Vitaly2021 1 Posted December 9, 2021 Share Posted December 9, 2021 12 minutes ago, Marcos said: We have found an issue in the configuration of Apache http proxy for Linux. Windows version is not affected. We'll provide more information and fix instructions soon. We have the same issue at Windows 10 x64 just after updating from 8.1 to this 9.0.2032.2 All our workstations are showing error message. So Windows version is affected too. I'm wondering why the new version was released without testing? alur 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted December 9, 2021 Administrators Share Posted December 9, 2021 1 hour ago, Vitaly2021 said: So Windows version is affected too. I'm wondering why the new version was released without testing? Are you saying that your Endpoint v9 connects to the Internet through Apache http proxy running on a Windows server? Did you get Apache http proxy from ESET or you installed and configured it on your own? Endpoint v9 like any other products was extensively tested before the release. As I wrote, the problem seems to be in http proxy misconfiguration and not in Endpoint itself. Link to comment Share on other sites More sharing options...
BradAtkins 4 Posted December 9, 2021 Share Posted December 9, 2021 I think there are 2 different categories of customer here. 1st category uses a proxy. (Some have proxy installed on Linux, and some have proxy installed on Windows Server.) 2nd category doesn't use a proxy. We have ESET Endpoint Security installed on Windows 10 endpoints. You have to read between the lines in the posts above to tell which customer is in which category. I'm in the 2nd category, we don't use a proxy, and yet we get the same error message. (Please go back to my original post to see my screenshots.) So, our problem is not caused by a proxy. It seems to me, just based on experience, this seems like a problem with startup order. When the Windows 10 endpoint boots up, maybe ESET client attempts to contact the management system before the OS has all the networking services up and running. If this wild guess is correct, it could be solved by changing the startup order, or trying again later long after bootup is complete. I solved the problem for myself by switching the License Interval Check from Limited to Automatic. So, if my wild guess is correct, the Limited setting only checks once early in Windows bootup. So, I switched the setting to Automatic, and the error went away with repeated connection attempts. I'm well aware this is a wild- guess, I could be completely wrong about the reasons. But the end result - problem solved by switching to Automatic. Kamilos and LesRMed 2 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted December 9, 2021 Administrators Share Posted December 9, 2021 2 minutes ago, BradAtkins said: I'm in the 2nd category, we don't use a proxy, and yet we get the same error message. (Please go back to my original post to see my screenshots.) So, our problem is not caused by a proxy. Please carry on as follows: - enable advanced Direct cloud logging under Tools -> Diagnostics in the advanced setup - reboot the machine - reproduce the issue - disable logging - collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
alur 1 Posted December 9, 2021 Share Posted December 9, 2021 26 minutes ago, BradAtkins said: I solved the problem for myself by switching the License Interval Check from Limited to Automatic. So, if my wild guess is correct, the Limited setting only checks once early in Windows bootup. So, I switched the setting to Automatic, and the error went away with repeated connection attempts. checked, does not work Link to comment Share on other sites More sharing options...
BradAtkins 4 Posted December 9, 2021 Share Posted December 9, 2021 1 hour ago, Marcos said: Please carry on as follows: - enable advanced Direct cloud logging under Tools -> Diagnostics in the advanced setup - reboot the machine - reproduce the issue - disable logging - collect logs with ESET Log Collector and upload the generated archive here. I ran the log collector, but the file size is 103MB. Just barely too big. Is there anything I can remove from the .zip and reduce the size? Link to comment Share on other sites More sharing options...
Vitaly2021 1 Posted December 9, 2021 Share Posted December 9, 2021 2 hours ago, Marcos said: Are you saying that your Endpoint v9 connects to the Internet through Apache http proxy running on a Windows server? Did you get Apache http proxy from ESET or you installed and configured it on your own? Endpoint v9 like any other products was extensively tested before the release. As I wrote, the problem seems to be in http proxy misconfiguration and not in Endpoint itself. We don't use Apache proxy. Our Windows 10 workstations with Endpoint Antivirus 8.1 were working fine. All workstations get Internet from main router (Mikrotik) and were controlled by ESET PROTECT installed on Windows Server in our network. The issue has been started just after upgrading Windows workstations to version 9 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted December 9, 2021 Administrators Share Posted December 9, 2021 1 hour ago, BradAtkins said: I ran the log collector, but the file size is 103MB. Just barely too big. Is there anything I can remove from the .zip and reduce the size? You can upload it to OneDrive, Dropbox, etc. and drop me a private message with a download link. However, I'd like to ask you you generate the logs again and enable also advanced push messaging advanced logging besides advanced Direct cloud logging. Link to comment Share on other sites More sharing options...
Vitaly2021 1 Posted December 9, 2021 Share Posted December 9, 2021 2 hours ago, BradAtkins said: I solved the problem for myself by switching the License Interval Check from Limited to Automatic. So, if my wild guess is correct, the Limited setting only checks once early in Windows bootup. So, I switched the setting to Automatic, and the error went away with repeated connection attempts. I'm well aware this is a wild- guess, I could be completely wrong about the reasons. But the end result - problem solved by switching to Automatic. It's a miracle... As I mentioned above, the main settings of our workstations are controlled by policies at ESET PROTECT Server. The setting of "License Interval Check" in the policy was Limited. Right now I set it to Automatic. While doing that I had the only one workstation running at my company now and it had topic's warning message. The working day is over so all other workstations were switched off. After changing the policy, the warning on the workstation disappeared by itself. There was no need to reboot workstation. Then I woke up (via ESET PROTECT) another workstation. After it booted up there is no warning too. So BradAtkins suggestion is true. And it proves that there is a bug in 9.0.2032.2. Link to comment Share on other sites More sharing options...
kapela86 10 Posted December 9, 2021 Author Share Posted December 9, 2021 I have it on Automatic, and with proxy I get that message about Push Notification Service, and when I disable proxy in policies then that message is gone. So maybe there are two different bugs here, one with proxy and one with License Interval Check alur 1 Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,142 Posted December 10, 2021 ESET Moderators Share Posted December 10, 2021 Hello guys, Let me share few findings of our support and dev teams on this with you. Endpoint 9 started to use EPNS instead of DNS requests to check for license changes. Endpoints 8 and below didn’t report an issue if this check failed. When it comes to issues reported on ESET PROTECT Virtual appliance The issue seems to be the default setting of the following module "reqtimeout_module" which is used/loaded only on VA (this module provides a way to set timeouts and minimum data rates for receiving requests). The issue should not be present on the Windows version of the Apache HTTP PROXY because this module is not loaded there.The workaround could be (1) disabling this module on the VA or (2) setting the appropriate values. We are not sure what is the preferred way and how it might affect other services, as it was not fully tested yet. To disable limits (i.e. "(2) setting the appropriate values"): set "RequestReadTimeout header=0 body=0" in the newly created(in /etc/httpd/conf.d/) configuration file "reqtimeout.conf" with settings mentioned above and of course the file has to be included in used configuration "IncludeOptional conf.d/reqtimeout.conf" in the "/etc/httpd/conf/httpd.conf" We are expecting some official solution in the following days. If the customers do not use the Apache HTTP Proxy on VA, enable the Direct Cloud advanced logging, reproduce the issue, collect the logs by ELC and open a ticket for our support teams to check. The configuration option for App status and Notification of "Eset Push Notification Service server cannot be reached" state will be added (P_EESW-8067) The "Do not remind me again" from EPNS app status doesn't work issue is tracked to be fixed (P_EESW-8048) Regards, Peter kapela86, PCS70, Denis Z and 2 others 5 Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,143 Posted December 10, 2021 Administrators Solution Share Posted December 10, 2021 To sum it up, the issue may be caused by 2 things: 1, If you use Apache http proxy on Linux - the configuration of the http proxy is incorrect. Please refer to the post above how to fix it. Apache HTTP proxy for Windows is not affected. 2, If you don't use Apache http proxy - the issue is caused by a bug in Endpoint v9 which checks for EPNS connectivity even if checking for license changes via EPNS is disabled, ie. when the interval check is set to "Limited". Solution: change it to Automatic. If you need to have it set to Limited for whatever reason, there will be a fix via an automatic module update within a couple of days. Please use "Automatic" at least temporarily until the new Direct cloud communication module is available. PCS70, kapela86 and alur 3 Link to comment Share on other sites More sharing options...
Gregecslo 8 Posted December 10, 2021 Share Posted December 10, 2021 This 100% works, thanks guys! Quote To disable limits (i.e. "(2) setting the appropriate values"): set "RequestReadTimeout header=0 body=0" in the newly created(in /etc/httpd/conf.d/) configuration file "reqtimeout.conf" with settings mentioned above and of course the file has to be included in used configuration "IncludeOptional conf.d/reqtimeout.conf" in the "/etc/httpd/conf/httpd.conf" EmilioVS, Gonzalo Alvarez and Peter Randziak 3 Link to comment Share on other sites More sharing options...
EmilioVS 2 Posted December 10, 2021 Share Posted December 10, 2021 Valid for me too, thanks Peter Randziak and Gonzalo Alvarez 2 Link to comment Share on other sites More sharing options...
AMOL 0 Posted December 10, 2021 Share Posted December 10, 2021 Hello, I tried all of your hints, nothing worked... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted December 10, 2021 Administrators Share Posted December 10, 2021 Just now, AMOL said: I tried all of your hints, nothing worked... Then there is probably really a problem connecting to epns.eset.com. Do you connect via an Apache http proxy? If you are able to reproduce the issue shortly after a reboot, please carry on as follows: - enable advanced logging under Help and support -> Technical support - reboot the system - reproduce the issue - stop logging - provide logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
AMOL 0 Posted December 10, 2021 Share Posted December 10, 2021 Hello, I tried all of your hints, nothing worked... eea_logs.zip Link to comment Share on other sites More sharing options...
BradAtkins 4 Posted December 10, 2021 Share Posted December 10, 2021 Thanks! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted December 10, 2021 Administrators Share Posted December 10, 2021 20 minutes ago, AMOL said: I tried all of your hints, nothing worked.. Incorrect advanced logging was enabled. Please enable advanced Direct cloud logging as well as push messaging logging. It appears that you enabled advanced Document protection logging in error. Also I'd strongly recommend: - enabling HIPS - Advanced Memory Scanner (important and effective post-execution protection) - enabling Self-defense (to prevent attackers and malware from deactivating ESET) - enabling the default Automatic startup file check (after logon) task in Scheduler so that possible malware active on the system is detected upon logon without a delay. Link to comment Share on other sites More sharing options...
sim0r 2 Posted December 13, 2021 Share Posted December 13, 2021 Works for me. THX Gonzalo Alvarez 1 Link to comment Share on other sites More sharing options...
badmotorfinger 0 Posted December 13, 2021 Share Posted December 13, 2021 Is there going to be an official fix for this without having to modify the system config files?? idk, like releasing a sysupdate.. or something.. I dont want to create other problems... as it's said here: """We are not sure what is the preferred way and how it might affect other services, as it was not fully tested yet."" Txz Link to comment Share on other sites More sharing options...
alur 1 Posted December 14, 2021 Share Posted December 14, 2021 Is the problem solved? or will there be an update? I tried all of your hints, nothing worked... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted December 14, 2021 Administrators Share Posted December 14, 2021 2 hours ago, alur said: Is the problem solved? or will there be an update? I tried all of your hints, nothing worked... Does your Endpoint connect to the Internet via the Apache http proxy on Linux? If so, you would have to edit the http proxy configuration manually as suggested in one of the previous posts. Link to comment Share on other sites More sharing options...
alur 1 Posted December 14, 2021 Share Posted December 14, 2021 (edited) 13 minutes ago, Marcos said: Does your Endpoint connect to the Internet via the Apache http proxy on Linux? If so, you would have to edit the http proxy configuration manually as suggested in one of the previous posts. Yes it is connected, will edit it well http proxy configuration Edited December 14, 2021 by alur Link to comment Share on other sites More sharing options...
alur 1 Posted December 14, 2021 Share Posted December 14, 2021 Fixed reqtimeout.conf, it works! Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts