Failure with older AMD cpus

[John Agics 0]

I use a few Windows Xp client and in the beginning of (2019) november some computers had failed with the update from the newest esmc server. These computers had amd cpus from the early 2000s. I know that the latest working version of the EAV is 6.5.x for windows XP, but i can still use the 6.6.2089.0 with other hardware oriented pcs. I have problem just with the specific amd cpus or i dont know what was the problem. Later i detect that the pcs which had AMD oriented older cpus ended with blue screen death. I think that this caued by the ESET software. I can see now some logs in the event viewer which said that there was some error with the following module: em001_32.dll. Was there any update which could cause this type of error? I know that i must replace sooner or later this pcs, but im curious what was the problem?

[Marcos 4,705]

The only recent problem on old system with SSE2-non compliant CPUs caused modules not to load when ESET reported non-functional protection. It should not cause BSOD plus the module has already been rebuilt to support also older CPUs. Please uninstall Endpoint v6.6 from Windows XP and install Endpoint 6.5 instead. If you are able to reproduce BSOD, please configure Windows to generate complete memory dumps and provide one (in a compressed form) when BSOD occurs.

[John Agics 0]

Which module use the em001_32.dll?

[Marcos 4,705]

It's loaded by ekrn.

[kamiran.asia 4]

Same Problem.

At :

 

[Marcos 4,705]

The issue occurs due to Spectre mitigations while compiling modules. A new HIPS module 1379.1 is currently available on the pre-release update channel with the Anti-Stealth module to follow soon.

[kamiran.asia 4]

On 12/14/2019 at 11:40 AM, Marcos said:

The issue occurs due to Spectre mitigations while compiling modules. A new HIPS module 1379.1 is currently available on the pre-release update channel with the Anti-Stealth module to follow soon.

Dear @Marcos It means that if we change update server to Pre-release the issue will be solve right now ?

[Marcos 4,705]

It's not necessary, HIPS 1377.1 has already been released also on the regular update channel. However, I'm not sure if updating HIPS will be enough since also Anti-Stealth is affected.

[kamiran.asia 4]

1 minute ago, Marcos said:

It's not necessary, HIPS 1377.1 has already been released also on the regular update channel. However, I'm not sure if updating HIPS will be enough since also Anti-Stealth is affected.

Ok we will test HIPS 1377.1 .

[kamiran.asia 4]

17 minutes ago, Marcos said:

It's not necessary, HIPS 1377.1 has already been released also on the regular update channel. However, I'm not sure if updating HIPS will be enough since also Anti-Stealth is affected.

Dear @Marcos Is there any Pre-release update for Anti-Stealth module at Pre-release servers right now ?

[Marcos 4,705]

AS module 1157.1 is currently on the pre-release update channel.

[kamiran.asia 4]

Restart issue is persist even with Pre-Release updates. ( HIPS 1379.1 and AS 1157.1)

System will still restart after Windows XP Logo.

ESET Log Collector : https://we.tl/t-VbhWgmzERs

Is there any way to disable updating problematic module ? Are You are Sure that HIPS or AS cause this problem ?

Can we disable some modules via [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\InstalledVersionInfo\Groups]   ? And do you think is it useful for troubleshoot this case ?

 

[Chaluha 2]

And what about to disable HIPS and AS in ESET GUI in advanced settings before update. Will it help?

I have no access to afected computers to test it.

[kamiran.asia 4]

2 hours ago, Chaluha said:

And what about to disable HIPS and AS in ESET GUI in advanced settings before update. Will it help?

I have no access to afected computers to test it.

Disabling HIPS & AS will not help in this case.

[Marcos 4,705]

Try now please. We've released also a Firewall module 1398 with support for older CPUs on the pre-release update channel.

[kamiran.asia 4]

9 minutes ago, Marcos said:

Try now please. We've released also a Firewall module 1398 with support for older CPUs on the pre-release update channel.

Thank you Dear @Marcos , but unfortunately Loop Restart even with Firewall Module 1398 ,

As this problem is accrued in ESET nod32 Home Edition too we Think Firewall Module is not involved.

 

[kamiran.asia 4]

We have still same problem in Old AMD Cpu , do new update solve issue for any one ?

[itman 1,538]

I am confused about one point.

If this is an AMD Spectre patch issue for XP, how was it installed? Microsoft is not issuing security updates for XP anymore since it is no longer supported.

If the patch was downloaded from AMD, I assume it can be uninstalled? Also I don't believe AMD is issuing patches for XP anymore.

Edited December 21, 2019 by itman

[kamiran.asia 4]

17 hours ago, itman said:

I am confused about one point.

If this is an AMD Spectre patch issue for XP, how was it installed? Microsoft is not issuing security updates for XP anymore since it is no longer supported.

If the patch was downloaded from AMD, I assume it can be uninstalled? Also I don't believe AMD is issuing patches for XP anymore.

Hi Dear @itman , No AMD patch is installed ,

This problem is happened suddenly after ESET update from beginning of December.

All Old PCs with Old AMD Cpus + XP Sp3 restart after Windows Logo. It seems that there is a ESET module conflict with these old systems.

 

[itman 1,538]

Based on what @Marcos posted previously, it appears the only version of EES/EEA that support XP is ver. 6.5:

Quote

The only recent problem on old system with SSE2-non compliant CPUs caused modules not to load when ESET reported non-functional protection. It should not cause BSOD plus the module has already been rebuilt to support also older CPUs. Please uninstall Endpoint v6.6 from Windows XP and install Endpoint 6.5 instead.

You posted you are running ver. 7.0.

[kamiran.asia 4]

7 hours ago, itman said:

Based on what @Marcos posted previously, it appears the only version of EES/EEA that support XP is ver. 6.5:

You posted you are running ver. 7.0.

The issue is same in V5 - V7. Even NOD32 Home Edition V8

[itman 1,538]

As far as I am aware of, OS patches for Spectre and Meltdown vulnerabilities were never offered for OS versions no longer supported; i.e. Win XP: https://www.bleepingcomputer.com/forums/t/667744/meltdown-and-spectre-patches/  . Unless these were extended supported XP devices, support for which ended a while ago, I can't see how this can be related to current release Eset installation in any way.

Edited December 25, 2019 by itman

[itman 1,538]

On 12/7/2019 at 8:19 AM, John Agics said:

These computers had amd cpus from the early 2000s.

I assume we are talking about Athlon/Sempron processors. Since these are close to 20 years old, I would imagine there is a lot of other recently developed software that will not run properly using these devices.

On the other hand, my CPU is an AMD Phenom X6 1045T and the latest ver. of Win 10 x(64) runs flawlessly on it. Well almost; I can't enable memory integrity but that's more of a motherboard issue. Ever consider upgrading those XP devices to Phenom processors? I assume used ones are still available at a fraction of the initial new cost.

[Chaluha 2]

Hi for me ESET Endpoint Security v5 working now fine. Just need to delete Eset folder in Program Files before install Eset, otherwise it will load bad modules during installation and crash.

[Marcos 4,705]

ESET Endpoint v5 doesn't provide sufficient protection against current threats. We strongly recommend upgrading to Endpoint 7.2 as soon as possible. In the case of Windows XP, Endpoint 6.5 is the last one that supports this OS.