maiki 0 Posted August 21, 2018 Share Posted August 21, 2018 Quote ESET Security Management Center (7.0.66.1) In some cases, the “ESET Remote Administrator Component Upgrades task” will leave registry entries of ERA Agent version 6.5 despite successfully installing version 7 Management Agent, resulting in a state when both versions are reported and version check status will incorrectly report outdated installations, even when they are not present. Hello Forum, 2 of my Clients have the Problem. What can i do, to solve the wrong reporting. Thanks Maik Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted August 21, 2018 Administrators Share Posted August 21, 2018 I assume that currently it's only possible to manually delete the appropriate registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted August 21, 2018 ESET Staff Share Posted August 21, 2018 5 hours ago, maiki said: Hello Forum, 2 of my Clients have the Problem. What can i do, to solve the wrong reporting. Thanks Maik Could you please verify that executing following BAT script: reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /f "ESET Remote Administrator Agent" /s > temp.temp set "lineNr=1" set /a lineNr-=1 for /f %%G in (temp.temp) DO ( setlocal ENABLEDELAYEDEXPANSION set line=%%G echo "!line!" reg delete "!line!" /f del temp.temp goto :leave ) :leave will resolve issue on clients? It should remove registries of all ERA (not ESMC) agents found on client. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted August 21, 2018 ESET Staff Share Posted August 21, 2018 Or maybe even better, could you verify this registry keys actually points to ERA Agent: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" If so, running "Run command" ESMC task with command line: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f directly from console on affected clients should clean old registries: Link to comment Share on other sites More sharing options...
maiki 0 Posted August 22, 2018 Author Share Posted August 22, 2018 Hello, i have deleted the two registry keys and now it seems ok. Thank you for your help. Link to comment Share on other sites More sharing options...
bbahes 29 Posted August 22, 2018 Share Posted August 22, 2018 10 hours ago, MartinK said: Or maybe even better, could you verify this registry keys actually points to ERA Agent: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" If so, running "Run command" ESMC task with command line: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f directly from console on affected clients should clean old registries: Shouldn't this be run in upgrade procedure and not by user/admin alone? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted August 22, 2018 ESET Staff Share Posted August 22, 2018 Just now, bbahes said: Shouldn't this be run in upgrade procedure and not by user/admin alone? Actually those registries should be removed automatically, but for some unknown reason, specific installed files are registered as if they were installed with multiple products, and thus they are not removed (i.e. there is some kind of reference counting). Manual removal of those registries is just temporary solution until issue is properly fixed. Link to comment Share on other sites More sharing options...
DennisA 1 Posted August 22, 2018 Share Posted August 22, 2018 16 hours ago, MartinK said: Or maybe even better, could you verify this registry keys actually points to ERA Agent: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" If so, running "Run command" ESMC task with command line: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f directly from console on affected clients should clean old registries: I had the same problem of the 2 agent versions (v6 and v7) being reported, but running this registry command immediately solved the problem. Thanks!! Link to comment Share on other sites More sharing options...
SteffenM 0 Posted August 22, 2018 Share Posted August 22, 2018 I just ran the ESMC upgrade on my old ERA Server. After that I ran the Security Management Center Components Upgrade as well as an Update for the Rogue Detection Sensor Now the ESMC Reports that the Server has the following installed: Remote Administrator Agent 6.5.522.0 Remote Administrator Server 6.5.522.0 Management Agent 7.0.553.0 Security Management Center Server 7.0.553.0 Rogue Detection Sensor 1.1.693.0 I do see the previously specified Registry Entries for the ERA Agent, as well as similar entries with the ID FF4A76B03E71D144183AEA3C39576B29 for the ERA Server. So I would guess that while the upgrade was successful (it does Show me the new GUI at least, and I suppose it wouldnt really work with both versions actually installed) the same uninstallation error can also happen with the ERA Server. Link to comment Share on other sites More sharing options...
Cousin Vinny 6 Posted August 22, 2018 Share Posted August 22, 2018 (edited) Confirming that this is the same issue and solution affecting my agent upgrades; the two reg keys just need to be deleted. edit: Just deployed agent update to 9 machines using PDQ Deploy rather than a Run Program task in ESET or a manual install and none exhibited this behavior. I am going to continue deployments using this method. Edited August 22, 2018 by Cousin Vinny Link to comment Share on other sites More sharing options...
jonathan.deane_UK 10 Posted August 23, 2018 Share Posted August 23, 2018 I created a dynamic group with, contains Agents v7 AND v6 are both installed, then run 2 x Run Commands (1 for each of the reg deletes) when clients joined the group. This resolved the issue for me 95% of the time, i did have to manually rerun the task a few times and had to manually remove one of the reg entries as it was being stubborn and not deleting on at least two machines. Link to comment Share on other sites More sharing options...
slk 0 Posted September 5, 2018 Share Posted September 5, 2018 Hi jonathan.deane_UK could you please sent Expression for your Dynamic group for filtering clients with both installed agents? Thank you. Link to comment Share on other sites More sharing options...
satellite360 0 Posted October 17, 2018 Share Posted October 17, 2018 Hi I'm seeing this on all our clients (70+). Any indication as to whether or not this is affects performance? If not I'm content to leave until ESET supply a fix - would be interested to know if one is on the horizon. Thanks Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted October 17, 2018 ESET Staff Share Posted October 17, 2018 Hello, We are currently investigating the issue to determine the best solution and cause of this issue. We would appreciate the output of diagnostic tool (dumps installer registry related to Agent). In attachment is a new version of the diagnostic tool and .bat file which runs the diagnostic tool with required parameters. Please PM me resulting registry dumps (preferably from several computers so we have greater statistics) Thanks in advance Diagnostic.Agent.7.1.91.0_x64.zip Link to comment Share on other sites More sharing options...
satellite360 0 Posted October 18, 2018 Share Posted October 18, 2018 13 hours ago, Mirek S. said: Hello, We are currently investigating the issue to determine the best solution and cause of this issue. We would appreciate the output of diagnostic tool (dumps installer registry related to Agent). In attachment is a new version of the diagnostic tool and .bat file which runs the diagnostic tool with required parameters. Please PM me resulting registry dumps (preferably from several computers so we have greater statistics) Thanks in advance Diagnostic.Agent.7.1.91.0_x64.zip Hi Attachment unavailable. Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted October 19, 2018 ESET Staff Share Posted October 19, 2018 (edited) Sorry, I forgot users are not allowed to download attachments. For the time being please PM me for the tool (it will be part of next hotfix release) Thanks in advance. Edited October 19, 2018 by Mirek S. Link to comment Share on other sites More sharing options...
karsayor 8 Posted October 30, 2018 Share Posted October 30, 2018 HI, What about the keys in HKEY_CLASSES_ROOT\Installer\Products\07F21F149AF55F34494F355BE44BEE4C HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07F21F149AF55F34494F355BE44BEE4C ? They should be deleted as well ? I'm also concerned if this may generate problems when updating the agent in the future and if this issue will be fixed in a next release ? Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted October 30, 2018 ESET Staff Share Posted October 30, 2018 Hello, Recommended is to leave registry as they are for now. Upcoming service release should correct issues caused by the previous version. Specifically installations affected with 7.0 version being installed while being reported as 6.X from installer point of view - upgrade will update installer registry to match what is really installed. both 6.X and 7.0 version being reported as installed - upgrade will remove both previous versions For upgrade to succeed previous version(s) installation package file is required. We backup installation package within Agent. Windows backups currently installed applications packages in windows specific directories. Original location (from where installation was run) is also used to find msi package if previous lookups failed. For GPO deploys it's therefore recommended to keep previous packages(s) on distribution point and only add new versions instead of replacing them. For those potentionally affected by missing installation package, it's possible to select those in installation UI mode. HTH Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted October 30, 2018 Administrators Share Posted October 30, 2018 To share a file for the others, it is necessary to upload it to a file sharing service for instance and post a download link. Direct access to attachments is available only to moderators for security reasons. Link to comment Share on other sites More sharing options...
karsayor 8 Posted October 30, 2018 Share Posted October 30, 2018 Thank you Mirek, so we will not delete any of the registry keys and wait for a new version of the agent. Any idea on the approximate schedule release ? Link to comment Share on other sites More sharing options...
satellite360 0 Posted November 26, 2018 Share Posted November 26, 2018 Pleased to report that upgrading to Management Agent 7.0.577.0 resolved the problem. Thanks. Link to comment Share on other sites More sharing options...
ichkriegediekriese 0 Posted December 1, 2018 Share Posted December 1, 2018 On 11/26/2018 at 8:40 AM, satellite360 said: Pleased to report that upgrading to Management Agent 7.0.577.0 resolved the problem. Thanks. I also had issues with persistent old ERA entry and no new v7 product would install. Additionally uninstall of v6 ERA failed even manually. But the new ERA .577 installed just fine after clearing the above posted reg-keys and after that Endpoint Sec. also installed without a hitch. Finally! Link to comment Share on other sites More sharing options...
HSW 9 Posted December 4, 2018 Share Posted December 4, 2018 I had also some clients with this, easiest way: Old Installer right click uninstall over context menu (after this all was clean) Link to comment Share on other sites More sharing options...
Recommended Posts