Endpoint Security Anti phishing non functional

[bryanb 0]

We are having a HUGE problem.  Not only do we need to touch each machine(200+), but removing ESET 6.5 fails to work most of the time, even with the utility in safe mode, and 7.2 fails to install, because of 'suspected malware existing'. 

This is not sustainable.

 

[Glitch 3]

1 hour ago, Marcos said:

Besides that we are going to publish a fix for all v6.5 versions. The fix is intended for any v6.5 version that is already broken. However, after patching v6.5, it will be necessary to upgrade either to the latest Endpoint v7 or to a fixed version 6.5 that we're about to publish as well if upgrade is not possible yet for whatever reason.

can you explain what you mean with this that they NEED to upgrade??? We have already applied the certfix on Monday and that is working and are using it on a couple of thousand endpoints to bring them back. What do you mean that we need to upgrade??? 

[Mart 0]

Hi Guys,

the fix does not seem to be working for 6.5.2094.1. The log file reads "no need to patch" Any suggestions?

Thanks in advance.

[Marcos 5,070]

3 hours ago, Glitch said:

can you explain what you mean with this that they NEED to upgrade??? We have already applied the certfix on Monday and that is working and are using it on a couple of thousand endpoints to bring them back. What do you mean that we need to upgrade??? 

I'll raise this question / concern on the upcoming sync meeting with developers and will let you know then.

[Marcos 5,070]

1 hour ago, Mart said:

the fix does not seem to be working for 6.5.2094.1. The log file reads "no need to patch" Any suggestions?

The current version of CertFix works only with the following versions:

Endpoint 6.5.2118, 6.5.2123, 6.5.2132
File/Mail Security 6.5.12017, 6.5.12018, 6.5.14026, 6.5.10057, 6.5.10059

The other versions were tricky to fix but we've managed it eventually. A fix for all v6.5 is being tested and should be available really soon.

[Marcos 5,070]

3 hours ago, bryanb said:

We are having a HUGE problem.  Not only do we need to touch each machine(200+), but removing ESET 6.5 fails to work most of the time, even with the utility in safe mode, and 7.2 fails to install, because of 'suspected malware existing'. 

This is not sustainable.

I've tested a scenario when a broken Endpoint v5 was uninstalled in safe mode using the ESET uninstall tool. This went fine and subsequent installation of Endpoint v7.2 competed alright too. It'd be great if you could create a new topic in which we could try to help you with finding out the cause of the issue. For a start, let us know if you have run into the issue with installation of EP7.2 on several machines or a single one so far and if the uninstall tool found ESET installed and reported that it was removed alright.

[Des 0]

I ran the patch for ESET 6.5. Good news is that it is fixed  Bad new is that it is now asking for password to access advanced settings. Any advise on what this password may be?

 

[sdnian 6]

If I have ESET Endpoint product 6.5.2132 running on Windows XP. After use the fixing tool, do I need to upgrade 6.5.2132.5 ?

[alur 1]

Fifth day waiting for the fix Endpoin 5.0 version, when will the solution be?

Edited February 13, 2020 by alur

[carmik 0]

On 2/11/2020 at 1:33 PM, carmik said:

I'm happy to say that the issue seems to be resolved on the PCs I've made a test run on. Furthermore, on Windows Server 2003 AD, it suffices to create a new gpo with a startup script the fix file itself, provided that the file is placed in files section of the gpo. It ran via group policy without issues on 3 systems, so I'm now deploying globally. Will let you know how that goes.

@Marcos good news and bad news: ran certfix yesterday via GPO on around 150 PCs.  At the time went smoothly, all clients have started updating virus bases and messages about phishing not operational have disappeared from all. Status on ESMC console was either all-ok or yellow (due to ESMC agent being an older version for example, nothing serious).

Today, I've received at least 3 calls from users whose systems I personally checked that were ok. In all 3 cases:

* the phishing problem came up

* along with a new one, pop/http scanners do not work

So far it's 3 systems, not sure if this is a regression of some sort. WIll install 6.5.2132.5 as per:

https://support.eset.com/en/alert7396-legacy-products-startup-issue

 

Edited February 13, 2020 by carmik

[rudyooms 1]

9 hours ago, Marcos said:

The current version of CertFix works only with the following versions:

Endpoint 6.5.2118, 6.5.2123, 6.5.2132
File/Mail Security 6.5.12017, 6.5.12018, 6.5.14026, 6.5.10057, 6.5.10059

The other versions were tricky to fix but we've managed it eventually. A fix for all v6.5 is being tested and should be available really soon.

Really soon? about 9 hours ago... Please finish the fix for the other 6.5 versions..

[sdnian 6]

8 minutes ago, rudyooms said:

Really soon? about 9 hours ago... Please finish the fix for the other 6.5 versions..

About 7 hours ago, there is a new version fixing tool. It works these versions now:

6.5.2094.0
6.5.2094.1
6.5.2107.0
6.5.2107.1
6.5.2118.0
6.5.2118.1
6.5.2118.2
6.5.2118.3
6.5.2118.4
6.5.2123.5
6.5.2123.7
6.5.2123.8
6.5.2128.0
6.5.2132.1
6.5.2132.2

Read this: https://support.eset.com/en/alert7396-legacy-products-startup-issue

Edited February 13, 2020 by sdnian

[lasek101 1]

This must be a secret version of fix, not mentioned on website with alert information nor in this thread.

[rudyooms 1]

38 minutes ago, sdnian said:

About 7 hours ago, there is a new version fixing tool. It works these versions now:

6.5.2094.0
6.5.2094.1
6.5.2107.0
6.5.2107.1
6.5.2118.0
6.5.2118.1
6.5.2118.2
6.5.2118.3
6.5.2118.4
6.5.2123.5
6.5.2123.7
6.5.2123.8
6.5.2128.0
6.5.2132.1
6.5.2132.2

Read this: https://support.eset.com/en/alert7396-legacy-products-startup-issue

Still no fix for 6.5.12.010.0 of 6.5.12.0.14.0 versions......  for windows servers

[lasek101 1]

I have downloaded fix from site https://support.eset.com/en/alert7396-legacy-products-startup-issue and executed by psexec on station with eset 6.5.2094.1 with success. On ERA console station looks normally (no alerts). But when I try to upgrade to 7.2 by assigning task, task fails.

[Frustrated!! 1]

On 2/10/2020 at 3:33 PM, Marcos said:

erm fix it?

 

6.5.1214.0 - messing around with date and time is not an option

do you have fix?

[Glitch 3]

Indeed some clients not all also ask for a password when entering in to advanced settings! after applying the patch.  How to solve this? 

[Marcos 5,070]

1 hour ago, Frustrated!! said:

6.5.1214.0 - messing around with date and time is not an option

do you have fix?

Did you mean EFSW 6.5.12014? If so, this one is in the list of products that can be fixed by the current version of Certfix. When run, the latest version displays information "FileVersion of this tool: 1.0.0.3".

[persianmcse 3]

ِDo you have fix 5.0.2272.7 ?

[kamiran.asia 5]

it seems that fixtool v1.0.0.3 can not solve the issue in V6.5.2094 without Restart.

We must Run Fixtool and then Restart , Then Anti phishing error will disappear.

[JensK 1]

32 minutes ago, Marcos said:

Did you mean EFSW 6.5.12014? If so, this one is in the list of products that can be fixed by the current version of Certfix. When run, the latest version displays information "FileVersion of this tool: 1.0.0.3".

We receive an error with this version of Certfix, any ideas?

It's file security v. 6.5.12014.1

 

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    em.exe
  Application Version:    5.0.2248.0
  Application Timestamp:    559ce8f8
  Fault Module Name:    em.exe
  Fault Module Version:    5.0.2248.0
  Fault Module Timestamp:    559ce8f8
  Exception Code:    c0000005
  Exception Offset:    0002567b
  OS Version:    6.3.9600.2.0.0.272.7
  Locale ID:    1031
  Additional Information 1:    5861
  Additional Information 2:    5861822e1919d7c014bbb064c64908b2
  Additional Information 3:    6fbe
  Additional Information 4:    6fbe6bde2701766d81cbca0597a5fa35

Read our privacy statement online:
  hxxp://go.microsoft.com/fwlink/?linkid=280262

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

Edited February 13, 2020 by JensK
removed . from 6.5.12014.1

[TechUser01 2]

40 minutes ago, Marcos said:

Did you mean EFSW 6.5.12014? If so, this one is in the list of products that can be fixed by the current version of Certfix. When run, the latest version displays information "FileVersion of this tool: 1.0.0.3".

That version is not listed on the https://forum.eset.com/files/file/20-certfix/ site.  I've run the patch on an EFSW 6.5.12014 server and I get "ESET command-line scanner has stopped working" pop up.  and Prepare0 failed: 0xc0000005; Patched failed (1, 3, 0)??

 

[alur 1]

41 minutes ago, persianmcse said:

ِDo you have fix 5.0.2272.7 ?

they forgot about us

[Marcos 5,070]

Just now, persianmcse said:

ِDo you have fix 5.0.2272.7 ?

We are uploading a fix for Endpoint v5 and will update the KB and alert on this forum with links and information when ready.

[Marcos 5,070]

As for the crashes of CertFix2 (v1.0.0.3), are all these systems Windows Server 2008 R2 where it's crashing?