PaoloneCM 1 Posted May 11, 2022 Share Posted May 11, 2022 Hello Upgraded a File Server 8 to Server Security 9.0.12012 on a Windows Server 2019 with DC Roles. After update I've restarted. The machine is always on "applying computer settings" After 3 brutal shutdown, in safe mode uninstalled ESET server security and Agent. Restart ok. Re installed package, when I'm restarting the machine I've "applying computer settings". Safe mode, delete and server starts well. Do you have suggestions ? My best regards Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted May 11, 2022 Administrators Share Posted May 11, 2022 Do you have ESET Inspect agent installed on the server? Does excluding the MUI extension in the real-time protection setup make a difference? Link to comment Share on other sites More sharing options...
LitBobOn 0 Posted May 11, 2022 Share Posted May 11, 2022 Hi, I came here today and registered as a new forum user just to report this issue and find you've beaten me to it! The solution for me was, when you are at that repair menu where you choose Safe mode (i.e. press F8 on start), choose the very last option to Disable Early Launch Anti-Malware protection. Only then was I able to get a normal boot and access the computer. Now, I have no idea if that is a permanent disable or a one-time thing, so I uninstalled all ESET products and installed them again (security product and agent). I'd like to better understand what went wrong. This happened after latest Windows updates for Server 2019 and selecting in the ESET ERA Console to update the client modules to the latest version. Afterwards I opened a ticket with ESET but the tech had no idea what was talking about and never heard of "ELAM" (Early Launch Anti-Malware) protection. He just said after the initial scan, run the scan again. Thanks, Pal! Bob Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted May 12, 2022 Administrators Share Posted May 12, 2022 The ELAM driver does nothing; but it's required for ekrn to start. Please make sure it's not renamed and ekrn starts with Windows. Configure the system to generate complete memory dumps as per https://support.eset.com/en/kb380, reproduce the issue, trigger a manual crash to generate a dump and then provide it to us in a zipped form for perusal. Link to comment Share on other sites More sharing options...
PaoloneCM 1 Posted May 13, 2022 Author Share Posted May 13, 2022 Thanks for all your suggestion. I ask to Eset a working solution. Theese servers are Domain controller and I can't test or joke with it. I'm on a production environment. Do you have an official solution? I've 4 servers with same problem (the only 4 server supdated from 8 to 9 but I've other 30 servers). My best regards LesRMed 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted May 13, 2022 Administrators Share Posted May 13, 2022 If you have the ESET Inspect agent installed, it's most likely a known issue and excluding the MUI extension in the real-time protection setup should work around the issue. Otherwise we recommend generating a complete memory dump from a frozen state of the system as per https://support.eset.com/en/kb380 and supply the dump to ESET for perusal and to determine the cause of the issue. Link to comment Share on other sites More sharing options...
FRiC 9 Posted May 14, 2022 Share Posted May 14, 2022 8 hours ago, Marcos said: If you have the ESET Inspect agent installed, it's most likely a known issue and excluding the MUI extension in the real-time protection setup should work around the issue. Otherwise we recommend generating a complete memory dump from a frozen state of the system as per https://support.eset.com/en/kb380 and supply the dump to ESET for perusal and to determine the cause of the issue. So if we're not using Inspect agent (EDR) then excluding the mui extension doesn't work? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted May 14, 2022 Administrators Share Posted May 14, 2022 7 hours ago, FRiC said: So if we're not using Inspect agent (EDR) then excluding the mui extension doesn't work? In that case the cause of the issue in unknown and developers will need a complete memory dump from the freeze to determine the root cause. Link to comment Share on other sites More sharing options...
FRiC 9 Posted May 14, 2022 Share Posted May 14, 2022 5 hours ago, Marcos said: In that case the cause of the issue in unknown and developers will need a complete memory dump from the freeze to determine the root cause. Thanks, can confirm exluding extension doesn't work since we don't have ESET Inspect agent. Link to comment Share on other sites More sharing options...
PaoloneCM 1 Posted May 23, 2022 Author Share Posted May 23, 2022 Hello @Marcos If I want to retry to install, after install I enter in Detection Engine - Realtime - Esclusions and I'll add *.mui ? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted May 23, 2022 Administrators Share Posted May 23, 2022 11 minutes ago, PaoloneCM said: If I want to retry to install, after install I enter in Detection Engine - Realtime - Esclusions and I'll add *.mui ? Correct. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted May 24, 2022 Administrators Share Posted May 24, 2022 We've already released an engine which addresses the issues related to processing mui files. Please check if the issue had been resolved and remove the mui extension from the list of extensions excluded from scanning, if applicable. Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts