ESET Server Security for Windows v9.0.12012.0 install hanging

[JimChev3 8]

I started pushing the install of this version to my servers yesterday. Ran into a problem yesterday with 3 of the first 14 servers that I installed it on. I believe it happens on attempting to reboot as one of the servers affected has Faxback on it and that informed me that the service had been shut down right before it stopped responding to everything else. All were updated by using an install task as I usually do.

All three failures had these same symptoms.

1. The servers stopped communicating in any way except for ping. No RDP access, no SMB access, they wouldn't respond to anything else. Just ping.
2. All are VMware virtual machines, running Windows 2019 (although I had other VMs with Win2019 that updated just fine)
3. The VMWare Remote Console couldn't even initiate a CTRL-ALT-DEL to attempt to log in.
4. On doing the virtual equivalent of pulling the plug and restarting, Windows would boot up to the point where it said "Applying group policy registry policy" and sit there forever with the same symptoms as described in #1 above.

To recover, I had to do the following.

1. Boot into safe mode with networking
2. Run the ESETUninstaller.exe downloaded from ESET's site to remove ESET Server Security while in safe mode
3. Reboot normally, at which time everything was back to normal with the VMs
4. I then reinstalled the 8.0.12013.0 version that had been on it before.

I have not yet tried the update on any of these servers again to see if I can reproduce the problem or not. Thought I should check to see if anyone else is reporting the same and, should I encounter this again on trying to update, is there anything I can do from safe mode to try to get you more information about what is going on?

[Marcos 5,070]

We assume that excluding the MUI extension in the real-time protection setup could resolve the issue:

[JimChev3 8]

Seems way out of left field for the problem, but I'll assume this is familiar to you in some way so I'll go with it. Since this is causing an issue during the installation process, should I then be looking at excluding the MUI file extension in the Protect configuration covering the servers now, make sure they get the updated configuration and then resume installing and see if it happens again?

And once the install is done, should I be leaving that exclusion in place to prevent future similar issues on updates or remove it once the updates are done?

 

[Marcos 5,070]

Could you please confirm or deny that ESET Inspect agent is installed on the server?

[JimChev3 8]

2 hours ago, Marcos said:

Could you please confirm or deny that ESET Inspect agent is installed on the server?

No, it is not.

I made the change you suggested and tried installing the 9.0 update again on the three computers that had the problem. They all worked fine this time. Whether it had to do with that or not, I can't say of course since I hadn't re-tried before making the change.

[LitBobOn 0]

Sounds very much like the problem I had. I just replied to the thread "Problem after 9.0.12012 Server Security" but it's awaiting moderator approval.

Mine seem to install just fine but afterwards I had the same thing - you could ping the 2019 server but that's about all.

I found that from the windows boot options menu (press F8), if I chose the very last option to disable Early Launch Anti-Malware the system would boot and run normally. Afterwards I ran the ESET uninstaller tool (in safe mode) and then reinstalled version 8 Security and Agent.

I think I'll let them work the bugs out of version 9 before I try again....

[FRiC 9]

Glad I'm not the only one. 2 out of 10 servers got stuck after updating. One with applying computer settings, and one just completely blank. The applying computer settings one managed to right itself after I rolled back the checkpoint, but the blank one (which happens to be a DC) had to be booted into safe mode and cleaned with ESET uninstaller.

[Marcos 5,070]

Is the ESET Inspect agent installed on the server? Does excluding the MUI extension in the real-time protection setup make a difference?

[FRiC 9]

On 5/10/2022 at 7:07 PM, Marcos said:

We assume that excluding the MUI extension in the real-time protection setup could resolve the issue:

 

Is this a Server Security thing or should MUI extension also be excluded for Endpoint Security?

Also, we don't have ESET Inspect agent. Is that the EDR agent?

[Marcos 5,070]

If a machine freezes, the best would be to provide a complete memory dump from the frozen state by manually triggering a crash as per https://support.eset.com/en/kb380. The cause of the freeze may vary, processing MUI files is just one of them when the ESET Inspect agent (EDR) is installed.

[JimChev3 8]

5 hours ago, Marcos said:

Is the ESET Inspect agent installed on the server? Does excluding the MUI extension in the real-time protection setup make a difference?

Sorry about the delay, but I had limited windows in which to test this on two of the three affected servers and just finished last night. To reiterate for clarity, no, I do not have ESET Inspect/EDR running in this environment. Only the Mgmt Agent and Server Security are on each system.

I did exclude the MUI extension in the real-time protection setup and attempted the upgrade from v8.0.12013.0 to v9.0.12012.0 again on all of them. This time they all succeeded. What I don't know, however, is if that was just a fluke or not. I had not attempted any of those updates again before excluding that extension to see if they failed again. So in short, I would say it's a qualified yes that it made a difference.

I still have a six servers to go. I've modified the bootmgr setup on the remote ones to enable F8 on boot in case there are any more problems so I don't have to have someone physically there to aid in recovery. If I do encounter any more problems (which at this point, would be with the MUI exclusion in place), I'll let you know in this thread. The rest of them will be done by this weekend.

 

[LitBobOn 0]

9 hours ago, Marcos said:

Is the ESET Inspect agent installed on the server? Does excluding the MUI extension in the real-time protection setup make a difference?

Hi, Opening appwiz.cpl, the only items installed are Management Agent and Server Security.