Jump to content

Endpoint Security Anti phishing non functional


Recommended Posts

  • Replies 245
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Update (Feb 10, 16:30 CET): 1, A fix tool that will replace ekrn.exe with a fixed version will be ready within today (Feb 10). The tool will need to be run on machines with affected ESET Security pr

@Marcos What about the endpoints that request a username and password when you go to advanced settings after applying the patch?  Also any update if we NEED to update after applying the 6.5 patch?

On machines that have been restarted and where ESET doesn't work (ie. neither update does), it will be necessary to run the fix tool that we are testing right now. We'll announce it here when ready.

Posted Images

This is one of the main reasons I left Sophos and went with ESET. I now have over 75 clients with no protection, and no way to un-install or re-install. Phone ringing constantly from all the companies I support. It is also causing issues with people who use RDP connections, they are also getting blocked...!!!! I had to pause protection to get them to reconnect..!!!

Link to post
Share on other sites
  • Administrators

A fix for issues with v6.5 server products that emerged on February 8, 2020 is available for download from https://forum.eset.com/files/file/20-certfix/. This version of the fix is intended only for:

Endpoint 6.5.2118, 6.5.2123, 6.5.2132
EFSW / EMSX 6.5.10057, 6.5.10059, 6.5.12017, 6.5.12018, 6.5.14026

The fix must be run with elevated administrator rights. We recommend trying it on 1-2 computers first.to make sure it works alright in your environment.

If ESET is already malfunctioning, running the fix will replace ekrn with a fixed version. No system restart should be required and ESET should start working.
If you have an affected version of ESET and it's still working alright, applying the fix will replace ekrn which will prevent the issue from occurring.

The password to the archive is "certfix1" (without quotation marks).

Tomorrow (on Feb 11, 2020) we should have a fix ready for Endpoint v5 as well as for other 6.5 versions that are not easily remediable. We will be also releasing a new version of the Antivirus and antispyware module that will patch affected products on machines that have not been restarted yet and where ESET is not malfunctioning.

Link to post
Share on other sites
  • Administrators
2 minutes ago, persianmcse said:

Not support 6.5.2107.1

Show error "No need to patch"

That version is not easily fixable and the fix requires a more sophisticated approach. As mentioned, another version of the fix for all other v6.5 and Endpoint v5 versions should be ready by tomorrow (Feb 11).

Link to post
Share on other sites

If it's the same file that is password protected that I tried to run earlier, it did not work. I downloaded the binary file, I even tried the link to download; powershell -command "& {(New-Item -ItemType Directory -Force -Path C:\Test);(New-Object System.Net.WebClient).DownloadFile('hxxp://...CertFix.exe', 'c:\Test\CertFix.exe');("Start-process C:\Test\CertFix.exe") }"

nothing works, we need a fix and a.s.a.p., workstations and Servers without protection, an accident waiting to happen....!!!

Link to post
Share on other sites
7 hours ago, Marcos said:

A fix for issues with v6.5 server products that emerged on February 8, 2020 is available for download from https://forum.eset.com/files/file/20-certfix/. This version of the fix is intended only for:

Endpoint 6.5.2118, 6.5.2123, 6.5.2132
EFSW / EMSX 6.5.10057, 6.5.10059, 6.5.12017, 6.5.12018, 6.5.14026

The fix must be run with elevated administrator rights. We recommend trying it on 1-2 computers first.to make sure it works alright in your environment.

Thank you for the fix, it's a good first step. However, I've got to replace 6.5.2118.4 on more than 1000 systems, so I (and I guess a lot of people here) would appreciate if you either provided a GPO-pushable MSI version of this file, or instructions for alternatively installing it via gpo (doable also on Windows Server 2003).

The size of this task is huge, it is an impossible feat to accomplish manually unfortunately.

Link to post
Share on other sites

 

Just now, Glitch said:

you can deploy it via gpo using powershell to run it. 

I lack the skills to do so mate. Plus, I'm not sure Windows server 2003 has powershell? Any help will be appreciated.

Link to post
Share on other sites
35 minutes ago, Glitch said:

In that case make a user with admin rights and run it via a batch script same result.

Is it batchable? I could put the exe on a network-accessible share and run it with a cmd script on the server, however can this exe run quietly? If so, what are the options?

Edited by carmik
Link to post
Share on other sites

Servers running ver: 6.5.1210.0 are all not working either, this is becoming a complete nightmare. When is this fix being released...?

Cannot run the patch - it says patch not needed....!

Cannot run the upgrade -: hxxp://prntscr.com/r0kl1l

Now im at 75 Servers and 640 workstations unprotected.....!!!!!!

Edited by Noel Allan
additional information.
Link to post
Share on other sites

I'm apply fix, but they change my protection password. When I'm try use advanced settings they tell me "Password is wrong".

Link to post
Share on other sites
28 minutes ago, carmik said:

Is it batchable? I could put the exe on a network-accessible share and run it with a cmd script on the server, however can this exe run quietly? If so, what are the options?

There seems to be a problem, the exe does not exit. Not sure if it is safe for running it in a gpo, but will try it on a couple of systems...

Link to post
Share on other sites

I am hoping eset will push the update/fix for the other versions soon: 6.5.12014.0 

It is ridiculous you can not uninstall / upgrade or do anything with it... it looks like a nice piece of malware...

Link to post
Share on other sites

PowerShell is not working on windows XP and server 2003 ,

In large network that have legacy Windows it is better to install a MSI with Install Software Task.

is There any way to run the patch with RUN Command task in windows XP and server 2003 Environment ?

Edited by kamiran.asia
Link to post
Share on other sites

Is this issue related to all of our ESET Outlook add-ins stopped working?

(Few of the buttons i.e "junk mail sender address" etc are missing.

Edited by charlatan90
Link to post
Share on other sites
  • Administrators
29 minutes ago, charlatan90 said:

Is this issue related to all of our ESET Outlook add-ins stopped working?

(Few of the buttons i.e "junk mail sender address" etc are missing.

It could be since ekrn does not load any dlls one of which is a plug-in for Outlook.

Link to post
Share on other sites
  • Administrators
55 minutes ago, GregU said:

I'm apply fix, but they change my protection password. When I'm try use advanced settings they tell me "Password is wrong".

Did you apply the fix to a version of Endpoint that is supported by the fix? What version of Endpoint do you have installed? If it's supported, does running the fix after a computer restart with elevated admin rights fix the issue?

Link to post
Share on other sites
1 hour ago, carmik said:

Is it batchable? I could put the exe on a network-accessible share and run it with a cmd script on the server, however can this exe run quietly? If so, what are the options?

Yes it is silent by itself. 

Link to post
Share on other sites
25 minutes ago, Marcos said:

Did you apply the fix to a version of Endpoint that is supported by the fix? What version of Endpoint do you have installed? If it's supported, does running the fix after a computer restart with elevated admin rights fix the issue?

Endpoint 6.5.2118.1  - after restart workstation, password working. Thanks

Link to post
Share on other sites

I've few EEA 6.5.2132.2 (XP SP3), run this tool failed. The message is "Can't rename ekrn.exe!" How to resolve? Others work well.

Link to post
Share on other sites

@Marcosafter running this tool manually on a XP box (6.5.2132.1):

1) Endpoint Antivirus seemed fixed, but the fix window remained open for some reason. Is that expected behaviour?

2) Before applying the fix, I had the system removed from my ESMC console (VA, latest version). I expected that the system would reappear in lost and found, after applying the fix. It doesn't and I'm a bit clueless on what happened here. The system does respect the "use specific proxy to download ESET updates" policy, as I can watch from running netstat -a -p tcp. But it is invisible on the ESMC console (tried searching for it with system name and ip address). Has anyone else encountered something like that?

Link to post
Share on other sites

@Marcos im currently on version 6.5.2094.0 and currently over 200 pcs are having issues with this bug, do you have a patch for this version that will resolve all the machines?? it isnt letting me uninsall the eset software as well. 

 

ps. iv already tried the patches available and they do not work.

Edited by andyuni
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...