Protection no longer functional after 2004 install

[robg 3]

Windows 10 Education 2004           10.0.19041.264

ESET Endpoint Antivirus    ESET, spol. s r.o.    7.3.2032.0    213    yes    7.3.2032.0     Up-to-date version    en_US
ESET Management Agent    ESET, spol. s r.o.    7.0.577.0    276    yes    7.1.717.0 

 

Have upgraded a computer as a test to the 2004 build and it's giving an error of Real-time file system protection is non-functional  after the install completed and after multiple restarts. Is also stuck on the 7.0.577.0 Agent until the upgrade bug is fixed.

[Marcos 4,720]

That's because a full system restart is required for protection to work after upgrade to Endpoint 7.3 which is also emphasized in release announcements.

Try running "shutdown -r -t 0" to perform a full restart or click the restart link in the ESET's gui.

[robg 3]

I've restarted it in powershell with restart-computer -Force  does it have to be done manually?

[Marcos 4,720]

Just now, robg said:

I've restarted it in powershell with restart-computer -Force  does it have to be done manually?

I'm not sure if this performs a full or quick restart. Try running the command from my previous post.

[robg 3]

4 minutes ago, Marcos said:

I'm not sure if this performs a full or quick restart. Try running the command from my previous post.

Have run that and it's the same issue, not sure if the detection time should change

 

Real-time file system protection is non-functional     This functionality could not be started and your computer is not protected against some types of threats.    Security risk    Security product    Antivirus    2020 Jun 9 15:25:17

Last Connected Time    2020 Jun 10 16:24:21
Last Scan Time    n/a
Detection Engine    21471 (20200610)

[Marcos 4,720]

Please provide a dump of ekrn. You can create one via the adv. setup -> tools -> diagnostics -> create (dump) and then collect logs with ESET Log Collector. When done, upload the generated archive here.

[robg 3]

Hi I don't have access to the GUI remotely can I do this through ESMC as a task?

[Marcos 4,720]

Try sending a Shutdown computer task from ESMC. Select Restart in the next step.

[robg 3]

Will I be able to reach the computer after a shutdown command as this model doesn't work well with WOL. I've restarted it manually at the machine and unplugged it, through the ESMC restart computer, through multiple powershell and dos shutdown and restart commands

[robg 3]

These are the logs i managed to get remotely 

era-diagnostic-logs_2020-06-11_09-24-22.zip

[karlisi 26]

2 hours ago, robg said:

Will I be able to reach the computer after a shutdown command

You can select 'Restart' in next step when creating this task. This is the same as Windows command 'shutdown /r'

[robg 3]

Have run that task and selected restart, same issue.

Also made sure Fast startup and hibernation were disabled

[Marcos 4,720]

Please provide a dump of ekrn (adv. setup -> tools -> diagnostics -> create (dump)).

[robg 3]

Have managed to get the mini dump from it

ekrn_00a0cede_2f0.zip

[Marcos 4,720]

Neither the logs nor dump revealed any issues with real-time protection. I would say that real-time protection should be able to detect eicar. Could you test it? I'd recommend opening a ticket with your local support and provide them with both the ELC logs and the dump to pass them to developers.

[robg 3]

Hi it's working now, no idea what changed. Updated the agent , hopefully it will work better on the others!

 

ESET Endpoint Antivirus    ESET, spol. s r.o.    7.3.2032.0    213    yes    7.3.2032.0     Up-to-date version    en_US
ESET Management Agent    ESET, spol. s r.o.    7.2.1266.0    181    yes    7.2.1266.0 
Last Connected Time    2020 Jun 11 16:05:49
Last Scan Time    n/a
Detection Engine    21477 (20200611)
Updated    Updated