Jump to content

Agent Srv couldn't be stop while upgrading to V8


Recommended Posts

Hi dear ESET Admins.

In some endpoint we are facing this problem : ( Upgrading 7.0.579.0 to 8.0.1238.0 )

MSI (s) (40:9C) [11:01:33:439]: Product: ESET Management Agent -- Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Full Log is Attached.

What can we do remotely for this problem ( except safemode and uninstaller tool ) ?

 

For more info : Upgrade task did not work in this network because of this problem in below link so we are using a deployment software to install new MSI, this solution success at 98% of endpoint but about 5 system has proble.

https://forum.eset.com/topic/26914-agent-v7-show-as-updated-in-eset-protect-v8/

 

Log.txt

Link to post
Share on other sites
  • ESET Staff

Could you please check whether there are any custom blocking rules for HIPS used on problematic machines where upgrade fails with mentioned error? We have recently discovered issue where invalid HIPS rules might result in a state when self-defense is preventing upgrade of AGENT. If I recall correctly, issue is triggered by providing path to executable in quoted format. If this is the issue, correcting HIPS rules should resolve the issue remotely - also there should be an update of HIPS module rolled out soon that targets this issue.

 

Link to post
Share on other sites
12 hours ago, MartinK said:

Could you please check whether there are any custom blocking rules for HIPS used on problematic machines where upgrade fails with mentioned error? We have recently discovered issue where invalid HIPS rules might result in a state when self-defense is preventing upgrade of AGENT. If I recall correctly, issue is triggered by providing path to executable in quoted format. If this is the issue, correcting HIPS rules should resolve the issue remotely - also there should be an update of HIPS module rolled out soon that targets this issue.

 

just AntiRansomeware Rulles is setup in HIPS Rules as mentioned in ESET website.

No other HIPS rules .

you mean if we disable Endpoint Self Defense it will solve this problem ?

 

Link to post
Share on other sites
  • Administrators

Please provide ELC logs from the machine so that we can check the HIPS rules. Temporarily disabling self-defense and rebooting the machine will work around the issue but it's important to pinpoint it and fix possibly troublesome rules, if there are any.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...