Jump to content

Recommended Posts

Posted (edited)

Hi.

Is this a known issue that after deploying ESET AV on a newly deployed computer, "Real-time file system protection is non-functional" error is present until a user logs in for the very first time on that machine. Rebooting does not fix it, someone has to login first.

We have this on all newly deployed machines.

 

sc1.PNG.84ff8e898c7467c76a208e762fee13cb.PNG

 

sc1.PNG.4bb862d66ac95ef9f26b0b7ca5cb58ba.PNG

Regards.

Edited by offbyone
"not" was missing.
  • Administrators
Posted

How did you install Endpoint on these machines? First you deployed the ESMC agent and then installed Endpoint via a software install task sent from the ESMC console followed by sending a product activation task which activates the product and enables modules? At any rate, neither installation nor activation is depended on user logon and both work in the background even if no user is logged in.

Posted

All clients are installed unattended via offline installer which include Agent and AV. The installation is done via GP script.

Posted

I suspect that not many customers will be faced by this problem, as there are not many which do a fully automated deployment of computers including os and apps. In most cases a user has logged on at least one time before ESET is installed.

Posted (edited)

We use deployed Windows and I've noticed the same thing. It also happens if Windows is updated to a new release and before the user logs in.

Edit: I just noticed this recently, so not sure if this is something new. Another new thing I noticed is that it's now harder to drag computers into another group since the group panel scrolls too early and too fast.

Edited by FRiC
Posted

@FRiC

THX for confirmation. I wasn't sure if it is something special to our environments.

Till now we deployed about 100 new clients in 3 different customer environments and its the same with all of them.

 

  • Administrators
Posted

Since they are newly deployed computers, do you deploy an image prepared with Sysprep? Ie. when the computer is turned on, Windows doesn't start right away but first prepares for first use (so-called OOBE)?

Posted (edited)

No its not a sysprep image, its the default image. It is deployed via autounattend.xml by WDS. The OOBE phase is running of course on first logon but it's automated.

 

Edited by offbyone
correcting OOBE infomration.
  • 2 weeks later...
Posted

Hi

Any news on this, is still happening for me

 

 

  • Administrators
Posted

Did you install the latest Endpoint 7.3 on the machines and rebooted them then, just in case?

If so, please carry on as follows:
- in the adv. setup -> tools -> diagnostics enable full application dumps and click ok
- in the adv. setup -> tools -> diagnostics click Create to generate a dump of ekrn
- collect logs with ESET Log Collector
- upload the generated archive here (if too big upload it to a safe location and drop me a pm with a download link).

Posted

Hi dears ,

Same Problem for many of our Customers.

We Think that old Version of V7 ( 7.0 , 7.1 ) on Windows 10 have this problem , Repair old version will fix the problem or Upgrade to V 7.3 and restart is needed.

But what is the problem ? It seems that there is problem in new updates.

  • Administrators
Posted

Couldn't it be that you made a fresh installation of an old Endpoint? In such case issues would be expected. Please always use the latest installers from ESET's website.

  • 1 month later...
Posted

We have the same problem, all ESET reports problems until user logs in, and i have somewhere near 600 PCs.... All installation are made through SCCM (Agent and Antivirus).... All installers are downloaded from the website and SCCM file from the Security Management Center. Any updates?

  • Administrators
Posted
11 minutes ago, Salim said:

We have the same problem, all ESET reports problems until user logs in, and i have somewhere near 600 PCs....

Please generate a complete dump of ekrn via the adv. setup -> tools -> diagnostics. Then collect logs with ESET Log Collector, upload the archive to a safe location and provide me with a download link in a private message.

  • 5 weeks later...
Posted (edited)

Hi Marcos, we are experiencing exactly the same issue in about ~1000 workstations. all upgraded via Installation Task from ESMC . I have enabled FULL dump for logs and attached the results here.

btw. it's only affecting EEA 7.3.2041.0

 

eea_logs.zip

Edited by Camilo Diaz
adding version
  • Administrators
Posted

Looks like you didn't generate a dump of ekrn via the adv. setup -> tools -> diagnostics -> Create prior to collecting logs.

The Diagnostics folder is empty:

C:\ProgramData\ESET\ESET Security\Diagnostics\

2020-11-16 11:55  <DIR>           ECP
         0 files               0 bytes

 

  • Administrators
Posted

There are no issues logged in the Event log and also the real-time protection driver status reports AMON_STATUS_OK. I assume that logs were collected from a machine where the issue doesn't occur. Its name commences with "MA203-" but ESMC reported the issue on machines with the name commencing with "DT-".

Posted

Hey Marcos, as mentioned by other members, as soon as an user logs in, Real-Time protection start working again, so I don't think it will be feasible to get the logs from a device experiencing the issue...

Posted
Quote

error is present until a user logs in for the very first time on that machine.

From this time on the error will never occur again on that machine.

  • Administrators
Posted
1 hour ago, offbyone said:

From this time on the error will never occur again on that machine.

That's a reason to believe that OOBE was not completed yet and completes once the user logs in.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...