davidpitt 4 Posted January 21, 2019 Posted January 21, 2019 Hi, I've recently upgraded our ERA to v7 (From 6.6) and now trying to get the agents on the clients updated, however I'm running into issues! I am trying to update Eset Agent from v6.4.283.0 to v7.0.577.0 using the "Security Management Center Components Upgrade" However on several devices it is failing with the errors below.... Windows event logs show --------------------------------------------------------------- The description for Event ID 0 from source era-updater cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: era-updater Execution finished with 0x643: (0x643), Fatal error during installation --------------------------------------------------------------- Eset Trace log shows --------------------------------------------------------------- 2019-01-21 16:01:16 Error: CSystemConnectorModule [Thread 1c7c]: ReadUpgradeStatus: Upgrade of Agent from version '6.4.283.0' to '7.0.577.0' failed. Unexpected updater service Win32ExitCode 0x435 --------------------------------------------------------------- Any ideas? Thanks
ESET Staff MartinK 384 Posted January 21, 2019 ESET Staff Posted January 21, 2019 Could you please search client machine for log named ra-upgrade-infrastructure.log? It will be most probably located in one of system temporary directories, or in standard AGENTs logs directory. It should contain full msiexec log which should help us to diagnose this issue: according your previous post upgrade fails with generic error 1603 ( 0x643).
davidpitt 4 Posted January 22, 2019 Author Posted January 22, 2019 Here's the log... Thanks ra-upgrade-agent.log
davidpitt 4 Posted January 23, 2019 Author Posted January 23, 2019 Here's the log... Thanks ra-upgrade-agent.log Have you had chance to look at the log yet? Thanks
ESET Staff MartinK 384 Posted January 23, 2019 ESET Staff Posted January 23, 2019 2 hours ago, davidpitt said: Have you had chance to look at the log yet? Thanks I have forwarded it to colleagues as I was not able to find you what is reason. Now it seems that problem might be with self-defense, resp. HIPS module that might be blocking AGENT service stop. Is there any special HIPS configuration applied on ESET security product installed on those machines? It is possible to test upgrade on client machine with disabled HIPS (disabled in security product on the same client machine?) - unfortunately it will require reboot between disabling HIPS and upgrading AGENT.
davidpitt 4 Posted January 23, 2019 Author Posted January 23, 2019 Hi, Disabling HIPS has worked and Agent got updated. Checking the policy, there are no special rules in place, other than 2 custom 'Allow' rules for LogMeIn and Hamachi. All HIPS options are enabled and Filtering Mode is set to Automatic. I'd prefer not to have to disable HIPS, wait for a restart, push out new agent, enable HIPS again on all devices if there is a fix for this issue?!? Thanks Shincan 1
davidpitt 4 Posted January 25, 2019 Author Posted January 25, 2019 Hi, Would I be better logging this direct with support rather here on the forums? Shincan 1
ESET Staff MartinK 384 Posted January 27, 2019 ESET Staff Posted January 27, 2019 On 1/25/2019 at 10:11 AM, davidpitt said: Hi, Would I be better logging this direct with support rather here on the forums? I would recommend to open support ticket in the meantime to be sure this issue is properly handled. It seems that HIPS module is protection AGENT service in way not even upgrade is possible, which is not proper behavior. Maybe @Marcos will know what and how to collect logs from security product so that it can be diagnosed.
davidpitt 4 Posted March 5, 2019 Author Posted March 5, 2019 So after speaking with support they told me to try HIPS in training mode. When that didn't work, they told me to just disable HIPS, which I've tested and does work. I've tried disabling every option under HIPS but the only thing that works is the disable the entire HIPS module. I even tried creating a HIPS rule that allows 'agent_x64.msi' full access to everything. Also for my test machine, I created brand new blank Eset policies, did a clean install of windows 10, no config changes, installed v6.6 of the agent and then v7 of the Endpoint and still had the problem upgrading agent to v7 with HIPS enabled. Very annoyed now, It baffles me how your own product can block it's own update, ridiculous! i'm really going off Eset and it doesn't help I'm getting pressured from my new bosses (With have recently merged) to ditch Eset and go with their BitDefender. To be honest the thought of having to update 1418 agents now to v7 and the problems I will face is making BitDefender very tempting possibility. Frustrating because I think the core AV of Eset is better and it's faster than BitDefender. Ever since the product was re-written and introduced the agent mechanism for v6, we've had nothing but problems with updating Agents. Any calls to Eset support has always ended up the same way, with the support agent not being able to fix it and having to run the Eset uninstall tool in safe mode. Apologies for the rant, just hoped by v7 these Agent issues would've been fixed :(
ESET Staff TomPark 4 Posted March 5, 2019 ESET Staff Posted March 5, 2019 (edited) @davidpitt if you do the upgrade in the following order this should work: Client with Endpoint 6.X Installed and Agent 6.5 Upgrade the Agent to v7.0 (from ESMC Server) Upgrade the Endpoint to v7 This should work perfectly fine. In your situation could you confirm what V7 Version number you are running (this can be found under Help and Support > Product and License Information). Edited March 5, 2019 by TomPark
Recommended Posts