorrectly report outdated installations, even when they are not present.

Hello Forum,

2 of my Clients have the Problem. What can i do, to solve the wrong reporting.

Thanks Maik

Marcos · August 21, 2018

I assume that currently it's only possible to manually delete the appropriate registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.

MartinK · August 21, 2018

5 hours ago, maiki said:

Hello Forum,

2 of my Clients have the Problem. What can i do, to solve the wrong reporting.

Thanks Maik

Could you please verify that executing following BAT script:

reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /f "ESET Remote Administrator Agent" /s > temp.temp

set "lineNr=1"
set /a lineNr-=1
for /f  %%G in (temp.temp) DO (
  setlocal ENABLEDELAYEDEXPANSION
  set line=%%G
  echo "!line!"
  reg delete "!line!" /f
  del temp.temp
  goto :leave
)
:leave

will resolve issue on clients? It should remove registries of all ERA (not ESMC) agents found on client.

MartinK · August 21, 2018

Or maybe even better, could you verify this registry keys actually points to ERA Agent:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}"

If so, running "Run command" ESMC task with command line:

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f

directly from console on affected clients should clean old registries:

maiki · August 22, 2018

Hello,

i have deleted the two registry keys and now it seems ok.

Thank you for your help.

bbahes · August 22, 2018

10 hours ago, MartinK said:
Or maybe even better, could you verify this registry keys actually points to ERA Agent:
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}"
If so, running "Run command" ESMC task with command line:
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f 
directly from console on affected clients should clean old registries:

Shouldn't this be run in upgrade procedure and not by user/admin alone?

MartinK · August 22, 2018

Just now, bbahes said:

Shouldn't this be run in upgrade procedure and not by user/admin alone?

Actually those registries should be removed automatically, but for some unknown reason, specific installed files are registered as if they were installed with multiple products, and thus they are not removed (i.e. there is some kind of reference counting). Manual removal of those registries is just temporary solution until issue is properly fixed.

DennisA · August 22, 2018

16 hours ago, MartinK said:
Or maybe even better, could you verify this registry keys actually points to ERA Agent:
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}"
If so, running "Run command" ESMC task with command line:
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f 
directly from console on affected clients should clean old registries:

I had the same problem of the 2 agent versions (v6 and v7) being reported, but running this registry command immediately solved the problem. Thanks!!

SteffenM · August 22, 2018

I just ran the ESMC upgrade on my old ERA Server. After that I ran the Security Management Center Components Upgrade as well as an Update for the Rogue Detection Sensor

Now the ESMC Reports that the Server has the following installed:

Remote Administrator Agent 6.5.522.0
Remote Administrator Server 6.5.522.0
Management Agent 7.0.553.0
Security Management Center Server 7.0.553.0
Rogue Detection Sensor 1.1.693.0

I do see the previously specified Registry Entries for the ERA Agent, as well as similar entries with the ID FF4A76B03E71D144183AEA3C39576B29 for the ERA Server.

So I would guess that while the upgrade was successful (it does Show me the new GUI at least, and I suppose it wouldnt really work with both versions actually installed) the same uninstallation error can also happen with the ERA Server.

Cousin Vinny · August 22, 2018

Confirming that this is the same issue and solution affecting my agent upgrades; the two reg keys just need to be deleted.

edit: Just deployed agent update to 9 machines using PDQ Deploy rather than a Run Program task in ESET or a manual install and none exhibited this behavior. I am going to continue deployments using this method.

Edited August 22, 2018 by Cousin Vinny

jonathan.deane_UK · August 23, 2018

I created a dynamic group with, contains Agents v7 AND v6 are both installed, then run 2 x Run Commands (1 for each of the reg deletes) when clients joined the group.

This resolved the issue for me 95% of the time, i did have to manually rerun the task a few times and had to manually remove one of the reg entries as it was being stubborn and not deleting on at least two machines.

slk · September 5, 2018

Hi jonathan.deane_UK

could you please sent Expression for your Dynamic group for filtering clients with both installed agents?

Thank you.

satellite360 · October 17, 2018

Hi

I'm seeing this on all our clients (70+). Any indication as to whether or not this is affects performance? If not I'm content to leave until ESET supply a fix - would be interested to know if one is on the horizon.

Thanks

Mirek S. · October 17, 2018

Hello,

We are currently investigating the issue to determine the best solution and cause of this issue. We would appreciate the output of diagnostic tool (dumps installer registry related to Agent).

In attachment is a new version of the diagnostic tool and .bat file which runs the diagnostic tool with required parameters.

Please PM me resulting registry dumps (preferably from several computers so we have greater statistics)

Thanks in advance

Diagnostic.Agent.7.1.91.0_x64.zip

satellite360 · October 18, 2018

13 hours ago, Mirek S. said:

Hello,

We are currently investigating the issue to determine the best solution and cause of this issue. We would appreciate the output of diagnostic tool (dumps installer registry related to Agent).

In attachment is a new version of the diagnostic tool and .bat file which runs the diagnostic tool with required parameters.

Please PM me resulting registry dumps (preferably from several computers so we have greater statistics)

Thanks in advance

Diagnostic.Agent.7.1.91.0_x64.zip

Hi

Attachment unavailable.

Mirek S. · October 19, 2018

Sorry,

I forgot users are not allowed to download attachments.

For the time being please PM me for the tool (it will be part of next hotfix release)

Thanks in advance.

Edited October 19, 2018 by Mirek S.

karsayor · October 30, 2018

HI,

What about the keys in

HKEY_CLASSES_ROOT\Installer\Products\07F21F149AF55F34494F355BE44BEE4C
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07F21F149AF55F34494F355BE44BEE4C

? They should be deleted as well ? I'm also concerned if this may generate problems when updating the agent in the future and if this issue will be fixed in a next release ?

Mirek S. · October 30, 2018

Hello,

Recommended is to leave registry as they are for now. Upcoming service release should correct issues caused by the previous version.

Specifically installations affected with

7.0 version being installed while being reported as 6.X from installer point of view - upgrade will update installer registry to match what is really installed.
both 6.X and 7.0 version being reported as installed - upgrade will remove both previous versions

For upgrade to succeed previous version(s) installation package file is required. We backup installation package within Agent. Windows backups currently installed applications packages in windows specific directories. Original location (from where installation was run) is also used to find msi package if previous lookups failed.

For GPO deploys it's therefore recommended to keep previous packages(s) on distribution point and only add new versions instead of replacing them.

For those potentionally affected by missing installation package, it's possible to select those in installation UI mode.

HTH

Marcos · October 30, 2018

To share a file for the others, it is necessary to upload it to a file sharing service for instance and post a download link. Direct access to attachments is available only to moderators for security reasons.

karsayor · October 30, 2018

Thank you Mirek, so we will not delete any of the registry keys and wait for a new version of the agent. Any idea on the approximate schedule release ?

satellite360 · November 26, 2018

Pleased to report that upgrading to Management Agent 7.0.577.0 resolved the problem. Thanks.

ichkriegediekriese · December 1, 2018

On 11/26/2018 at 8:40 AM, satellite360 said:

Pleased to report that upgrading to Management Agent 7.0.577.0 resolved the problem. Thanks.

I also had issues with persistent old ERA entry and no new v7 product would install. Additionally uninstall of v6 ERA failed even manually.

But the new ERA .577 installed just fine after clearing the above posted reg-keys and after that Endpoint Sec. also installed without a hitch. Finally!

HSW · December 4, 2018

I had also some clients with this, easiest way: Old Installer right click uninstall over context menu (after this all was clean)

Sign In

after upgrade Agent to v7 old Agent is also visible

Recommended Posts

ESET Security Management Center (7.0.66.1)

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics