offbyone 10 Posted August 17, 2020 Share Posted August 17, 2020 (edited) Hi. Is this a known issue that after deploying ESET AV on a newly deployed computer, "Real-time file system protection is non-functional" error is present until a user logs in for the very first time on that machine. Rebooting does not fix it, someone has to login first. We have this on all newly deployed machines. Regards. Edited August 17, 2020 by offbyone "not" was missing. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted August 18, 2020 Administrators Share Posted August 18, 2020 How did you install Endpoint on these machines? First you deployed the ESMC agent and then installed Endpoint via a software install task sent from the ESMC console followed by sending a product activation task which activates the product and enables modules? At any rate, neither installation nor activation is depended on user logon and both work in the background even if no user is logged in. Link to comment Share on other sites More sharing options...
offbyone 10 Posted August 18, 2020 Author Share Posted August 18, 2020 All clients are installed unattended via offline installer which include Agent and AV. The installation is done via GP script. Link to comment Share on other sites More sharing options...
offbyone 10 Posted August 18, 2020 Author Share Posted August 18, 2020 I suspect that not many customers will be faced by this problem, as there are not many which do a fully automated deployment of computers including os and apps. In most cases a user has logged on at least one time before ESET is installed. Link to comment Share on other sites More sharing options...
FRiC 10 Posted August 21, 2020 Share Posted August 21, 2020 (edited) We use deployed Windows and I've noticed the same thing. It also happens if Windows is updated to a new release and before the user logs in. Edit: I just noticed this recently, so not sure if this is something new. Another new thing I noticed is that it's now harder to drag computers into another group since the group panel scrolls too early and too fast. Edited August 21, 2020 by FRiC Link to comment Share on other sites More sharing options...
offbyone 10 Posted August 21, 2020 Author Share Posted August 21, 2020 @FRiC THX for confirmation. I wasn't sure if it is something special to our environments. Till now we deployed about 100 new clients in 3 different customer environments and its the same with all of them. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted August 21, 2020 Administrators Share Posted August 21, 2020 Since they are newly deployed computers, do you deploy an image prepared with Sysprep? Ie. when the computer is turned on, Windows doesn't start right away but first prepares for first use (so-called OOBE)? Link to comment Share on other sites More sharing options...
offbyone 10 Posted August 21, 2020 Author Share Posted August 21, 2020 (edited) No its not a sysprep image, its the default image. It is deployed via autounattend.xml by WDS. The OOBE phase is running of course on first logon but it's automated. Edited August 21, 2020 by offbyone correcting OOBE infomration. Link to comment Share on other sites More sharing options...
Guest Posted September 3, 2020 Share Posted September 3, 2020 Hi Any news on this, is still happening for me Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted September 3, 2020 Administrators Share Posted September 3, 2020 Did you install the latest Endpoint 7.3 on the machines and rebooted them then, just in case? If so, please carry on as follows: - in the adv. setup -> tools -> diagnostics enable full application dumps and click ok - in the adv. setup -> tools -> diagnostics click Create to generate a dump of ekrn - collect logs with ESET Log Collector - upload the generated archive here (if too big upload it to a safe location and drop me a pm with a download link). Link to comment Share on other sites More sharing options...
kamiran.asia 5 Posted September 5, 2020 Share Posted September 5, 2020 Hi dears , Same Problem for many of our Customers. We Think that old Version of V7 ( 7.0 , 7.1 ) on Windows 10 have this problem , Repair old version will fix the problem or Upgrade to V 7.3 and restart is needed. But what is the problem ? It seems that there is problem in new updates. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted September 6, 2020 Administrators Share Posted September 6, 2020 Couldn't it be that you made a fresh installation of an old Endpoint? In such case issues would be expected. Please always use the latest installers from ESET's website. mallard65 1 Link to comment Share on other sites More sharing options...
Salim 0 Posted October 28, 2020 Share Posted October 28, 2020 We have the same problem, all ESET reports problems until user logs in, and i have somewhere near 600 PCs.... All installation are made through SCCM (Agent and Antivirus).... All installers are downloaded from the website and SCCM file from the Security Management Center. Any updates? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted October 28, 2020 Administrators Share Posted October 28, 2020 11 minutes ago, Salim said: We have the same problem, all ESET reports problems until user logs in, and i have somewhere near 600 PCs.... Please generate a complete dump of ekrn via the adv. setup -> tools -> diagnostics. Then collect logs with ESET Log Collector, upload the archive to a safe location and provide me with a download link in a private message. Link to comment Share on other sites More sharing options...
Camilo Diaz 2 Posted November 27, 2020 Share Posted November 27, 2020 (edited) Hi Marcos, we are experiencing exactly the same issue in about ~1000 workstations. all upgraded via Installation Task from ESMC . I have enabled FULL dump for logs and attached the results here. btw. it's only affecting EEA 7.3.2041.0 eea_logs.zip Edited November 27, 2020 by Camilo Diaz adding version Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted November 27, 2020 Administrators Share Posted November 27, 2020 Looks like you didn't generate a dump of ekrn via the adv. setup -> tools -> diagnostics -> Create prior to collecting logs. The Diagnostics folder is empty: C:\ProgramData\ESET\ESET Security\Diagnostics\ 2020-11-16 11:55 <DIR> ECP 0 files 0 bytes Link to comment Share on other sites More sharing options...
Camilo Diaz 2 Posted November 27, 2020 Share Posted November 27, 2020 My Bad. Have sent you a link with the full logs.Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted November 27, 2020 Administrators Share Posted November 27, 2020 There are no issues logged in the Event log and also the real-time protection driver status reports AMON_STATUS_OK. I assume that logs were collected from a machine where the issue doesn't occur. Its name commences with "MA203-" but ESMC reported the issue on machines with the name commencing with "DT-". Link to comment Share on other sites More sharing options...
Camilo Diaz 2 Posted November 29, 2020 Share Posted November 29, 2020 Hey Marcos, as mentioned by other members, as soon as an user logs in, Real-Time protection start working again, so I don't think it will be feasible to get the logs from a device experiencing the issue... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted November 30, 2020 Administrators Share Posted November 30, 2020 You could provide a kernel memory dump by triggering a crash when no user is logged in as per https://support.eset.com/en/kb380. Does the issue occur after a user logs in and then logs out? Link to comment Share on other sites More sharing options...
offbyone 10 Posted November 30, 2020 Author Share Posted November 30, 2020 Quote error is present until a user logs in for the very first time on that machine. From this time on the error will never occur again on that machine. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted November 30, 2020 Administrators Share Posted November 30, 2020 1 hour ago, offbyone said: From this time on the error will never occur again on that machine. That's a reason to believe that OOBE was not completed yet and completes once the user logs in. Link to comment Share on other sites More sharing options...
Recommended Posts