Jump to content
JME

ESET Service doesn't start on XenApp Servers after upgrade to ESET File Security 7.1.12006.0

Recommended Posts

Hi,

We upgraded our XenApp Servers (version 7.9) from ESET File Security 6.5.12014.1 to 7.1.12006.0

Since this upgrade, ESET Service doesn't start even if we try to manually.
We tried uninstalling and reinstalling: no changes.

We tried repairing and it gives us an error: the .dll files cannot be removed because of rights.

Can you help us resolving this issue ?

Regards,
 

 

Share this post


Link to post
Share on other sites

Does the problem persist if you uninstall EFSW and install v7.1 from scratch? I'd recommend raising a support ticket with your local customer care and providing them with logs collected with ESET Log Collector for a start.

Share this post


Link to post
Share on other sites

Yes, the problem persists.
I already raised a ticket with my local customer.

Regards,

Share this post


Link to post
Share on other sites

Hi,

I found something.

1/ ESET 7.x registry key
The ESET Service doesn't start at boot up => Need to be started manually

The registry value "LaunchedProtected" used to protect ESET Service.
This value doesn't exist on ESET 6.x version

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ekrn
LaunchedProtected = 3

Deleting this value or changing it to "0" doesn't do the trick because it is recreated at every server restart
 

2/ .NET Framework updates on XenApp servers only
After some new Windows updates, the ESET Service doesn't start at all.
KB4514604 // KB4514599 // KB4498963

The solution is to revert to ESET File Security 6.x. but it's a mess because we have lots of XenApp servers.

I found a workaround. This workaround creates a security hole, so use it with caution.

1/ Start Windows in Safe Mode
2/ Change the value LaunchedProtected to 0
3/ Change Owner on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ekrn
Server\Administrator insteaf of System
4/ Change Group / Users  permissions
"Read" instead of "Full Control"
5/ Reboot in Normal mode

*Do not revert Owner because ESET is using System and will changeLaunchedProtected to 3 after a second  server reboot.

Hope ESET / Microsoft / Citrix will publish a definitive solution.

Edited by JME

Share this post


Link to post
Share on other sites

Protected service was first supported by EFSW v7, hence the value doesn't exist with older versions.
We strongly recommend keeping Protected service enabled for maximum protection, ie. LaunchedProtected should always be set to 3.

Please provide 2 sets of ELC logs, one with Protected service enabled and the other with Protected service disabled (a reboot is needed after enabling/disabling it). Do you mean that the issue doesn't occur with Protected service disabled?

Share this post


Link to post
Share on other sites

Hi Marcos,

I know that Protected Service should be enabled, as I mention it on my previous post.
I have no choice:
- all our servers were working without antivirus and that's a bigger issue.
Downgrading to 6.x will break Protected Service too.
And if I need to upgrade after, it takes time again.
When we did the upgrade, sometimes the automatic upgrade (via ESMC) failed and we need to install EFS manually and in before uninstalling all in Safe Mode.
 

Do you mean that the issue doesn't occur with Protected service disabled?  Yes, right.

What do you mean by ESET Log Collector logs ?
 

Regards,

Share this post


Link to post
Share on other sites

Please follow the link in FAQ:

How do I use ESET Log Collector?

It sounds like XenApp or some other app was attempting to inject its dlls into ESET's processes which is not possible for protected services for security reasons.

Share this post


Link to post
Share on other sites

Hi Marcos,

Thanks, I will provide them as soon as I can.
Problem is related to Citrix, but also to Miccrosoft: some of their new patches break ESET Service).
Does ESET use .NET Framework ?

 

Share this post


Link to post
Share on other sites
1 minute ago, JME said:

Does ESET use .NET Framework ?

No, it doesn't.

Share this post


Link to post
Share on other sites
9 hours ago, Marcos said:

Hi,

I juste sent the 2 ESET Log Collector log files.

Regards,

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...