Jump to content

Agent Srv couldn't be stop while upgrading to V8


Recommended Posts

Hi dear ESET Admins.

In some endpoint we are facing this problem : ( Upgrading 7.0.579.0 to 8.0.1238.0 )

MSI (s) (40:9C) [11:01:33:439]: Product: ESET Management Agent -- Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Full Log is Attached.

What can we do remotely for this problem ( except safemode and uninstaller tool ) ?

 

For more info : Upgrade task did not work in this network because of this problem in below link so we are using a deployment software to install new MSI, this solution success at 98% of endpoint but about 5 system has proble.

https://forum.eset.com/topic/26914-agent-v7-show-as-updated-in-eset-protect-v8/

 

Log.txt

Link to comment
Share on other sites

  • ESET Staff

Could you please check whether there are any custom blocking rules for HIPS used on problematic machines where upgrade fails with mentioned error? We have recently discovered issue where invalid HIPS rules might result in a state when self-defense is preventing upgrade of AGENT. If I recall correctly, issue is triggered by providing path to executable in quoted format. If this is the issue, correcting HIPS rules should resolve the issue remotely - also there should be an update of HIPS module rolled out soon that targets this issue.

 

Link to comment
Share on other sites

12 hours ago, MartinK said:

Could you please check whether there are any custom blocking rules for HIPS used on problematic machines where upgrade fails with mentioned error? We have recently discovered issue where invalid HIPS rules might result in a state when self-defense is preventing upgrade of AGENT. If I recall correctly, issue is triggered by providing path to executable in quoted format. If this is the issue, correcting HIPS rules should resolve the issue remotely - also there should be an update of HIPS module rolled out soon that targets this issue.

 

just AntiRansomeware Rulles is setup in HIPS Rules as mentioned in ESET website.

No other HIPS rules .

you mean if we disable Endpoint Self Defense it will solve this problem ?

 

Link to comment
Share on other sites

  • Administrators

Please provide ELC logs from the machine so that we can check the HIPS rules. Temporarily disabling self-defense and rebooting the machine will work around the issue but it's important to pinpoint it and fix possibly troublesome rules, if there are any.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...