Jump to content
cookieboy69

Endpoint Security Anti phishing non functional

Recommended Posts

11 minutes ago, Marcos said:

Should remote install fail, make sure that the maximum size of installation packages is set to 150 or more MB via a policy.(...)

That's good point. 

Anyway I can confirm positive upgrade from 2265 to 2272 through ERAv5 with Custom Package. Clients upgrade is in progress :) 

Share this post


Link to post
Share on other sites
3 minutes ago, Frustrated!! said:

6.5.12014.1

fix?

It can be fixed by using the current version of CertFix. Also there are 6.5 EFSW installers with a fixed version available for download. Please check the red alert on the top of this forum for links.

Share this post


Link to post
Share on other sites
23 hours ago, Glitch said:

@Marcos What about the endpoints that request a username and password when you go to advanced settings after applying the patch? 

Also any update if we NEED to update after applying the 6.5 patch? Like 10000+ workstations updaten without any era would take a few months. 

Any update on this?

Share this post


Link to post
Share on other sites

@Glitch 6.5 is kept in support only for the Windows XP. If you do not have Windows XP in your portfolio, we recommend to install a newer version, especially version 7. Also, considering the size of the network (10 000 devices), what is the reason you have chosen to not use ESMC / ERA? It would make your life a lot easier. 

Also, for the version 7.2, we are planning to introduce automatic product updates, that will keep the Endpoints on the latest version, so such difficulties will be prevented. 

Is there any particular reason, why you want to stick with the older version besides the workload it would generate? Also, what is your standard "software update" policy, meaning how is software life-cycle handled for other products you use? 

Just a side note, not to annoy you, but to explain the situation a bit: with dramatically changing "ecosystem variables" (Microsoft releasing Windows 10 2-times a year, and Apple having annual release cycles), us as software vendors have no other choice, than to adopt more aggressive life-cycle policies, and towards the future abandon "versioning" as we were used to it, and more move towards the "as a service" model, meaning you have your subscription and ESET guarantees a working version, which will update itself without you taking care of it. Our cellphones are doing it, office is doing it, and security software (in order to work efficiently for you) have to do it as well. 

Share this post


Link to post
Share on other sites
3 minutes ago, MichalJ said:

@Glitch 6.5 is kept in support only for the Windows XP. If you do not have Windows XP in your portfolio, we recommend to install a newer version, especially version 7. Also, considering the size of the network (10 000 devices), what is the reason you have chosen to not use ESMC / ERA? It would make your life a lot easier. 

Also, for the version 7.2, we are planning to introduce automatic product updates, that will keep the Endpoints on the latest version, so such difficulties will be prevented. 

Is there any particular reason, why you want to stick with the older version besides the workload it would generate? Also, what is your standard "software update" policy, meaning how is software life-cycle handled for other products you use? 

Just a side note, not to annoy you, but to explain the situation a bit: with dramatically changing "ecosystem variables" (Microsoft releasing Windows 10 2-times a year, and Apple having annual release cycles), us as software vendors have no other choice, than to adopt more aggressive life-cycle policies, and towards the future abandon "versioning" as we were used to it, and more move towards the "as a service" model, meaning you have your subscription and ESET guarantees a working version, which will update itself without you taking care of it. Our cellphones are doing it, office is doing it, and security software (in order to work efficiently for you) have to do it as well. 

It is because a large majority of the clients we manage is still using windows XP, they also use the NANO updates as it is not a single network. We are an MSP. Our new installs are 7.1 or 7.2. As ESET is also terible in managing high latency connections we can't use the ESMC as there are too many timeouts. I already explained this a couple of times on calls with ESET HQ in Bratislava and also when I visited the HQ. 

So are we planning to stay on 6.5 , no but upgrades will take time and will cost time and need to be planned we can't force our clients at this moment as their connections don't allow it to receive large amounts of data such we need months. Next to that the new updates are larger than the old updates.

 

Yes yes we know the latest the greatest, for customers we do 24/7 SOC services we only have the latest versions install and so but we are in a specific sector that it is not possible. And yes I agree updating is better and so one but that is all for another time. At this time it is important that we can: 

1. Rectify all machines back

2. Start protection again.

3. Get them updated. 

 

 

 

Share this post


Link to post
Share on other sites
3 hours ago, Piter said:

That's good point. 

Anyway I can confirm positive upgrade from 2265 to 2272 through ERAv5 with Custom Package. Clients upgrade is in progress :) 

Hi @Piter what file did you use to do this? I tried hxxp://repository.eset.com/v1/com/eset/tools/certfix/v1/latest/eea_nt64_enu.exe but it fails and I thought it has to be a .msi file? Did you choose windows push, windows push (WMI) or Windows upgrade client?

Share this post


Link to post
Share on other sites

Thank you for fixing Endpoint 5.0, there are small problems on some clients, but in General everything is normal.

Share this post


Link to post
Share on other sites
On 2/14/2020 at 3:49 PM, esined said:

Hi @Piter what file did you use to do this? I tried hxxp://repository.eset.com/v1/com/eset/tools/certfix/v1/latest/eea_nt64_enu.exe but it fails and I thought it has to be a .msi file? Did you choose windows push, windows push (WMI) or Windows upgrade client?

Hi @esined

sorry for late answer. I've used the .exe file. In package manager in RA you have to create new custom package (separate for x86 and x64 architecture) and then deploy it through Windows Push - Custom Package. You'll need to provide administrative credentials.

 

Share this post


Link to post
Share on other sites

Generally patch for 6.5 works, but we have some stations where patch was applied, but on ERA console station still is in alert 'product is installed but is not running' .

 

certfix.exe output:

FileVersion of this tool: 1.0.0.5
-------------------------------------------------------------------------------
Patch already applied

but on era console:

eset.png

Edited by lasek101

Share this post


Link to post
Share on other sites

Hi,

already patched hundreds of systems but running CertFix in two servers with Server 2008 and ESET File Security 6.5.12007.0 I get the following error:

Quote

error: GetFileVersionInfoSize: 193
error: Can't get ekrn version (C:\Program Files\ESET\ESET File Security\x86\ekrn.exe)!

 

How can I fix?

PS: Servers already rebooted...

Share this post


Link to post
Share on other sites
4 minutes ago, vgoncalves said:

Hi,

already patched hundreds of systems but running CertFix in two servers with Server 2008 and ESET File Security 6.5.12007.0 I get the following error:

How can I fix?

PS: Servers already rebooted...

Please provide logs collected with ESET Log Collector so that we can check if registry values that are supposed to exist actually exist.

Share this post


Link to post
Share on other sites
17 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector so that we can check if registry values that are supposed to exist actually exist.

Sent you a PM with the logs...

Thanks

Share this post


Link to post
Share on other sites

Please carry on as follows:
- in the advanced setup -> tools -> diagnostics enable advanced network protection logging
- reboot the machine
- disable advanced logging
- collect logs with ESET Log Collector and upload the generated archive here.

Share this post


Link to post
Share on other sites
16 hours ago, WebbyTech said:

I have followed the guide but then removed 6.5 and install 7.1.12008.0 File Security... However still getting an issue with non-functional modules.

Looks like the machine was not rebooted after enabling advanced network protection logging. Anyways, the root cause of the errors is clear. For some reason the old driver epfwwfpr.sys was not removed during upgrade for an unknown reason.

Please run the following command as an administrator and reboot the server:
"sc delete epfwwfpr"

Reinstallation of EFSW should not be necessary, however, should an error still be reported after the reboot try uninstalling EFSW and installing it from scratch.

Share this post


Link to post
Share on other sites

Any ideas why doesnt the ESET outlook add-ins doesnt work after applying the fix, and updating the clients to 7.2

I've tried reinstalling, re-enabling the outlook integration. Nothing seems to work.

 

Share this post


Link to post
Share on other sites

So I just completed the fix and upgrade to ver7 (from ver 6.5 after running certfix 2.0) of File Security for roughly 50 servers.  7 of those servers are still reporting that the Web and email protocol filtering, network attack protection, and anti-phishing protections is non-functional.  I've even did a complete uninstall reboot and fresh install of ver7.

Alerts.JPG

Share this post


Link to post
Share on other sites
17 minutes ago, Snakeyes said:

So I just completed the fix and upgrade to ver7 (from ver 6.5 after running certfix 2.0) of File Security for roughly 50 servers.  7 of those servers are still reporting that the Web and email protocol filtering, network attack protection, and anti-phishing protections is non-functional.  I've even did a complete uninstall reboot and fresh install of ver7.

It could be the same issue as the one reported above. Please collect logs with ESET Log Collector and upload the generated archive here.

Share this post


Link to post
Share on other sites
4 hours ago, Marcos said:

Looks like the machine was not rebooted after enabling advanced network protection logging. Anyways, the root cause of the errors is clear. For some reason the old driver epfwwfpr.sys was not removed during upgrade for an unknown reason.

Please run the following command as an administrator and reboot the server:
"sc delete epfwwfpr"

Reinstallation of EFSW should not be necessary, however, should an error still be reported after the reboot try uninstalling EFSW and installing it from scratch.

Definitely did this in the order you requested, enabled, rebooted, collected logs and sent them to you.

I have done the same as above but still getting error.

I am just going to try it is a slightly different order... Remove EFSW, Delete Service, Reboot then Reinstall.....

Share this post


Link to post
Share on other sites
45 minutes ago, WebbyTech said:

Definitely did this in the order you requested, enabled, rebooted, collected logs and sent them to you.

I have done the same as above but still getting error.

I am just going to try it is a slightly different order... Remove EFSW, Delete Service, Reboot then Reinstall.....

OK, so seems it is this service, but it does not remove when you ask it to! Order I took to resolve this issue...

  1. Remove EFSW
  2. Restart Server
  3. Run "sc delete epfwwfpr" in elevated cmd (Should get [SC] DeleteService Success)
  4. Restart Server
  5. Run "sc delete epfwwfpr" in elevated cmd - Yes again to make sure it has gone, you should get a different message... if you get "[SC] DeleteService Success" again then back to step 3.. this has to go before you install again.
  6. Install new version of EFSW

Share this post


Link to post
Share on other sites
20 hours ago, NuclearMotherboard said:

OK, so seems it is this service, but it does not remove when you ask it to! Order I took to resolve this issue...

  1. Remove EFSW
  2. Restart Server
  3. Run "sc delete epfwwfpr" in elevated cmd (Should get [SC] DeleteService Success)
  4. Restart Server
  5. Run "sc delete epfwwfpr" in elevated cmd - Yes again to make sure it has gone, you should get a different message... if you get "[SC] DeleteService Success" again then back to step 3.. this has to go before you install again.
  6. Install new version of EFSW

This process worked for me on all servers that I needed to run it on.  I didn't have to do a 3rd reboot thankfully.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   1 member

×
×
  • Create New...