Jump to content

Endpoint Security Anti phishing non functional

cookieboy69

By cookieboy69
in ESET Endpoint Products

 Share

Recommended Posts

Piter

Piter 0

Posted
Posted
11 minutes ago, Marcos said:

Should remote install fail, make sure that the maximum size of installation packages is set to 150 or more MB via a policy.(...)

That's good point. 

Anyway I can confirm positive upgrade from 2265 to 2272 through ERAv5 with Custom Package. Clients upgrade is in progress :) 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,082

Posted
  • Administrators
Posted
3 minutes ago, Frustrated!! said:

6.5.12014.1

fix?

It can be fixed by using the current version of CertFix. Also there are 6.5 EFSW installers with a fixed version available for download. Please check the red alert on the top of this forum for links.

Link to comment
Share on other sites
Glitch

Glitch 3

Posted
Posted
23 hours ago, Glitch said:

@Marcos What about the endpoints that request a username and password when you go to advanced settings after applying the patch? 

Also any update if we NEED to update after applying the 6.5 patch? Like 10000+ workstations updaten without any era would take a few months. 

Any update on this?

Link to comment
Share on other sites
  • ESET Staff
MichalJ

MichalJ 434

Posted
  • ESET Staff
Posted

@Glitch 6.5 is kept in support only for the Windows XP. If you do not have Windows XP in your portfolio, we recommend to install a newer version, especially version 7. Also, considering the size of the network (10 000 devices), what is the reason you have chosen to not use ESMC / ERA? It would make your life a lot easier. 

Also, for the version 7.2, we are planning to introduce automatic product updates, that will keep the Endpoints on the latest version, so such difficulties will be prevented. 

Is there any particular reason, why you want to stick with the older version besides the workload it would generate? Also, what is your standard "software update" policy, meaning how is software life-cycle handled for other products you use? 

Just a side note, not to annoy you, but to explain the situation a bit: with dramatically changing "ecosystem variables" (Microsoft releasing Windows 10 2-times a year, and Apple having annual release cycles), us as software vendors have no other choice, than to adopt more aggressive life-cycle policies, and towards the future abandon "versioning" as we were used to it, and more move towards the "as a service" model, meaning you have your subscription and ESET guarantees a working version, which will update itself without you taking care of it. Our cellphones are doing it, office is doing it, and security software (in order to work efficiently for you) have to do it as well. 

Link to comment
Share on other sites
Glitch

Glitch 3

Posted
Posted
3 minutes ago, MichalJ said:

@Glitch 6.5 is kept in support only for the Windows XP. If you do not have Windows XP in your portfolio, we recommend to install a newer version, especially version 7. Also, considering the size of the network (10 000 devices), what is the reason you have chosen to not use ESMC / ERA? It would make your life a lot easier. 

Also, for the version 7.2, we are planning to introduce automatic product updates, that will keep the Endpoints on the latest version, so such difficulties will be prevented. 

Is there any particular reason, why you want to stick with the older version besides the workload it would generate? Also, what is your standard "software update" policy, meaning how is software life-cycle handled for other products you use? 

Just a side note, not to annoy you, but to explain the situation a bit: with dramatically changing "ecosystem variables" (Microsoft releasing Windows 10 2-times a year, and Apple having annual release cycles), us as software vendors have no other choice, than to adopt more aggressive life-cycle policies, and towards the future abandon "versioning" as we were used to it, and more move towards the "as a service" model, meaning you have your subscription and ESET guarantees a working version, which will update itself without you taking care of it. Our cellphones are doing it, office is doing it, and security software (in order to work efficiently for you) have to do it as well. 

It is because a large majority of the clients we manage is still using windows XP, they also use the NANO updates as it is not a single network. We are an MSP. Our new installs are 7.1 or 7.2. As ESET is also terible in managing high latency connections we can't use the ESMC as there are too many timeouts. I already explained this a couple of times on calls with ESET HQ in Bratislava and also when I visited the HQ. 

So are we planning to stay on 6.5 , no but upgrades will take time and will cost time and need to be planned we can't force our clients at this moment as their connections don't allow it to receive large amounts of data such we need months. Next to that the new updates are larger than the old updates.

 

Yes yes we know the latest the greatest, for customers we do 24/7 SOC services we only have the latest versions install and so but we are in a specific sector that it is not possible. And yes I agree updating is better and so one but that is all for another time. At this time it is important that we can: 

1. Rectify all machines back

2. Start protection again.

3. Get them updated. 

 

 

 

Link to comment
Share on other sites
esined

esined 0

Posted
Posted
3 hours ago, Piter said:

That's good point. 

Anyway I can confirm positive upgrade from 2265 to 2272 through ERAv5 with Custom Package. Clients upgrade is in progress :) 

Hi @Piter what file did you use to do this? I tried hxxp://repository.eset.com/v1/com/eset/tools/certfix/v1/latest/eea_nt64_enu.exe but it fails and I thought it has to be a .msi file? Did you choose windows push, windows push (WMI) or Windows upgrade client?

Link to comment
Share on other sites
Piter

Piter 0

Posted
Posted
On 2/14/2020 at 3:49 PM, esined said:

Hi @Piter what file did you use to do this? I tried hxxp://repository.eset.com/v1/com/eset/tools/certfix/v1/latest/eea_nt64_enu.exe but it fails and I thought it has to be a .msi file? Did you choose windows push, windows push (WMI) or Windows upgrade client?

Hi @esined

sorry for late answer. I've used the .exe file. In package manager in RA you have to create new custom package (separate for x86 and x64 architecture) and then deploy it through Windows Push - Custom Package. You'll need to provide administrative credentials.

 

Link to comment
Share on other sites
lasek101

lasek101 1

Posted
Posted (edited)

Generally patch for 6.5 works, but we have some stations where patch was applied, but on ERA console station still is in alert 'product is installed but is not running' .

 

certfix.exe output:

FileVersion of this tool: 1.0.0.5
-------------------------------------------------------------------------------
Patch already applied

but on era console:

eset.png

Edited by lasek101
Link to comment
Share on other sites
vgoncalves

vgoncalves 0

Posted
Posted

Hi,

already patched hundreds of systems but running CertFix in two servers with Server 2008 and ESET File Security 6.5.12007.0 I get the following error:

Quote

error: GetFileVersionInfoSize: 193
error: Can't get ekrn version (C:\Program Files\ESET\ESET File Security\x86\ekrn.exe)!

 

How can I fix?

PS: Servers already rebooted...

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,082

Posted
  • Administrators
Posted
4 minutes ago, vgoncalves said:

Hi,

already patched hundreds of systems but running CertFix in two servers with Server 2008 and ESET File Security 6.5.12007.0 I get the following error:

How can I fix?

PS: Servers already rebooted...

Please provide logs collected with ESET Log Collector so that we can check if registry values that are supposed to exist actually exist.

Link to comment
Share on other sites
vgoncalves

vgoncalves 0

Posted
Posted
17 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector so that we can check if registry values that are supposed to exist actually exist.

Sent you a PM with the logs...

Thanks

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,082

Posted
  • Administrators
Posted

Please carry on as follows:
- in the advanced setup -> tools -> diagnostics enable advanced network protection logging
- reboot the machine
- disable advanced logging
- collect logs with ESET Log Collector and upload the generated archive here.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,082

Posted
  • Administrators
Posted
16 hours ago, WebbyTech said:

I have followed the guide but then removed 6.5 and install 7.1.12008.0 File Security... However still getting an issue with non-functional modules.

Looks like the machine was not rebooted after enabling advanced network protection logging. Anyways, the root cause of the errors is clear. For some reason the old driver epfwwfpr.sys was not removed during upgrade for an unknown reason.

Please run the following command as an administrator and reboot the server:
"sc delete epfwwfpr"

Reinstallation of EFSW should not be necessary, however, should an error still be reported after the reboot try uninstalling EFSW and installing it from scratch.

Link to comment
Share on other sites
charlatan90

charlatan90 0

Posted
Posted

Any ideas why doesnt the ESET outlook add-ins doesnt work after applying the fix, and updating the clients to 7.2

I've tried reinstalling, re-enabling the outlook integration. Nothing seems to work.

 

Link to comment
Share on other sites
Snakeyes

Snakeyes 1

Posted
Posted

So I just completed the fix and upgrade to ver7 (from ver 6.5 after running certfix 2.0) of File Security for roughly 50 servers.  7 of those servers are still reporting that the Web and email protocol filtering, network attack protection, and anti-phishing protections is non-functional.  I've even did a complete uninstall reboot and fresh install of ver7.

Alerts.JPG

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,082

Posted
  • Administrators
Posted
17 minutes ago, Snakeyes said:

So I just completed the fix and upgrade to ver7 (from ver 6.5 after running certfix 2.0) of File Security for roughly 50 servers.  7 of those servers are still reporting that the Web and email protocol filtering, network attack protection, and anti-phishing protections is non-functional.  I've even did a complete uninstall reboot and fresh install of ver7.

It could be the same issue as the one reported above. Please collect logs with ESET Log Collector and upload the generated archive here.

Link to comment
Share on other sites
NuclearSSD

NuclearSSD 3

Posted
Posted
4 hours ago, Marcos said:

Looks like the machine was not rebooted after enabling advanced network protection logging. Anyways, the root cause of the errors is clear. For some reason the old driver epfwwfpr.sys was not removed during upgrade for an unknown reason.

Please run the following command as an administrator and reboot the server:
"sc delete epfwwfpr"

Reinstallation of EFSW should not be necessary, however, should an error still be reported after the reboot try uninstalling EFSW and installing it from scratch.

Definitely did this in the order you requested, enabled, rebooted, collected logs and sent them to you.

I have done the same as above but still getting error.

I am just going to try it is a slightly different order... Remove EFSW, Delete Service, Reboot then Reinstall.....

Link to comment
Share on other sites
NuclearSSD

NuclearSSD 3

Posted
Posted
45 minutes ago, WebbyTech said:

Definitely did this in the order you requested, enabled, rebooted, collected logs and sent them to you.

I have done the same as above but still getting error.

I am just going to try it is a slightly different order... Remove EFSW, Delete Service, Reboot then Reinstall.....

OK, so seems it is this service, but it does not remove when you ask it to! Order I took to resolve this issue...

  1. Remove EFSW
  2. Restart Server
  3. Run "sc delete epfwwfpr" in elevated cmd (Should get [SC] DeleteService Success)
  4. Restart Server
  5. Run "sc delete epfwwfpr" in elevated cmd - Yes again to make sure it has gone, you should get a different message... if you get "[SC] DeleteService Success" again then back to step 3.. this has to go before you install again.
  6. Install new version of EFSW
Link to comment
Share on other sites
Snakeyes

Snakeyes 1

Posted
Posted
20 hours ago, NuclearMotherboard said:

OK, so seems it is this service, but it does not remove when you ask it to! Order I took to resolve this issue...

  1. Remove EFSW
  2. Restart Server
  3. Run "sc delete epfwwfpr" in elevated cmd (Should get [SC] DeleteService Success)
  4. Restart Server
  5. Run "sc delete epfwwfpr" in elevated cmd - Yes again to make sure it has gone, you should get a different message... if you get "[SC] DeleteService Success" again then back to step 3.. this has to go before you install again.
  6. Install new version of EFSW

This process worked for me on all servers that I needed to run it on.  I didn't have to do a 3rd reboot thankfully.

Link to comment
Share on other sites
Snakeyes

Snakeyes 1

Posted
Posted
On 2/14/2020 at 5:15 AM, Frustrated!! said:

6.5.12014.1

fix?

 

The fix has been posted for a few days now.  The hyperlink in the red banner at the top of this page (if showing) will take you to it.  if not check here... https://forum.eset.com/announcement/5-endpoint-50-65-and-eset-server-products-65-non-functional-as-of-feb-8-antivirus-and-antiphising-is-non-functional-reported/

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...