Jump to content

EAV add System Variable ESET_OPTIONS?


cybertron
 Share

Recommended Posts

I noticed there is a System Variable: ESET_OPTIONS added to my PC.

The value of it is 2079 white spaces, as attach image1 sys_var.jpg

post-3072-0-67010900-1393302117_thumb.jpg

 

This happens to two of my windows PC, one is running Windows 7 Ultimate x64 and another is running Windows 8.1 Pro x64.

Both systems are installed with the latest windows updates.

The EVA version is 7.0.302.26

 

This ESET_OPTIONS causes iTunes sync executables crashes when it trying to sync with outlook.

I'm using outlook 2013 x64 with latest updates installed.

The iTunes sync log is below:

********************START OF LOG********************

=====================================
com.apple.Outlook.client.exe begins
=====================================
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] parent process: 5256 "SyncServer.exe"
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] main thread 2708
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] command line: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.Outlook.client.exe" --sync com.apple.Outlook --entitynames "com.apple.contacts.Contact,com.apple.contacts.Date,com.apple.contacts.Email Address,com.apple.contacts.Group,com.apple.contacts.IM,com.apple.contacts.Phone Number,com.apple.contacts.Related Name,com.apple.contacts.Street Address,com.apple.contacts.URL" 
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] ALLUSERSPROFILE=C:\ProgramData
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] APPDATA=C:\Users\***MASKED***\AppData\Roaming
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] asl.log=Destination=file
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] CommonProgramFiles=C:\Program Files (x86)\Common Files
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] CommonProgramW6432=C:\Program Files\Common Files
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] COMPUTERNAME=***MASKED***
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] ComSpec=C:\Windows\system32\cmd.exe
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] ESET_OPTIONS=                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] FP_NO_HOST_CHECK=NO
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] HOMEDRIVE=C:
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] HOMEPATH=\Users\***MASKED***
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] LOCALAPPDATA=C:\Users\***MASKED***\AppData\Local
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] LOGONSERVER=\\MicrosoftAccount
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] NUMBER_OF_PROCESSORS=8
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] OS=Windows_NT
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] Path=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Apple\Apple Application Support\;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\;C:\Program Files (x86)\Common Files\Apple\Apple Application Support\;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\;C:\Program Files (x86)\Common Files\Apple\Apple Application Support\;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] PROCESSOR_ARCHITECTURE=x86
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] PROCESSOR_ARCHITEW6432=AMD64
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] PROCESSOR_LEVEL=6
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] PROCESSOR_REVISION=3c03
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] ProgramData=C:\ProgramData
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] ProgramFiles=C:\Program Files (x86)
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] ProgramFiles(x86)=C:\Program Files (x86)
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] ProgramW6432=C:\Program Files
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] PUBLIC=C:\Users\Public
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] SESSIONNAME=Console
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] SYNCSERVICES_CLIENT_IDENTIFIER=com.apple.Outlook
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] SYNCSERVICES_ENTITY_NAMES=com.apple.contacts.Contact,com.apple.contacts.Date,com.apple.contacts.Email Address,com.apple.contacts.Group,com.apple.contacts.IM,com.apple.contacts.Phone Number,com.apple.contacts.Related Name,com.apple.contacts.Street Address,com.apple.contacts.URL
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] SYNCSERVICES_PLAN_IDENTIFIER=D8FE346E-4023-9D49-B157-183089DE3138
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] SystemDrive=C:
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] SystemRoot=C:\Windows
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] TEMP=C:\Users\***MASKED***\AppData\Local\Temp
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] TMP=C:\Users\***MASKED***\AppData\Local\Temp
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] USERDOMAIN=***MASKED***
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] USERDOMAIN_ROAMINGPROFILE=***MASKED***
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] USERNAME=***MASKED***
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] USERPROFILE=C:\Users\***MASKED***
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] windir=C:\Windows
[4000 @ Tue Feb 25 02:04:50 2014] [YSLog com.apple.Outlook.client.exe] defaults key ShouldLog in domain com.apple.Outlook.client.exe is (null)
[4000 @ Tue Feb 25 02:04:50 2014] [com.apple.Outlook.client:AppleSyncMapiInterface ASLog] |Info| Trying to load the Mapi library directly.
[4000 @ Tue Feb 25 02:04:50 2014] [com.apple.Outlook.client:AppleSyncMapiInterface ASLog] |Info| Failed loading the Mapi library directly.
[4000 @ Tue Feb 25 02:04:50 2014] [com.apple.Outlook.client:AppleSyncMapiInterface ASLog] |Info| Trying with RPC...
[4000 @ Tue Feb 25 02:04:50 2014] [com.apple.Outlook.client:AppleSyncMapiInterface ASLog] |Info| Trying to load the Mapi library using RPC.
[4000 @ Tue Feb 25 02:04:50 2014] [com.apple.Outlook.client:AppleSyncMapiInterface ASLog] |Info| Generated string for RPC portName: com.apple.Outlook.client_4000:315@537
[4000 @ Tue Feb 25 02:04:50 2014] [com.apple.Outlook.client:AppleSyncMapiInterface ASLog] |Info| Launching separate process: AppleSyncMapiInterfaceHelper_x64.exe...
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Info| Starting AppleSyncMapiInterfaceHelper_x64.exe...
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Info| Function MAPIInitialize       loaded successfully.
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Info| Function MAPIUninitialize     loaded successfully.
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Info| Function MAPILogonEx          loaded successfully.
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Info| Function MAPIFreeBuffer       loaded successfully.
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Warning| Failed to load function FreeProws@4.
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Info| Function FreeProws            loaded successfully.
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Info| Function MAPIAdminProfiles    loaded successfully.
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Info| Function MAPICrashRecovery    loaded successfully.
[4000 @ Tue Feb 25 02:04:50 2014] [_ISDVLog com.apple.Outlook.client.exe] com.apple.Outlook: fast sync com.apple.contacts.Contact, com.apple.contacts.Date, com.apple.contacts.Email Address, com.apple.contacts.Group, com.apple.contacts.IM, com.apple.contacts.Phone Number, com.apple.contacts.Related Name, com.apple.contacts.Street Address, com.apple.contacts.URL
[5824 @ Tue Feb 25 02:04:50 2014] [_ISDVLog AppleMobileSync.exe] com.apple.MobileSync.213179319b9161f4527a9911d560f93c800bd5d3: fast sync com.apple.contacts.Contact, com.apple.contacts.Date, com.apple.contacts.Email Address, com.apple.contacts.Group, com.apple.contacts.IM, com.apple.contacts.Phone Number, com.apple.contacts.Related Name, com.apple.contacts.Street Address, com.apple.contacts.URL
[1724 @ Tue Feb 25 02:04:50 2014] [AppleSyncMapiInterfaceHelper_x64 ASLog] |Info| Exiting AppleSyncMapiInterfaceHelper_x64.exe.
[4000 @ Tue Feb 25 02:04:50 2014] [YSLoader com.apple.Outlook.client.exe] 
===================================
com.apple.Outlook.client.exe ends
===================================
[5256 @ Tue Feb 25 02:04:50 2014] [com.apple.console SyncServer.exe] *** Assertion failure in -[iSDSyncManager environment], ISDSyncManager.m:452
[5256 @ Tue Feb 25 02:04:50 2014] [_ISDVLog SyncServer.exe] main, exception during initializeServer.  Name: 'NSInternalInconsistencyException', reason: 'malformed value: ESET_OPTIONS='
Stack:(
)
[5256 @ Tue Feb 25 02:04:50 2014] [YSLoader SyncServer.exe] 
=====================
SyncServer.exe ends
=====================
[5824 @ Tue Feb 25 02:06:03 2014] [YSLoader AppleMobileSync.exe] 
==========================
AppleMobileSync.exe ends
==========================
[5272 @ Tue Feb 25 02:06:05 2014] [YSLoader AppleMobileDeviceHelper.exe] 
==================================
AppleMobileDeviceHelper.exe ends
==================================
[5584 @ Tue Feb 25 02:06:05 2014] [com.apple.SyncServices.AppleMobileDeviceHelper AppleMobileDeviceHelper.exe] Exception NSPortSendException while handling message: [NSMessagePort sendBeforeDate:] Cannot send (-3).
Message: {
    AMSMessageSignatureKey =     (
        AMSTargetIdentifierKey
    );
    AMSRequestKey = AMSGetDataClassInfoForTargetRequest;
    AMSTargetIdentifierKey = 213179319b9161f4527a9911d560f93c800bd5d3;
}

********************END OF LOG********************

 

May I know if this System Variable: ESET_OPTIONS is added by EAV or not?

What's the purpose of it?

For now, I have to remove the System Variable so that iTunes can sync with outlook.

 

Regards.

Link to comment
Share on other sites

Hi,

 

I also had this strange environment variable created after installing ESET NOD32. There's nothing that can justify something that odd anyway. Must be a bug in the installer. But I also have problems when syncing Outlook with my iPod. Removing the variable didn't help but I didn't reboot since then. Let's try...

Link to comment
Share on other sites

But I also have problems when syncing Outlook with my iPod. Removing the variable didn't help but I didn't reboot since then. Let's try...

 

Bingo! After a reboot, iTunes started to sync my iPod with Outlook without a hitch.

 

Link to comment
Share on other sites

Hi everybody,

 

FYI

 

According to an ESET representative, the ESET_OPTIONS environment variable is not a bug :

 

it is not a buggy option, it's there on purpose and by removing it you deactivated one of the new protection enhancements. We were able to reproduce the issue in our environment and analyze it. Eventually it turned out to be a bug in iTunes which causes the issue. We have a workaround for the iTunes bug prepared for testing.

Link to comment
Share on other sites

Hello,

 

This system variable is impacting more than iTunes/Outlook sync. I have a customer running a car repair shop software which partially runs in DOS and heavily relies on PATH variable (running under Windows 7 Pro x86). When attempting to run an internal update for the software, it would fail until I removed the ESET_OPTIONS variable.

 

Plus, I noticed another problem related to this variable. If I go to edit the Environment Variables in the "Advanced system settings", then edit the "PATH" variable (I didn't even have to change anything), save the changes and close the windows, the PATH, WINDIR, and some other system variables disappeared completely. If I opened a Command Line and typed "PATH", it would return "PATH=(NULL)". Rebooting the system would solve this upon the next time I'd go to edit any of the environment variables.

 

Also, this variable isn't removed when Eset Antivirus is uninstalled.

 

I'll send that to ESET so they can hopefully fix that in the next version. Filling the environment variables memory with space-filled variable isn't much of a good idea...

 

Alex

Link to comment
Share on other sites

  • Administrators

Do you have HIPS module 1119 from pre-release update servers installed? It contains a workaround to the iTunes bug and the length of the mentioned variable was shortened considerably as well.

Link to comment
Share on other sites

 

Filling the environment variables memory with space-filled variable isn't much of a good idea...

 

Agreed. Especially when no information is given about something that immediately appears as a bug to any user. This should be mentioned somewhere in the help file or in a FAQ. I guess ESET will answer that giving information about a part of their defence strategy would also not be that wise but usually, such things are invisible to the user and do not interfere with other apps.

 

Anyway, not giving information about this feature costed some of us a lot of time. I returned to ESET NOD32 just a few weeks ago but as a developer, I used it in my professional environment until I retired in 2010. At that time, it was much more quiet than now which was the reason for which it replaced the Norton AV on my system. Now I'm not sure about what trouble this strange environment variable will possibly generate and I also have the Outlook integration that generates duplicate emails.

Link to comment
Share on other sites

The size of the variable should not surpass 2047 bytes. If you do that, you'll break the variable system and any variable past ESET_OPTIONS gets nulled or not registered at all. Meaning, no application, bugged or buggles will be able to read those variables using Microsoft programming practices. (One could read them directly by accessing the Registry, but that's not how it's done!)

 

On pre-Vista systems, it also matters the size of the entire block of variables. On post-Vista, it doesn't. You can add as many as you like, as long as they follow the above rule!

 

1119 seems to fix the issue, I don't know for sure. People should just copy the string and measure it in a notepad/n++. Less than 2047 it's OK.

Link to comment
Share on other sites

It seems to cause other problems (Windows 7 64bit):

  • Some shortcuts have their paths corrupted (usually prepended with C:\Users\blah blah)
  • In my Eclipse Java development environment, ANT build scripts stop working (path and classpath corrupted)
  • There could be other things...

 

I have edited the environment variable and reduced it from 2079 spaces to 2000 spaces... so far so good.

Edited by robert.youdan
Link to comment
Share on other sites

  • Administrators

I have edited the environment variable and reduced it from 2079 spaces to 2000 spaces... so far so good.

Probably you have an older HIPS module installed. Make sure you have HIPS module 1119 installed.

Link to comment
Share on other sites

  • 1 year later...

We use a custom application that crashes unfortunately when there is any Windows environment variable whose value consists merely of blanks, no matter how many blanks.

After updating ESET endpoint from version 5 to 6, this application doesn't work anymore due to the "empty" system variable ESET_OPTIONS.

When we remove the variable, the custom application works, but after a reboot the "empty" variable reappears!!

Is there any way to prevent ESET from setting this variable to an empty string, at least as a workaround until we have a fix for the custom application?

Link to comment
Share on other sites

  • Administrators

The variable is crucial for Java Exploit Blocker to work. You can try disabling exploit blocker and restarting the computer, however, you will lose one of the protection layers.

Link to comment
Share on other sites

The variable is crucial for Java Exploit Blocker to work. You can try disabling exploit blocker and restarting the computer, however, you will lose one of the protection layers.

 

If blocking a security threat involves creating an environment variable that breaks some basic rules of the Windows environment and causes some applications to fail or crash, I'm wondering where is the benefit. Let's push the concept : if I want an absolutely safe environment, I can decide to not power on my PC. No virus, no apps. Let's be serious! This modification of the system environment is a bug and the fact that it breaks some applications should be advertised. Period.

Link to comment
Share on other sites

I don't know how the Java exploit blocker works, however I also find it surprising that this variable is needed for this purpose.

However please show me the "basic rules of the Windows environment" which were violated. I'm not aware of any which disallows a only-whitespace environment variable.

 

Also no application should crash because of a whitespace environment variable. An application doing such things has a bug.

Environment variables should always be considered as something unreliable, which can have any values. Because of this a program should be able to handle any input of this kind. The worst thing it can do is crashing.

Link to comment
Share on other sites

The variable is crucial for Java Exploit Blocker to work. You can try disabling exploit blocker and restarting the computer, however, you will lose one of the protection layers.

 

If the variable is crucial, then why does it not show up on every machine?  I believe beckma20 is talking about the same software we have issues with.  When I installed Eset 6 on my PC's and Terminal Servers, about 65% of the PC's have the issue, and only 1 Terminal Server out of 4.  Thanks to finding out about the variable, I was able to check and the machines that did not have issues did not have this variable.  So, why was the variable only installed on some of the machines?

Link to comment
Share on other sites

  • Administrators
If the variable is crucial, then why does it not show up on every machine?

 

Probably those systems don't have Java installed.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...