Noel Allan 0 Posted February 11, 2020 Share Posted February 11, 2020 All we need now is some ransomware to be released and the majority of ESET protected machines that have no fix and cannot update or un-install will be infected... Tell me im wrong...!!!!! If this is not a serious as it comes for a security product i don't know what is. I have several companies I support ringing asking if they are secure, and I have to say no, but we are waiting on a fix. Most are now asking if we can change product....!!!!!! Link to comment Share on other sites More sharing options...
carmik 0 Posted February 11, 2020 Share Posted February 11, 2020 I'm happy to say that the issue seems to be resolved on the PCs I've made a test run on. Furthermore, on Windows Server 2003 AD, it suffices to create a new gpo with a startup script the fix file itself, provided that the file is placed in files section of the gpo. It ran via group policy without issues on 3 systems, so I'm now deploying globally. Will let you know how that goes. Link to comment Share on other sites More sharing options...
cookieboy69 2 Posted February 11, 2020 Author Share Posted February 11, 2020 Have you released a 6.5 Endpoint Security installer which has the bug fixed yet? andyuni 1 Link to comment Share on other sites More sharing options...
rafals 0 Posted February 11, 2020 Share Posted February 11, 2020 (edited) Hello, I have version 6.5.12014.1 EFSW what I do? I restart server. Antyvirus not working. Edited February 11, 2020 by rafals Link to comment Share on other sites More sharing options...
alur 1 Posted February 11, 2020 Share Posted February 11, 2020 (edited) Hello, when is the patch for Endpoint 5.0 expected ? Edited February 11, 2020 by alur Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted February 11, 2020 Administrators Share Posted February 11, 2020 22 minutes ago, alur said: Hello, when is the patch for Endpoint 5.0 expected ? A fix for Endpoint v5 will be ready within today for most common language versions. It will install the latest version of Endpoint 5.0.2271 which is not affected on already malfunctioning systems. If you don't have many machines affected, you could do the following: - temporarily shift the date to Feb 7 or earlier - reboot the machine - ESET should load alright. Uninstall it and reboot the machine. - If you don't have old systems with Windows XP, install the latest version 7.2, otherwise download and install 5.0.2271. If you have Windows XP, we're going to publish v6.5 with the issue fixed, upgrade from 5.0.2271 to it when available. - You can stay with Endpoint v5.0.2271 if you cannot afford to upgrade to newer versions for whatever reason, however, please take into account that Endpoint v5 is approaching End Of Life and it cannot provide as good and effective protection against current malware as v7+ does. Link to comment Share on other sites More sharing options...
mcrouse 1 Posted February 11, 2020 Share Posted February 11, 2020 (edited) Has anyone tried pushing this out via SCCM yet? Also, are there any negative effects if apply the fix to machines that don't need it (specifically, other versions)? Edited February 11, 2020 by mcrouse Link to comment Share on other sites More sharing options...
kamiran.asia 5 Posted February 11, 2020 Share Posted February 11, 2020 In large network you can use some software like https://www.exemsi.com/ to convert EXE to MSI file and install in by Software install task. We test it and it is working find , just set to run certfix.exe after installation. mcrouse 1 Link to comment Share on other sites More sharing options...
kamiran.asia 5 Posted February 11, 2020 Share Posted February 11, 2020 (edited) 1 hour ago, Marcos said: A fix for Endpoint v5 will be ready within today for most common language versions. It will install the latest version of Endpoint 5.0.2271 which is not affected on already malfunctioning systems. If you don't have many machines affected, you could do the following: - temporarily shift the date to Feb 7 or earlier - reboot the machine - ESET should load alright. Uninstall it and reboot the machine. - If you don't have old systems with Windows XP, install the latest version 7.2, otherwise download and install 5.0.2271. If you have Windows XP, we're going to publish v6.5 with the issue fixed, upgrade from 5.0.2271 to it when available. - You can stay with Endpoint v5.0.2271 if you cannot afford to upgrade to newer versions for whatever reason, however, please take into account that Endpoint v5 is approaching End Of Life and it cannot provide as good and effective protection against current malware as v7+ does. For XP 6.5.2132 is now working find with current patch. is 6.5.2132 supported to WinXP ? Official version for windows XP is Business Products: Version 6.5.2118.x that can be patched right now. Edited February 11, 2020 by kamiran.asia Link to comment Share on other sites More sharing options...
andyuni 0 Posted February 11, 2020 Share Posted February 11, 2020 3 hours ago, andyuni said: im currently on version 6.5.2094.0 and currently over 200 pcs are having issues with this bug, do you have a patch for this version that will resolve all the machines?? it isnt letting me uninsall the eset software as well. ps. iv already tried the patches available and they do not work. Link to comment Share on other sites More sharing options...
kiko_be 1 Posted February 11, 2020 Share Posted February 11, 2020 (edited) 1 hour ago, andyuni said: im currently on version 6.5.2094.0 and currently over 200 pcs are having issues with this bug, do you have a patch for this version that will resolve all the machines?? it isnt letting me uninsall the eset software as well. ps. iv already tried the patches available and they do not work. Same problem here, we have version 6.5.2094 and the fix do not work. Edited February 11, 2020 by kiko_be Link to comment Share on other sites More sharing options...
kamiran.asia 5 Posted February 11, 2020 Share Posted February 11, 2020 1 hour ago, andyuni said: you can send a Run Command task with this command : date 01-02-2020 & Shutdown /r /f then after restart send upgrade task for clients. you must temporary disable Date sync and Be sure that Date not sync after restart with AD. Link to comment Share on other sites More sharing options...
edotvlad 0 Posted February 11, 2020 Share Posted February 11, 2020 Thanks! Ran the EXE using our remote management system (Labtech), all but two servers responded to the fix immediately. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted February 11, 2020 Administrators Share Posted February 11, 2020 Update (Feb 11, 17:00 CET): The Update module 1074.2 is currently on the pre-release update channel and fixes the issue for any v6.5 products on machines that have not been restarted yet and the product is in working state (ie. update and protection works). We plan to release the module for all users in an hour (18:00 CET). Link to comment Share on other sites More sharing options...
persianmcse 3 Posted February 11, 2020 Share Posted February 11, 2020 Thank you for all your help, I was wondering when fix file will be available for 6.5.2107.1 version? Link to comment Share on other sites More sharing options...
kamiran.asia 5 Posted February 11, 2020 Share Posted February 11, 2020 57 minutes ago, Marcos said: Update (Feb 11, 17:00 CET): The Loader module 1074.2 is currently on the pre-release update channel and fixes the issue for any v6.5 products on machines that have not been restarted yet and the product is in working state (ie. update and protection works). We plan to release the module for all users in an hour (18:00 CET). 1074.2 Pre-release solved 6.5.2132 Issue. So if date change to 06-02-2020 and then AV update , problem will solve completely in v6.5 with out fixtool. Link to comment Share on other sites More sharing options...
alur 1 Posted February 11, 2020 Share Posted February 11, 2020 (edited) Where you can download the patch for version 5, the third day without protection, this is serious.I waited at 18:00 CET but I do not see the links Edited February 11, 2020 by alur Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted February 11, 2020 Administrators Share Posted February 11, 2020 9 hours ago, Noel Allan said: All we need now is some ransomware to be released and the majority of ESET protected machines that have no fix and cannot update or un-install will be infected... Tell me im wrong...!!!!! If this is not a serious as it comes for a security product i don't know what is. I have several companies I support ringing asking if they are secure, and I have to say no, but we are waiting on a fix. Most are now asking if we can change product....!!!!!! We have released a new version of the Update module which fixes the issue for all affected v6.5 users that can update. If ransomware is of concern, I'd like to mention that affected products do not have Ransomware shield and other advanced protection mechanisms to protect from current malware. Ransomware shield was first added in versions that were not affected by the issue, in particualar Endpoint 6.6 and in Endpoint 7 it has been improved and other protection layers were added as well, such as advanced machine learning, deep behavior blocker, protected service, AMSI and script scanners, etc. Tomorrow we expect an ultimate solution to be ready for everyone who was affected, including Endpoint v5. After fixing the issue we recommend to upgrade to the latest version 7.2 wherever possible. There should be also v6.5 installers available for those with Windows XP and Windows Server 2003 who cannot upgrade to a newer version. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted February 11, 2020 Administrators Share Posted February 11, 2020 16 minutes ago, alur said: Where you can download the patch for version 5, the third day without protection, this is serious.I waited at 18-00 but I do not see the links We are still working on a fix for Endpoint v5. Besides mechanisms that we had to incorporate into it, the fix will install upgrade Endpoint v5 to the latest version that is not affected by the issue, ie. v5.0.2271. Endpoint v5 is about to reach End Of Life towards December 2020, ie. further engine updates will not be guaranteed then. If you don't have many machines in the network, you can fix it relatively quickly as follows: 1, Ideal case when you don't need to stay with Endpoint v5 and want to be protected to the maximum extent against current threats: - Set the system date to Feb 7 or earlier - Reboot the machine - Uninstall Endpoint v5 - Set a correct system date - Install Endpoint v7.2 (contains Ransomware Shield, Advanced machine learning, Deep behavior inspection, AMSI and script scanners, streamed updates, etc.) 2, If you cannot upgrade to Endpoint v7.2 for a good reason: - Set the system date to Feb 7 or earlier - Reboot the machine - Uninstall Endpoint v5 - Set a correct system date - Install Endpoint 5.0.2271 Link to comment Share on other sites More sharing options...
alur 1 Posted February 11, 2020 Share Posted February 11, 2020 1 minute ago, Marcos said: We are still working on a fix for Endpoint v5. Besides mechanisms that we had to incorporate into it, the fix will install upgrade Endpoint v5 to the latest version that is not affected by the issue, ie. v5.0.2271. Endpoint v5 is about to reach End Of Life towards December 2020, ie. further engine updates will not be guaranteed then. is still time until December 2020.Version 5.0 is good, easy, understandable and the ERA server is excellent. Link to comment Share on other sites More sharing options...
Noel Allan 0 Posted February 11, 2020 Share Posted February 11, 2020 (edited) 2 hours ago, Marcos said: We have released a new version of the Loader module which fixes the issue for all affected v6.5 users that can update. If ransomware is of concern, I'd like to mention that affected products do not have Ransomware shield and other advanced protection mechanisms to protect from current malware. Ransomware shield was first added in versions that were not affected by the issue, in particualar Endpoint 6.6 and in Endpoint 7 it has been improved and other protection layers were added as well, such as advanced machine learning, deep behavior blocker, protected service, AMSI and script scanners, etc. Tomorrow we expect an ultimate solution to be ready for everyone who was affected, including Endpoint v5. After fixing the issue we recommend to upgrade to the latest version 7.2 wherever possible. There should be also v6.5 installers available for those with Windows XP and Windows Server 2003 who cannot upgrade to a newer version. Where is the link to this download...? Multiple people have rebooted there pc's over the last 3 days. Will the fix clear up their issues also...? It is 3 days now....!!!!! Edited February 11, 2020 by Noel Allan additional information. Link to comment Share on other sites More sharing options...
persianmcse 3 Posted February 11, 2020 Share Posted February 11, 2020 I changed the date and timeAnd I updated the 20823 update numberBut there is still the problem version 6.5.2107.1 Link to comment Share on other sites More sharing options...
kamiran.asia 5 Posted February 11, 2020 Share Posted February 11, 2020 (edited) 11 minutes ago, persianmcse said: I changed the date and timeAnd I updated the 20823 update numberBut there is still the problem version 6.5.2107.1 20824 - With loader 1074.2 is work fine. Open C:\Program Files\ESET\ESET Endpoint Security\em000_32.dat with notepad and check file version. if it is 1074.2 issue must be solved. Edited February 11, 2020 by kamiran.asia Link to comment Share on other sites More sharing options...
AustinM. 0 Posted February 11, 2020 Share Posted February 11, 2020 (edited) 41 minutes ago, kamiran.asia said: 20824 - With loader 1074.2 is work fine. Where do you find this Loader at? Edited February 11, 2020 by AustinM. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted February 11, 2020 Administrators Share Posted February 11, 2020 35 minutes ago, AustinM. said: Where do you find this Loader at? It's on update servers, it's called Update module. Note that the module is intended for machines that have not been restarted after Feb 7, otherwise Endpoint will not be able to update the module. Currently a quick fix for smaller networks is by temporarily changing the system date to Feb 7 or earlier, rebooting the machine, updating modules and then changing the system date to a correct one. Tomorrow (Feb 12) we should have a fix that will need to be run on already affected machines where temporarily changing the system date is not an acceptable solution because of the size of the network or whatever. Link to comment Share on other sites More sharing options...
Recommended Posts