ESET File security 7.0.12018.0 on RDS2016 crashes services

Recommended Posts

Just now, Marcos said:

You obviously have a good version of the CE module 1745.13. Are you having issues with it as well? Even after a server restart?

I've had to restart the box to get you this screen capture. The server will start having problems around 14:00 tomorrow. I can allow you access to the server for a look if you like, as staff have now gone home.

Share on other sites

1 hour ago, Marcos said:

Check "C:\Program Files\ESET\ESET File Security\Modules\em036_64\1237\em036_64.dll". The number 1237 is important as it means version 1745.13 which is in fact the version that was on update servers before.

the version is: 1236

Share on other sites

6 minutes ago, Erlend said:

the version is: 1236

I have that same version in that folder from 09:50 this morning. So I'm guessing we don't have a fix.

Share on other sites

I wonder how we could roll back the em036 module to before the 28th at 10am. If we can't work something out I suppose it's time to uninstall ESET. Possibly use another product until this has been corrected.

Share on other sites

1 hour ago, Marcos said:

Check "C:\Program Files\ESET\ESET File Security\Modules\em036_64\1237\em036_64.dll". The number 1237 is important as it means version 1745.13 which is in fact the version that was on update servers before.

one more thing, do you have a internal system to make local support in different countries aware of these kind of issues?

i contacted ESET support in Norway, and they needed to check and get back to me.

Share on other sites

1 hour ago, JasonKE said:

I wonder how we could roll back the em036 module to before the 28th at 10am. If we can't work something out I suppose it's time to uninstall ESET. Possibly use another product until this has been corrected.

We already rolled it back. Just make sure that you have v1745.13 installed. Doesn't EFSW update the module to this version after a server reboot?

Share on other sites

Hi Marcos,

We have multiple clients that have a terminal server and yes, the configuration module is updated back to  v1745.13 after a server reboot but then ESET seems to try to update again and the status in ESET admin console shows that it's updating however, any subsequent logins after that update begins seem to experience the same windows explorer problems.

I am unable to cancel the update at this point, and seem to have to resort to turning off (not shutting down, but powering off) the affected virtual server and powering it back on again because if I try to log out at this point or restart, it will again hang on the "Please Wait for the system Event Notification Service"

Boomtang

Share on other sites

It is weird that the issue occurs also with the CE module 1745.13. Would it be possible to get a complete memory dump (or active memory dump on newer OS's) from the state when the system is unresponsive? For instructions, please refer to https://support.eset.com/kb380/.

Share on other sites

Same problem under a RDS 2012 R2 !

Would you have a solution?



Edited by dfourt
Share on other sites

Last Friday, all systems updated automaticly back to 1745.13 version and have not had any problems anymore.

In all cases, the network was using ESMC (no local installations).

Share on other sites

1 hour ago, dfourt said:

Same problem under a RDS 2012 R2 !
Would you have a solution?

What version of the Configuration Engine module do you have?

Share on other sites

Required to uninstall it from the server.
I even tried to install the old version of ESFW but the same.

On other non-RDS servers on which I made the update, I have version 1811.6 of October 26, 2019
Share on other sites

I'd suggest raising a support ticket with your local customer care since the issue seems to be completely different than the one discussed in this topic. Most likely a complete memory dump from the point when the issue is manifesting will be needed. Instructions for generating a complete memory dump are available at https://support.eset.com/kb380/.

You can also drop me a message with a link to the dump when ready so that we at ESET HQ can analyze it as soon as possible.

Share on other sites

I'm glad someone has reported this, I've been tearing my hair out for a couple of weeks with the exact same issues posted above on our 2016 servers.

Checking these servers, they're all on Configuration Module v1811.6, how do I roll this back to a previous working version??

Any help would be great, thanks!

Share on other sites

• 2 weeks later...

I have the same issue on a couple of 2008 R2 servers. I can kill the ekrn process in Task Manager and it'll rectify the issue for another few hours before it goes bad again.

Like all the ones above, any help would be great!

Share on other sites

I have the same issue on a couple of 2008 R2 servers. I can kill the ekrn process in Task Manager and it'll rectify the issue for another few hours before it goes bad again.

Like all the ones above, any help would be great!

Please provide a complete memory dump from the freeze to customer care and also to me via a link in a private message. Since it is a Windows 2008 R2 server, please make sure that the Windows update KB266488 is installed: https://support.microsoft.com/en-us/help/2664888/computer-stops-responding-when-you-run-an-application-that-uses-the-wi

Also please post the version of installed modules (Update -> Show all modules).

Share on other sites

15 hours ago, Marcos said:

Please provide a complete memory dump from the freeze to customer care and also to me via a link in a private message. Since it is a Windows 2008 R2 server, please make sure that the Windows update KB266488 is installed: https://support.microsoft.com/en-us/help/2664888/computer-stops-responding-when-you-run-an-application-that-uses-the-wi

Also please post the version of installed modules (Update -> Show all modules).

Hi Marcos,

I'm not experiencing a freeze in any of my cases, but I have the ESet updater jamming and not update signature database and then not opening the egui for any users that logon to any of my terminal servers - meaning the Outlook integration isn't working and Outlook won't load unless I disable the add-in. If I end the ekrn process in Task Manager, then the updater will run successfully and if I have a user log off & back on (after I've stopped that process), then they get the egui back and can then open Outlook etc.

And yes, that update is part of 2008 R2 SP1, which is already installed.

Here's the current list of modules:
Virus signature database: 20413 (20191126)
Rapid Response module: 15308 (20191126)
Update module: 1074.1 (20190925)
Antivirus and antispyware scanner module: 1556.4 (20191107)
Archive support module: 1295 (20191118)
Cleaner module: 1200 (20190916)
Anti-Stealth support module: 1154 (20190614)
ESET SysInspector module: 1275 (20181220)
Real-time file system protection module: 1014 (20160223)
Translation support module: 1771 (20191029)
HIPS support module: 1376 (20191029)
Internet protection module: 1376 (20190806)
Database module: 1110 (20190827)
Configuration module (33): 1811.5 (20191017)
LiveGrid communication module: 1053 (20190321)
Rootkit detection and cleaning module: 1019 (20170825)
Network protection module: 1682 (20190801)
Cryptographic protocol support module: 1040 (20190913)

Thanks,

Share on other sites

I have around 14 server 2012 R2 also have this issue.

Share on other sites

2 hours ago, felix.cheung said:

I have around 14 server 2012 R2 also have this issue.

What version of the Configuration Engine module do you have? V1745.13 addressing the issue in this topic was released on Oct 30. If you have this version or 1811.6, the cause must be different and we'll need a complete memory dump from time when the system is unresponsive. For information how to configure Windows to generate complete memory dumps and generate one, please read https://support.eset.com/en/how-do-i-generate-a-memory-dump-manually.

Share on other sites

13 hours ago, Marcos said:

What version of the Configuration Engine module do you have? V1745.13 addressing the issue in this topic was released on Oct 30. If you have this version or 1811.6, the cause must be different and we'll need a complete memory dump from time when the system is unresponsive. For information how to configure Windows to generate complete memory dumps and generate one, please read https://support.eset.com/en/how-do-i-generate-a-memory-dump-manually.

Cause those server is running for commercial activity, I cannot restart that easily.

However, those server also cannot open the ESET to check the version. Just suck in the update.

Moreover, once server i restart at Nov 20 but it happen on 02 Dec again.

Share on other sites

It appears that the Configuration engine module didn't update to v1811.6 for some reason. Do you update from ESET's update servers? Directly or trough a proxy server?

Please provide logs collected with ESET Log Collector. Then try switching to the pre-release update channel in the advanced update setup and click ok. You can terminate the update process and switch back to the regular update channel. Let us know if the version of the Configuration module changes.

Share on other sites

3 hours ago, Marcos said:

It appears that the Configuration engine module didn't update to v1811.6 for some reason. Do you update from ESET's update servers? Directly or trough a proxy server?

Please provide logs collected with ESET Log Collector. Then try switching to the pre-release update channel in the advanced update setup and click ok. You can terminate the update process and switch back to the regular update channel. Let us know if the version of the Configuration module changes.

can solve this issue for windows update?

Share on other sites

This topic is now closed to further replies.