Jump to content

Recommended Posts

Hello

I have a workstation, running Windows 7 Pro, theres always a error on it in ESMC, saying its not up to date etc. But what's weird is it under status/last occurred is always a date in the future. I don't understand. I've updated the installation multiple times, done maintenance on the OS, reset winsock, cleanup etc. and it's still doing this, any suggestions?

Screenshot is attached.

Thanks

Reggie

Untitled.jpg

Share this post


Link to post
Share on other sites
4 hours ago, rgoldman said:

Hello

I have a workstation, running Windows 7 Pro, theres always a error on it in ESMC, saying its not up to date etc. But what's weird is it under status/last occurred is always a date in the future. I don't understand. I've updated the installation multiple times, done maintenance on the OS, reset winsock, cleanup etc. and it's still doing this, any suggestions?

Screenshot is attached.

Thanks

Reggie

Untitled.jpg

Maybe the status is about Windows 7 that it has went out of support , maybe this is why it's showing as critical because it stopped receiving updates from Microsoft unless you pay for buisiness support.

Share this post


Link to post
Share on other sites

Maybe a "Stupid" idea, but is the Windows time set correctly? There is by default a check in ESET application, that compares the date of the issue of the latest detection update, against the system time. If the system time is set in the future, it could trigger this notification, but it´s just a guess. 

Share this post


Link to post
Share on other sites

What issue is Endpoint reporting on the home or update screen ?

Share this post


Link to post
Share on other sites

Thanks guys, and sorry I thought I had email notifications for replies on and I haven't checked the forum until now.

@Nightowl  It's been doing this a while, like before Windows 7 went out of support etc. Sorry I know I should have fixed it before now but the client is working fine, it's just reporting a date in the future as an error or something, not sure.

@MichalJ Yes the time is correct on the workstation, I've checked numerous times and settings during checkout/maintenance.

@Marcos Attaching a screenshot of the Endpoint itself, is that what you're asking about?

e1.jpg

e2.jpg

Share this post


Link to post
Share on other sites

What error do you get when you click Check for updates?

Please carry on as follows:
- in the advanced setup -> Tools -> Diagnostics, enable advanced network protection and update engine logging
- run update by clicking Check for updates
- stop logging
- collect logs with ESET Log Collector and upload the generated archive here.

Share this post


Link to post
Share on other sites
[23:52:26 PM] ESET Log Collector v4.0.2.0 (12/9/2019) - 64 bit
[23:52:26 PM] Copyright (c) 1992-2019 ESET, spol. s r.o. All rights reserved.
[23:52:26 PM] 
[23:52:26 PM] Detected product type: eea
[23:52:29 PM] ==============================
[23:52:29 PM] ESET logs collection mode: Filtered binary
[23:52:29 PM] Number of days to collect target files and log records for: 30
[23:52:29 PM] Saving metadata to C:\Users\user\AppData\Local\Temp\elc41D3.tmp
[23:52:29 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D3.tmp -> metadata.txt
[23:52:29 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D4.tmp -> info.xml
[23:52:29 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D5.tmp -> features_state.txt
[23:52:29 PM] === Running processes (open handles and loaded DLLs) ===
[23:52:29 PM] Exporting...
[23:52:31 PM]   OK
[23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D6.tmp -> Windows/Processes.txt
[23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D7.tmp -> Windows/ProcessesTree.txt
[23:52:31 PM] === Drives info ===
[23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc480F.tmp -> Windows/drives.txt
[23:52:31 PM] Exporting volume information...
[23:52:31 PM]   OK
[23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc4820.tmp -> Windows/volumes.txt
[23:52:31 PM] === Devices info ===
[23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc4AA0.tmp -> Windows/devices/setupClasses.txt
[23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc4AC1.tmp -> Windows/devices/interfaceClasses.txt
[23:52:31 PM] === Services Registry key content ===
[23:52:31 PM] Exporting...
[23:52:32 PM]   OK
[23:52:32 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc4AC2.tmp -> Windows/Services.reg
[23:52:32 PM] === Application event log ===
[23:52:32 PM] Exporting...
[23:52:32 PM] Windows event logs could not be exported in evtx format. Exporting in xml format...
[23:52:32 PM] ERROR: Failed to open event log
[23:52:32 PM] 
[23:52:32 PM] Removing temp files...
[23:52:32 PM] 
[23:52:32 PM] ==============================
[23:52:32 PM] An error occured during collection of files.   See the log for more info.

Updated and everything fine it seems. But when I run the collector I get an error. I tried Defaults, 1 and 30 days, same error.

Share this post


Link to post
Share on other sites

Hard to say what the issue could be, I'd need to see a Procmon log from that point. Try unchecking "System event log" prior to collecting logs.

image.png

Share this post


Link to post
Share on other sites
Posted (edited)

logs removed

 

Edited by rgoldman
removing for logs (they were already reviewed by help)

Share this post


Link to post
Share on other sites

The engine seems to have updated to the latest version alright today, no errors are logged:

13. 5. 2020 4:48:54    ESET Kernel    Detection Engine was successfully updated to version 21318 (20200513).    SYSTEM    

Please keep an eye on this machine and make sure it updates the modules automatically. Should the issue return, enable advanced update engine logging and keep logging enabled for the next few hours, at least until a newer engine is released and at least one hour has passed to ensure that the automatic update task was run. Then disable advanced logging and collect fresh logs with ELC.

In your configuration I've noticed that you have the LiveGrid Feedback system disabled. I'd strongly recommend enabling it. It would not only enable us to add a proper detection and cleaning for new malware but it would also activate some additional protection mechanisms, e.g. in Ransomware shield.

Share this post


Link to post
Share on other sites

Thanks. I also noticed some abnormalities in that policy so I've started a fresh basic policy and we'll see how it goes.

Share this post


Link to post
Share on other sites
On 5/12/2020 at 10:23 PM, Marcos said:

The engine seems to have updated to the latest version alright today, no errors are logged:

13. 5. 2020 4:48:54    ESET Kernel    Detection Engine was successfully updated to version 21318 (20200513).    SYSTEM    

Please keep an eye on this machine and make sure it updates the modules automatically. Should the issue return, enable advanced update engine logging and keep logging enabled for the next few hours, at least until a newer engine is released and at least one hour has passed to ensure that the automatic update task was run. Then disable advanced logging and collect fresh logs with ESET Log Collector.

In your configuration I've noticed that you have the LiveGrid Feedback system disabled. I'd strongly recommend enabling it. It would not only enable us to add a proper detection and cleaning for new malware but it would also activate some additional protection mechanisms, e.g. in Ransomware shield.

how long does it take for the newer detection engine version to kick in once the ESET Malware Team upload the new virus data to servers? it's been over 1 hr but our modules haven't got updated.

Share this post


Link to post
Share on other sites
20 minutes ago, cmit said:

it's been over 1 hr but our modules haven't got updated.

One hour since when? Modules are updated about 6 times a day.

Share this post


Link to post
Share on other sites
5 minutes ago, Marcos said:

One hour since when? Modules are updated about 6 times a day.

since customers submitted a threat example to ESET Malware Response Team and after they have confirmed replied that "The detection for this threat will be included in the next update of detection engine."

6 times a day means every 4 hours which isn't it too long? i.e. shouldn't it be once every 30min? what happens if before the update kicks in and computer already affected because of this? or is the real-time engine gonna have another layer of protection?

just trying to understand exactly how ESET works.

Share this post


Link to post
Share on other sites

It depends, most of threats are detected via LiveGrid or streamed updates within a few minutes without updating the engine.  If you provide the subject of the email, I can check when the detection was added.

Share this post


Link to post
Share on other sites
3 minutes ago, Marcos said:

It depends, most of threats are detected via LiveGrid or streamed updates within a few minutes without updating the engine.  If you provide the subject of the email, I can check when the detection was added.

[TRACK#5EC6A2EF0178] from the ESET Malware Response Team's reply.

Share this post


Link to post
Share on other sites

We started building engine 21366 an hour ago. It should be on update servers within 15-30 minutes.

Share this post


Link to post
Share on other sites
31 minutes ago, Marcos said:

We started building engine 21366 an hour ago. It should be on update servers within 15-30 minutes.

detection engine still in v21365. should be v21366 by now but still not. please check asap. thanks.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...