Jump to content
cookieboy69

Endpoint Security Anti phishing non functional

Recommended Posts

Marcus
Is the new install  file for version 6.5 intended?

Edited by persianmcse

Share this post


Link to post
Share on other sites

This is one of the main reasons I left Sophos and went with ESET. I now have over 75 clients with no protection, and no way to un-install or re-install. Phone ringing constantly from all the companies I support. It is also causing issues with people who use RDP connections, they are also getting blocked...!!!! I had to pause protection to get them to reconnect..!!!

Share this post


Link to post
Share on other sites

A fix for issues with v6.5 server products that emerged on February 8, 2020 is available for download from https://forum.eset.com/files/file/20-certfix/. This version of the fix is intended only for:

Endpoint 6.5.2118, 6.5.2123, 6.5.2132
EFSW / EMSX 6.5.10057, 6.5.10059, 6.5.12017, 6.5.12018, 6.5.14026

The fix must be run with elevated administrator rights. We recommend trying it on 1-2 computers first.to make sure it works alright in your environment.

If ESET is already malfunctioning, running the fix will replace ekrn with a fixed version. No system restart should be required and ESET should start working.
If you have an affected version of ESET and it's still working alright, applying the fix will replace ekrn which will prevent the issue from occurring.

The password to the archive is "certfix1" (without quotation marks).

Tomorrow (on Feb 11, 2020) we should have a fix ready for Endpoint v5 as well as for other 6.5 versions that are not easily remediable. We will be also releasing a new version of the Antivirus and antispyware module that will patch affected products on machines that have not been restarted yet and where ESET is not malfunctioning.

Share this post


Link to post
Share on other sites

Not support 6.5.2107.1

 

Show error "No need to patch"

Edited by persianmcse

Share this post


Link to post
Share on other sites
2 minutes ago, persianmcse said:

Not support 6.5.2107.1

Show error "No need to patch"

That version is not easily fixable and the fix requires a more sophisticated approach. As mentioned, another version of the fix for all other v6.5 and Endpoint v5 versions should be ready by tomorrow (Feb 11).

Share this post


Link to post
Share on other sites

If it's the same file that is password protected that I tried to run earlier, it did not work. I downloaded the binary file, I even tried the link to download; powershell -command "& {(New-Item -ItemType Directory -Force -Path C:\Test);(New-Object System.Net.WebClient).DownloadFile('hxxp://...CertFix.exe', 'c:\Test\CertFix.exe');("Start-process C:\Test\CertFix.exe") }"

nothing works, we need a fix and a.s.a.p., workstations and Servers without protection, an accident waiting to happen....!!!

Share this post


Link to post
Share on other sites
7 hours ago, Marcos said:

A fix for issues with v6.5 server products that emerged on February 8, 2020 is available for download from https://forum.eset.com/files/file/20-certfix/. This version of the fix is intended only for:

Endpoint 6.5.2118, 6.5.2123, 6.5.2132
EFSW / EMSX 6.5.10057, 6.5.10059, 6.5.12017, 6.5.12018, 6.5.14026

The fix must be run with elevated administrator rights. We recommend trying it on 1-2 computers first.to make sure it works alright in your environment.

Thank you for the fix, it's a good first step. However, I've got to replace 6.5.2118.4 on more than 1000 systems, so I (and I guess a lot of people here) would appreciate if you either provided a GPO-pushable MSI version of this file, or instructions for alternatively installing it via gpo (doable also on Windows Server 2003).

The size of this task is huge, it is an impossible feat to accomplish manually unfortunately.

Share this post


Link to post
Share on other sites

you can deploy it via gpo using powershell to run it. 

Share this post


Link to post
Share on other sites

 

Just now, Glitch said:

you can deploy it via gpo using powershell to run it. 

I lack the skills to do so mate. Plus, I'm not sure Windows server 2003 has powershell? Any help will be appreciated.

Share this post


Link to post
Share on other sites

In that case make a user with admin rights and run it via a batch script same result. 
 

 

Share this post


Link to post
Share on other sites
35 minutes ago, Glitch said:

In that case make a user with admin rights and run it via a batch script same result.

Is it batchable? I could put the exe on a network-accessible share and run it with a cmd script on the server, however can this exe run quietly? If so, what are the options?

Edited by carmik

Share this post


Link to post
Share on other sites

Servers running ver: 6.5.1210.0 are all not working either, this is becoming a complete nightmare. When is this fix being released...?

Cannot run the patch - it says patch not needed....!

Cannot run the upgrade -: hxxp://prntscr.com/r0kl1l

Now im at 75 Servers and 640 workstations unprotected.....!!!!!!

Edited by Noel Allan
additional information.

Share this post


Link to post
Share on other sites

I'm apply fix, but they change my protection password. When I'm try use advanced settings they tell me "Password is wrong".

Share this post


Link to post
Share on other sites
28 minutes ago, carmik said:

Is it batchable? I could put the exe on a network-accessible share and run it with a cmd script on the server, however can this exe run quietly? If so, what are the options?

There seems to be a problem, the exe does not exit. Not sure if it is safe for running it in a gpo, but will try it on a couple of systems...

Share this post


Link to post
Share on other sites

I am hoping eset will push the update/fix for the other versions soon: 6.5.12014.0 

It is ridiculous you can not uninstall / upgrade or do anything with it... it looks like a nice piece of malware...

Share this post


Link to post
Share on other sites

PowerShell is not working on windows XP and server 2003 ,

In large network that have legacy Windows it is better to install a MSI with Install Software Task.

is There any way to run the patch with RUN Command task in windows XP and server 2003 Environment ?

Edited by kamiran.asia

Share this post


Link to post
Share on other sites

Is this issue related to all of our ESET Outlook add-ins stopped working?

(Few of the buttons i.e "junk mail sender address" etc are missing.

Edited by charlatan90

Share this post


Link to post
Share on other sites
29 minutes ago, charlatan90 said:

Is this issue related to all of our ESET Outlook add-ins stopped working?

(Few of the buttons i.e "junk mail sender address" etc are missing.

It could be since ekrn does not load any dlls one of which is a plug-in for Outlook.

Share this post


Link to post
Share on other sites
55 minutes ago, GregU said:

I'm apply fix, but they change my protection password. When I'm try use advanced settings they tell me "Password is wrong".

Did you apply the fix to a version of Endpoint that is supported by the fix? What version of Endpoint do you have installed? If it's supported, does running the fix after a computer restart with elevated admin rights fix the issue?

Share this post


Link to post
Share on other sites
1 hour ago, carmik said:

Is it batchable? I could put the exe on a network-accessible share and run it with a cmd script on the server, however can this exe run quietly? If so, what are the options?

Yes it is silent by itself. 

Share this post


Link to post
Share on other sites
25 minutes ago, Marcos said:

Did you apply the fix to a version of Endpoint that is supported by the fix? What version of Endpoint do you have installed? If it's supported, does running the fix after a computer restart with elevated admin rights fix the issue?

Endpoint 6.5.2118.1  - after restart workstation, password working. Thanks

Share this post


Link to post
Share on other sites

I've few EEA 6.5.2132.2 (XP SP3), run this tool failed. The message is "Can't rename ekrn.exe!" How to resolve? Others work well.

Share this post


Link to post
Share on other sites

@Marcosafter running this tool manually on a XP box (6.5.2132.1):

1) Endpoint Antivirus seemed fixed, but the fix window remained open for some reason. Is that expected behaviour?

2) Before applying the fix, I had the system removed from my ESMC console (VA, latest version). I expected that the system would reappear in lost and found, after applying the fix. It doesn't and I'm a bit clueless on what happened here. The system does respect the "use specific proxy to download ESET updates" policy, as I can watch from running netstat -a -p tcp. But it is invisible on the ESMC console (tried searching for it with system name and ip address). Has anyone else encountered something like that?

Share this post


Link to post
Share on other sites

@Marcos im currently on version 6.5.2094.0 and currently over 200 pcs are having issues with this bug, do you have a patch for this version that will resolve all the machines?? it isnt letting me uninsall the eset software as well. 

 

ps. iv already tried the patches available and they do not work.

Edited by andyuni

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...