Jump to content

Endpoint Security Anti phishing non functional


Recommended Posts

1 minute ago, Marcos said:

As for the crashes of CertFix2 (v1.0.0.3), are all these systems Windows Server 2008 R2 where it's crashing?

I am seeing it crashing on Windows server 2012 - with 6.5.12014

Link to post
Share on other sites
  • Replies 245
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Update (Feb 10, 16:30 CET): 1, A fix tool that will replace ekrn.exe with a fixed version will be ready within today (Feb 10). The tool will need to be run on machines with affected ESET Security pr

@Marcos What about the endpoints that request a username and password when you go to advanced settings after applying the patch?  Also any update if we NEED to update after applying the 6.5 patch?

On machines that have been restarted and where ESET doesn't work (ie. neither update does), it will be necessary to run the fix tool that we are testing right now. We'll announce it here when ready.

Posted Images

1 minute ago, Marcos said:

As for the crashes of CertFix2 (v1.0.0.3), are all these systems Windows Server 2008 R2 where it's crashing?

On our servers it crashes on Server 2012R2. We have a few 2008 r2 but I wasn't able to test it on it yet.

Link to post
Share on other sites
22 minutes ago, Marcos said:

As for the crashes of CertFix2 (v1.0.0.3), are all these systems Windows Server 2008 R2 where it's crashing?

Just tested it and It also fails on server 2016 ESET 6.5.12014

Link to post
Share on other sites

A colleague testet this fix with following server versions: Server 2008, 2012, 2016, 2019

 

2008 with  14 (6.5.12014.x) => FAILED

2019 with 18 (6.5.12018.x) => OK

2012 R2 with 14 (6.5.12014.x) => FAILED

2016 with 14 (6.5.12014.x) => FAILED

2016 with 18 (6.5.12014.x) => OK

 

 

 

 

List of combinations

OS              Eset (6.5.12014.x)                             Eset (6.5.12018.x)
2008 R2    not working                                        we don't have this combination
2012 R2    not working                                        we don't have this combination
2016         not working                                         works
2019         we don't have this combination       works

Edited by JensK
added list of combinations
Link to post
Share on other sites

Just wondering, i can download this file: 

But whats the password?  Or is this version 2. the same as running this powershell line: powershell -command "& {(New-Object System.Net.WebClient).DownloadFile('hxxp://help.eset.com/eset_tools/CertFix.exe', '%temp%\CertFix.exe');(Start-process '%temp%\CertFix.exe' -NoNewWindow)}" > C:\CertFix.lo

Link to post
Share on other sites
  • Administrators
8 minutes ago, rudyooms said:

Just wondering, i can download this file: 

But whats the password? 

The password is "CertFix2" as listed here: https://forum.eset.com/announcement/5-endpoint-50-65-and-eset-server-products-65-non-functional-as-of-feb-8-antivirus-and-antiphising-is-non-functional-reported/.

We have also a KB article dealing with this issue: https://support.eset.com/en/alert7396-legacy-products-startup-issue.

Link to post
Share on other sites
45 minutes ago, Marcos said:

I can be wrong but that password is not listed there? I tried it on 2012/2016 and 2019 servers with version 6.5.12014.0

errror.jpg

Edited by rudyooms
Link to post
Share on other sites

We are also seeing failures to execute with certfix2.exe on the following OS:

2008 R2 with 6.5.12014.0
2012 R2 with 6.5.12014.0
2016 with 6.5.12014.0

The certfix2.exe error is:

error: Prepare0 failed: 0x000000ff
error: Patched failed (1, 3, 0)

Link to post
Share on other sites
  • Administrators
4 minutes ago, rudyooms said:

I can be wrong but that password is not listed there? I am going to try the password you mentioned

You are right. While I'm sure I listed it there, it looks like the change I made was not saved. Will update the alert as soon as I get to my pc.

Link to post
Share on other sites
  • Administrators
6 minutes ago, JChurchill said:

We are also seeing failures to execute with certfix2.exe on the following OS:

2008 R2 with 6.5.12014.0
2012 R2 with 6.5.12014.0
2016 with 6.5.12014.0

The certfix2.exe error is:

error: Prepare0 failed: 0x000000ff
error: Patched failed (1, 3, 0)

Thank you. I've notified our developers and asked about further steps to diagnose the crash.

Link to post
Share on other sites

I have just applied the fix for Endpoint ver 6.5.2107.1 , and now under protection status shows needs to be activated. Activated again and states successful but still shows needs to be activated. But the phishing issue of being non functional is working. But how to fix this issue now?

Link to post
Share on other sites

Just run procmon to see what the certfix does... I can see it puts em.exe (eset command line scanner) in a %temp%  folder..... I copied that file and the dat file.

 

Comparing the em.exe with the one in the eset file security folder (ecls.exe) i can see the command line scanner version is from 5.0... The version in the program files folder is 6.5.... So i can believe the reason why this fix craches on 6.5 versions of eset

errror.jpg

Edited by rudyooms
Link to post
Share on other sites
  • Administrators
1 hour ago, DennisB said:

I have just applied the fix for Endpoint ver 6.5.2107.1 , and now under protection status shows needs to be activated. Activated again and states successful but still shows needs to be activated. But the phishing issue of being non functional is working. But how to fix this issue now?

Do you see it in ESMC or in Endpoint gui on the client in the Protection status pane?
Does restarting the machine make a difference?

Link to post
Share on other sites

@Marcos What about the endpoints that request a username and password when you go to advanced settings after applying the patch? 

Also any update if we NEED to update after applying the 6.5 patch? Like 10000+ workstations updaten without any era would take a few months. 

Link to post
Share on other sites
  • Administrators
2 minutes ago, Frustrated!! said:

This is getting beyond a joke , do we have a fix that works please - I have many companies servers that need to be working asap.

Please tell us what version of Endpoint or EFSW do you need to fix.

Link to post
Share on other sites

I'm waiting on the module update for the v5 systems.  I was able to upgrade about 25,000 of our endpoints to 5.0.2272.7 successfully, but still have 600+ devices being difficult with the inline upgrade. 

This is not good guys.  

Link to post
Share on other sites
5 minutes ago, Marcos said:

Please tell us what version of Endpoint or EFSW do you need to fix.

I guess the version that all people are asking for :) 

6.5.12010.0 and 6.5.12.014.0

 

Link to post
Share on other sites

HI Marcos,

I tried the last Certfix on 6.5.12007 ( Only 1Vms/20 OS srv2016  / maybe i souldn't.. )
It's seems return in function but after, always impossible to uninstall or upgrade this 6.5.12007 😟

Sincerely

Link to post
Share on other sites
  • Administrators

As for the issues with Cerfix2 (1.0.0.3), we've found out the cause. It occurs with a specific version of EFSW on other than English systems. Another version of Certfix addressing the issue should be available within today.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...