Endpoint Security Anti phishing non functional

[TechUser01 2]

1 minute ago, Marcos said:

As for the crashes of CertFix2 (v1.0.0.3), are all these systems Windows Server 2008 R2 where it's crashing?

I am seeing it crashing on Windows server 2012 - with 6.5.12014

[JensK 1]

1 minute ago, Marcos said:

As for the crashes of CertFix2 (v1.0.0.3), are all these systems Windows Server 2008 R2 where it's crashing?

On our servers it crashes on Server 2012R2. We have a few 2008 r2 but I wasn't able to test it on it yet.

[TechUser01 2]

22 minutes ago, Marcos said:

As for the crashes of CertFix2 (v1.0.0.3), are all these systems Windows Server 2008 R2 where it's crashing?

Just tested it and It also fails on server 2016 ESET 6.5.12014

[JensK 1]

A colleague testet this fix with following server versions: Server 2008, 2012, 2016, 2019

 

2008 with  14 (6.5.12014.x) => FAILED

2019 with 18 (6.5.12018.x) => OK

2012 R2 with 14 (6.5.12014.x) => FAILED

2016 with 14 (6.5.12014.x) => FAILED

2016 with 18 (6.5.12014.x) => OK

 

 

 

 

List of combinations

OS              Eset (6.5.12014.x)                             Eset (6.5.12018.x)
2008 R2    not working                                        we don't have this combination
2012 R2    not working                                        we don't have this combination
2016         not working                                         works
2019         we don't have this combination       works

Edited February 13, 2020 by JensK
added list of combinations

[rudyooms 1]

Just wondering, i can download this file: 

But whats the password?  Or is this version 2. the same as running this powershell line: powershell -command "& {(New-Object System.Net.WebClient).DownloadFile('hxxp://help.eset.com/eset_tools/CertFix.exe', '%temp%\CertFix.exe');(Start-process '%temp%\CertFix.exe' -NoNewWindow)}" > C:\CertFix.lo

[Frustrated!! 1]

On 2/10/2020 at 3:33 PM, Marcos said:

 

6.5.1214.0 - messing around with date and time is not an option

do you have fix?

[Marcos 5,070]

8 minutes ago, rudyooms said:

Just wondering, i can download this file: 

But whats the password? 

The password is "CertFix2" as listed here: https://forum.eset.com/announcement/5-endpoint-50-65-and-eset-server-products-65-non-functional-as-of-feb-8-antivirus-and-antiphising-is-non-functional-reported/.

We have also a KB article dealing with this issue: https://support.eset.com/en/alert7396-legacy-products-startup-issue.

[rudyooms 1]

45 minutes ago, Marcos said:

The password is "CertFix2" as listed here: https://forum.eset.com/announcement/5-endpoint-50-65-and-eset-server-products-65-non-functional-as-of-feb-8-antivirus-and-antiphising-is-non-functional-reported/.

We have also a KB article dealing with this issue: https://support.eset.com/en/alert7396-legacy-products-startup-issue.

I can be wrong but that password is not listed there? I tried it on 2012/2016 and 2019 servers with version 6.5.12014.0

Edited February 13, 2020 by rudyooms

[JChurchill 0]

We are also seeing failures to execute with certfix2.exe on the following OS:

2008 R2 with 6.5.12014.0
2012 R2 with 6.5.12014.0
2016 with 6.5.12014.0

The certfix2.exe error is:

error: Prepare0 failed: 0x000000ff
error: Patched failed (1, 3, 0)

[Marcos 5,070]

4 minutes ago, rudyooms said:

I can be wrong but that password is not listed there? I am going to try the password you mentioned

You are right. While I'm sure I listed it there, it looks like the change I made was not saved. Will update the alert as soon as I get to my pc.

[Marcos 5,070]

6 minutes ago, JChurchill said:

We are also seeing failures to execute with certfix2.exe on the following OS:

2008 R2 with 6.5.12014.0
2012 R2 with 6.5.12014.0
2016 with 6.5.12014.0

The certfix2.exe error is:

error: Prepare0 failed: 0x000000ff
error: Patched failed (1, 3, 0)

Thank you. I've notified our developers and asked about further steps to diagnose the crash.

[DennisB 0]

I have just applied the fix for Endpoint ver 6.5.2107.1 , and now under protection status shows needs to be activated. Activated again and states successful but still shows needs to be activated. But the phishing issue of being non functional is working. But how to fix this issue now?

[rudyooms 1]

Just run procmon to see what the certfix does... I can see it puts em.exe (eset command line scanner) in a %temp%  folder..... I copied that file and the dat file.

 

Comparing the em.exe with the one in the eset file security folder (ecls.exe) i can see the command line scanner version is from 5.0... The version in the program files folder is 6.5.... So i can believe the reason why this fix craches on 6.5 versions of eset

Edited February 13, 2020 by rudyooms

[cookieboy 5]

Still waiting for the fixed 6.5 Installer to be available

[Marcos 5,070]

1 hour ago, DennisB said:

I have just applied the fix for Endpoint ver 6.5.2107.1 , and now under protection status shows needs to be activated. Activated again and states successful but still shows needs to be activated. But the phishing issue of being non functional is working. But how to fix this issue now?

Do you see it in ESMC or in Endpoint gui on the client in the Protection status pane?
Does restarting the machine make a difference?

[Glitch 3]

18 minutes ago, cookieboy said:

Still waiting for the fixed 6.5 Installer to be available

EES:
hxxp://repository.eset.com/v1/com/eset/apps/business/ees/windows/v6/6.5.2132.5/ees_nt32_enu.msi
hxxp://repository.eset.com/v1/com/eset/apps/business/ees/windows/v6/6.5.2132.5/ees_nt64_enu.msi

EEA:
hxxp://repository.eset.com/v1/com/eset/apps/business/eea/windows/v6/6.5.2132.5/eea_nt32_enu.msi
hxxp://repository.eset.com/v1/com/eset/apps/business/eea/windows/v6/6.5.2132.5/eea_nt64_enu.msi

[Glitch 3]

@Marcos What about the endpoints that request a username and password when you go to advanced settings after applying the patch? 

Also any update if we NEED to update after applying the 6.5 patch? Like 10000+ workstations updaten without any era would take a few months. 

[Frustrated!! 1]

This is getting beyond a joke , do we have a fix that works please - I have many companies servers that need to be working asap.

[Marcos 5,070]

2 minutes ago, Frustrated!! said:

This is getting beyond a joke , do we have a fix that works please - I have many companies servers that need to be working asap.

Please tell us what version of Endpoint or EFSW do you need to fix.

[NoMayo 1]

I'm waiting on the module update for the v5 systems.  I was able to upgrade about 25,000 of our endpoints to 5.0.2272.7 successfully, but still have 600+ devices being difficult with the inline upgrade. 

This is not good guys.  

[rudyooms 1]

5 minutes ago, Marcos said:

Please tell us what version of Endpoint or EFSW do you need to fix.

I guess the version that all people are asking for  

6.5.12010.0 and 6.5.12.014.0

 

[sdnian 6]

@Marcos

Why are the contents of these two files different?

hxxp://repository.eset.com/v1/com/eset/apps/business/ees/windows/v6/6.5.2132.5/ees_nt32_enu.msi

hxxp://download.eset.com/com/eset/apps/business/ees/windows/v6/6.5.2132.5/ees_nt32_enu.msi

[Ere Connect 0]

HI Marcos,

I tried the last Certfix on 6.5.12007 ( Only 1Vms/20 OS srv2016  / maybe i souldn't.. )
It's seems return in function but after, always impossible to uninstall or upgrade this 6.5.12007 😟

Sincerely

[wescaudill 1]

What is the eta on a fix for "File Security for Microsoft Windows Server" version 6.5.12007.0 running on Server 2012R2. We've tried every certfix that has been released and they all bomb

[Marcos 5,070]

As for the issues with Cerfix2 (1.0.0.3), we've found out the cause. It occurs with a specific version of EFSW on other than English systems. Another version of Certfix addressing the issue should be available within today.