kamiran.asia 5 Posted January 7, 2021 Posted January 7, 2021 Hi dear ESET Admins. In some endpoint we are facing this problem : ( Upgrading 7.0.579.0 to 8.0.1238.0 ) MSI (s) (40:9C) [11:01:33:439]: Product: ESET Management Agent -- Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. Full Log is Attached. What can we do remotely for this problem ( except safemode and uninstaller tool ) ? For more info : Upgrade task did not work in this network because of this problem in below link so we are using a deployment software to install new MSI, this solution success at 98% of endpoint but about 5 system has proble. https://forum.eset.com/topic/26914-agent-v7-show-as-updated-in-eset-protect-v8/ Log.txt Vodzoo 1
ESET Staff MartinK 384 Posted January 7, 2021 ESET Staff Posted January 7, 2021 Could you please check whether there are any custom blocking rules for HIPS used on problematic machines where upgrade fails with mentioned error? We have recently discovered issue where invalid HIPS rules might result in a state when self-defense is preventing upgrade of AGENT. If I recall correctly, issue is triggered by providing path to executable in quoted format. If this is the issue, correcting HIPS rules should resolve the issue remotely - also there should be an update of HIPS module rolled out soon that targets this issue.
kamiran.asia 5 Posted January 8, 2021 Author Posted January 8, 2021 12 hours ago, MartinK said: Could you please check whether there are any custom blocking rules for HIPS used on problematic machines where upgrade fails with mentioned error? We have recently discovered issue where invalid HIPS rules might result in a state when self-defense is preventing upgrade of AGENT. If I recall correctly, issue is triggered by providing path to executable in quoted format. If this is the issue, correcting HIPS rules should resolve the issue remotely - also there should be an update of HIPS module rolled out soon that targets this issue. just AntiRansomeware Rulles is setup in HIPS Rules as mentioned in ESET website. No other HIPS rules . you mean if we disable Endpoint Self Defense it will solve this problem ?
Administrators Marcos 5,443 Posted January 8, 2021 Administrators Posted January 8, 2021 Please provide ELC logs from the machine so that we can check the HIPS rules. Temporarily disabling self-defense and rebooting the machine will work around the issue but it's important to pinpoint it and fix possibly troublesome rules, if there are any.
Recommended Posts