Jump to content

ESET Service doesn't start on XenApp Servers after upgrade to ESET File Security 7.1.12006.0


JME

Recommended Posts

Hi,

We upgraded our XenApp Servers (version 7.9) from ESET File Security 6.5.12014.1 to 7.1.12006.0

Since this upgrade, ESET Service doesn't start even if we try to manually.
We tried uninstalling and reinstalling: no changes.

We tried repairing and it gives us an error: the .dll files cannot be removed because of rights.

Can you help us resolving this issue ?

Regards,
 

 

Link to comment
Share on other sites

  • Administrators

Does the problem persist if you uninstall EFSW and install v7.1 from scratch? I'd recommend raising a support ticket with your local customer care and providing them with logs collected with ESET Log Collector for a start.

Link to comment
Share on other sites

Hi,

I found something.

1/ ESET 7.x registry key
The ESET Service doesn't start at boot up => Need to be started manually

The registry value "LaunchedProtected" used to protect ESET Service.
This value doesn't exist on ESET 6.x version

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ekrn
LaunchedProtected = 3

Deleting this value or changing it to "0" doesn't do the trick because it is recreated at every server restart
 

2/ .NET Framework updates on XenApp servers only
After some new Windows updates, the ESET Service doesn't start at all.
KB4514604 // KB4514599 // KB4498963

The solution is to revert to ESET File Security 6.x. but it's a mess because we have lots of XenApp servers.

I found a workaround. This workaround creates a security hole, so use it with caution.

1/ Start Windows in Safe Mode
2/ Change the value LaunchedProtected to 0
3/ Change Owner on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ekrn
Server\Administrator insteaf of System
4/ Change Group / Users  permissions
"Read" instead of "Full Control"
5/ Reboot in Normal mode

*Do not revert Owner because ESET is using System and will changeLaunchedProtected to 3 after a second  server reboot.

Hope ESET / Microsoft / Citrix will publish a definitive solution.

Edited by JME
Link to comment
Share on other sites

  • Administrators

Protected service was first supported by EFSW v7, hence the value doesn't exist with older versions.
We strongly recommend keeping Protected service enabled for maximum protection, ie. LaunchedProtected should always be set to 3.

Please provide 2 sets of ELC logs, one with Protected service enabled and the other with Protected service disabled (a reboot is needed after enabling/disabling it). Do you mean that the issue doesn't occur with Protected service disabled?

Link to comment
Share on other sites

Hi Marcos,

I know that Protected Service should be enabled, as I mention it on my previous post.
I have no choice:
- all our servers were working without antivirus and that's a bigger issue.
Downgrading to 6.x will break Protected Service too.
And if I need to upgrade after, it takes time again.
When we did the upgrade, sometimes the automatic upgrade (via ESMC) failed and we need to install EFS manually and in before uninstalling all in Safe Mode.
 

Do you mean that the issue doesn't occur with Protected service disabled?  Yes, right.

What do you mean by ESET Log Collector logs ?
 

Regards,

Link to comment
Share on other sites

Hi Marcos,

Thanks, I will provide them as soon as I can.
Problem is related to Citrix, but also to Miccrosoft: some of their new patches break ESET Service).
Does ESET use .NET Framework ?

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...