Jump to content
cookieboy69

Endpoint Security Anti phishing non functional

Recommended Posts

10 minutes ago, esined said:

is anyone else having some computers that will not update to 5.0.2272 even with the certfix?

Please post the error you get when you attempt to run certfix for Endpoint v5 (a screen shot would be great). If the fix tool has already been run, you may need to delete HKLM\Software\ESET\Hotfix50_20200207I in safe mode to allow it to run again.

Share this post


Link to post
Share on other sites
2 minutes ago, Marcos said:

Please post the error you get when you attempt to run certfix for Endpoint v5 (a screen shot would be great). If the fix tool has already been run, you may need to delete HKLM\Software\ESET\Hotfix50_20200207I in safe mode to allow it to run again.

The tool has already been run. The error happens when trying to push 5.0.2272. Some computers I was able to successfully install it and others fail with the error attached. Is there anyway to fix it without safe mode since most of the computers I am having issues with are remote?

ESET error.PNG

Share this post


Link to post
Share on other sites

If Endpoint v5 is malfunctioning, push installation won't work. You must first run certfix on the machine which would also upgrade Endpoint to the latest version 5.

Share this post


Link to post
Share on other sites
4 minutes ago, Marcos said:

If Endpoint v5 is malfunctioning, push installation won't work. You must first run certfix on the machine which would also upgrade Endpoint to the latest version 5.

I run the certfix and then I run the push installation. The certfix goes through and then the push installation fails on some. I was able to successfully do this on the majority of the computers but some have the certfix installed but still can't push the installation to them.

Share this post


Link to post
Share on other sites

Why did you run the push installation after running certfix? Certfix upgrades Endpoint v5 to the latest v5 version so any further push installation doesn't make sense.

Share this post


Link to post
Share on other sites
2 minutes ago, Marcos said:

Why did you run the push installation after running certfix? Certfix upgrades Endpoint v5 to the latest v5 version so any further push installation doesn't make sense.

All of our computers were on 5.0.2265 and running the certfix did not upgrade them to 5.0.2272

Share this post


Link to post
Share on other sites
3 minutes ago, esined said:

All of our computers were on 5.0.2265 and running the certfix did not upgrade them to 5.0.2272

Then the question is why. If you have a chance to run the fix, please do so and provide the output screen, especially if an error is reported. Should it refuse to run because it has already run before, please delete the said registry value in safe mode.

Share this post


Link to post
Share on other sites

Hi @Marcos

One of our client is currently executing the push installation task for the fix on version 5 endpoint. The State Text status is "Package installing finished with result code 0" but when checked on client PC, the version is still not updated even after PC has been restarted. Please refer attached image.

Kindly please advice

erro01.jpg

error02.jpg

error03.jpg

eea_logs.zip

Edited by Ali Akbar
Add ESET Log Collector

Share this post


Link to post
Share on other sites
On 2/25/2020 at 2:48 PM, esined said:

All of our computers were on 5.0.2265 and running the certfix did not upgrade them to 5.0.2272

Please troubleshoot the issue on one machine by running certfix manually. If it refuses to run because the fix has already been run, delete HKLM\Software\ESET\Hotfix50_20200207I (or similar one) in safe mode to allow it to run again. Please provide the generated log files if running the fix fails.

Share this post


Link to post
Share on other sites

I've tried to run the certfix for v5 manually on of the affected machine, Please refer the image for the output. The endpoint version remain the same and not updated.

Error03.jpg

Share this post


Link to post
Share on other sites

As I wrote, if you get the message "Patch already applied" delete HKLM\Software\ESET\Hotfix50_20200207I (or similar ones) in safe mode and run it again. It should report an error if the fix fails to apply.

Share this post


Link to post
Share on other sites

hello,

i got this error:

error: GetFileVersionInfoSize: 193
error: Can't get ekrn version (C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe)!
 

someone in this group posted the same problem and pm you with logs but it seems that you answered in private please tell me how to fix it

thanks

Share this post


Link to post
Share on other sites

We're now experiencing the same problem with server products aswell, and it's even a version higher than 7.0.

ESET File Security 7.0.12018.0

Server: Windows Server 2012 R2 Standard (64-bit)

I already tried to apply the available Certfix and I also receive the error "Can't get ekrn version (C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe)!"

Can anyone confirm that this problem does now occur on server products, too?

Share this post


Link to post
Share on other sites
1 minute ago, metaladmin said:

We're now experiencing the same problem with server products aswell, and it's even a version higher than 7.0.

ESET File Security 7.0.12018.0

Server: Windows Server 2012 R2 Standard (64-bit)

I already tried to apply the available Certfix and I also receive the error "Can't get ekrn version (C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe)!"

Can anyone confirm that this problem does now occur on server products, too?

Versions 6.6 and newer were not affected by the issue at all. Running certfix should fail in such case.

What issue are you having with ESET File Security v7? If you are getting any errors, please provide a screen shot.

 

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

Versions 6.6 and newer were not affected by the issue at all. Running certfix should fail in such case.

What issue are you having with ESET File Security v7? If you are getting any errors, please provide a screen shot.

 

Ok, as this seems to be a different problem then and it is File Security related anyway, I opened a new topic in the proper subforum: 

 

Share this post


Link to post
Share on other sites
18 hours ago, Mohammad Musa said:

i got this error:

error: GetFileVersionInfoSize: 193
error: Can't get ekrn version (C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe)!

What version of Endpoint do you have currently installed? Is it one of the affected ones? Could you post the logs generated by the All-in-one fix tool which downloads the appropriate fix for the installed version automatically?

All-in-one fixing tool

If you have not data-limited internet connection, use cfd.exe (otherwise follow instructions below for specific solution). How to use cfd.exe:

  • run Windows Command prompt in an elevated command line
  • cfd.exe will download the proper version of the product regarding the version and language version
  • example: cfd.exe --proxy-host 10.1.122.14 --proxy-port 3129 --proxy-username test --proxy-password test --silent

Share this post


Link to post
Share on other sites

I think the fix for ESET 6.5 caused another issue:

1. Currently we see the event log of windows be flooded by : Error while updating  status to SECURITY_PRODUCT_STATE_ON. 
which is caused by the windows security center as they don't see a registered product. 

2. Registering the product using ecmd.exe /avregister will end in a : execution failed command. 
 

3. Only way to resolve this is to reinstall the complete 6.5 version. 

Is there another way to force eset to register against windows ? 

Share this post


Link to post
Share on other sites
Posted (edited)

All people following this topic the show is not over. As per March 26th all certfix version 6.5 clients will go to yellow state that there is a new version available. All endpoints 6.5 which does not had certfix will go to status red! Welcome to ESET in quarantine times they will put us up with more work. Customer friendly as they are. 

Edited by Glitch

Share this post


Link to post
Share on other sites
1 hour ago, Glitch said:

All people following this topic the show is not over. As per March 26th all certfix version 6.5 clients will go to yellow state that there is a new version available. All endpoints 6.5 which does not had certfix will go to status red! Welcome to ESET in quarantine times they will put us up with more work. Customer friendly as they are. 

To put this right, if you have the latest v6.5 already installed, no notification will be shown by clients since they are already on the latest version that has an ultimate fix included.

The notification will be shown on 6.5 clients where certfix was applied but which haven't been upgraded to the latest v6.5 containing the ultimate fix.

Share this post


Link to post
Share on other sites

Correct but it will bring an additional burden. We had written consent of eset that upgrading to the latest version was not directly needed but eventually. Last week you even have updated the KB as you are still dealing with it and now eset is going to send out this notification in times that on-site hands are virtually impossible. It is so hard to convince our customers to stay with eset we have almost 8000 endpoints which will give this warning those 8000 will switch to another solution due this issue. 

Share this post


Link to post
Share on other sites

Hello guys,

The Antivirus and Antispyware Module 1560.3 displaying the information about outdated product has been released.

 

@Glitch / other micro-update users we decided to delay to upgrade for you by 2 weeks so the module will be part of the packages build on April 10, please schedule the upgrades accordingly. 

If the product misses the deadline it will be still functional, we won't be able to guarantee functionality in the future.

Please make sure to notice the vessels which won’t be able to get the upgrades before the April 10 in advance to prevent misunderstanding.

Peter

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...