Jump to content

Real-time protection not funtional


offbyone
 Share

Recommended Posts

Hi.

Is this a known issue that after deploying ESET AV on a newly deployed computer, "Real-time file system protection is non-functional" error is present until a user logs in for the very first time on that machine. Rebooting does not fix it, someone has to login first.

We have this on all newly deployed machines.

 

sc1.PNG.84ff8e898c7467c76a208e762fee13cb.PNG

 

sc1.PNG.4bb862d66ac95ef9f26b0b7ca5cb58ba.PNG

Regards.

Edited by offbyone
"not" was missing.
Link to comment
Share on other sites

  • Administrators

How did you install Endpoint on these machines? First you deployed the ESMC agent and then installed Endpoint via a software install task sent from the ESMC console followed by sending a product activation task which activates the product and enables modules? At any rate, neither installation nor activation is depended on user logon and both work in the background even if no user is logged in.

Link to comment
Share on other sites

I suspect that not many customers will be faced by this problem, as there are not many which do a fully automated deployment of computers including os and apps. In most cases a user has logged on at least one time before ESET is installed.

Link to comment
Share on other sites

We use deployed Windows and I've noticed the same thing. It also happens if Windows is updated to a new release and before the user logs in.

Edit: I just noticed this recently, so not sure if this is something new. Another new thing I noticed is that it's now harder to drag computers into another group since the group panel scrolls too early and too fast.

Edited by FRiC
Link to comment
Share on other sites

@FRiC

THX for confirmation. I wasn't sure if it is something special to our environments.

Till now we deployed about 100 new clients in 3 different customer environments and its the same with all of them.

 

Link to comment
Share on other sites

  • Administrators

Since they are newly deployed computers, do you deploy an image prepared with Sysprep? Ie. when the computer is turned on, Windows doesn't start right away but first prepares for first use (so-called OOBE)?

Link to comment
Share on other sites

No its not a sysprep image, its the default image. It is deployed via autounattend.xml by WDS. The OOBE phase is running of course on first logon but it's automated.

 

Edited by offbyone
correcting OOBE infomration.
Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators

Did you install the latest Endpoint 7.3 on the machines and rebooted them then, just in case?

If so, please carry on as follows:
- in the adv. setup -> tools -> diagnostics enable full application dumps and click ok
- in the adv. setup -> tools -> diagnostics click Create to generate a dump of ekrn
- collect logs with ESET Log Collector
- upload the generated archive here (if too big upload it to a safe location and drop me a pm with a download link).

Link to comment
Share on other sites

Hi dears ,

Same Problem for many of our Customers.

We Think that old Version of V7 ( 7.0 , 7.1 ) on Windows 10 have this problem , Repair old version will fix the problem or Upgrade to V 7.3 and restart is needed.

But what is the problem ? It seems that there is problem in new updates.

Link to comment
Share on other sites

  • 1 month later...

We have the same problem, all ESET reports problems until user logs in, and i have somewhere near 600 PCs.... All installation are made through SCCM (Agent and Antivirus).... All installers are downloaded from the website and SCCM file from the Security Management Center. Any updates?

Link to comment
Share on other sites

  • Administrators
11 minutes ago, Salim said:

We have the same problem, all ESET reports problems until user logs in, and i have somewhere near 600 PCs....

Please generate a complete dump of ekrn via the adv. setup -> tools -> diagnostics. Then collect logs with ESET Log Collector, upload the archive to a safe location and provide me with a download link in a private message.

Link to comment
Share on other sites

  • 5 weeks later...

Hi Marcos, we are experiencing exactly the same issue in about ~1000 workstations. all upgraded via Installation Task from ESMC . I have enabled FULL dump for logs and attached the results here.

btw. it's only affecting EEA 7.3.2041.0

 

eea_logs.zip

Edited by Camilo Diaz
adding version
Link to comment
Share on other sites

  • Administrators

Looks like you didn't generate a dump of ekrn via the adv. setup -> tools -> diagnostics -> Create prior to collecting logs.

The Diagnostics folder is empty:

C:\ProgramData\ESET\ESET Security\Diagnostics\

2020-11-16 11:55  <DIR>           ECP
         0 files               0 bytes

 

Link to comment
Share on other sites

  • Administrators

There are no issues logged in the Event log and also the real-time protection driver status reports AMON_STATUS_OK. I assume that logs were collected from a machine where the issue doesn't occur. Its name commences with "MA203-" but ESMC reported the issue on machines with the name commencing with "DT-".

Link to comment
Share on other sites

Hey Marcos, as mentioned by other members, as soon as an user logs in, Real-Time protection start working again, so I don't think it will be feasible to get the logs from a device experiencing the issue...

Link to comment
Share on other sites

Quote

error is present until a user logs in for the very first time on that machine.

From this time on the error will never occur again on that machine.

Link to comment
Share on other sites

  • Administrators
1 hour ago, offbyone said:

From this time on the error will never occur again on that machine.

That's a reason to believe that OOBE was not completed yet and completes once the user logs in.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...