Jump to content

Problem after 9.0.12012 Server Security


Recommended Posts

Hello

Upgraded a File Server 8 to Server Security 9.0.12012 on a Windows Server 2019 with DC Roles.

After update I've restarted. The machine is always on "applying computer settings"

After 3 brutal shutdown, in safe mode uninstalled ESET server security and Agent. Restart ok.

Re installed package, when I'm restarting the machine I've "applying computer settings".

Safe mode, delete and server starts well.

Do you have suggestions ?

My best regards

Link to comment
Share on other sites

  • Administrators

Do you have ESET Inspect agent installed on the server? Does excluding the MUI extension in the real-time protection setup make a difference?

Link to comment
Share on other sites

Hi, I came here today and registered as a new forum user just to report this issue and find you've beaten me to it!

The solution for me was, when you are at that repair menu where you choose Safe mode (i.e. press F8 on start), choose the very last option to Disable Early Launch Anti-Malware protection. Only then was I able to get a normal boot and access the computer. 

Now, I have no idea if that is a permanent disable or a one-time thing, so I uninstalled all ESET products and installed them again (security product and agent).

I'd like to better understand what went wrong. This happened after latest Windows updates for Server 2019 and selecting in the ESET ERA Console to update the client modules to the latest version.

Afterwards I opened a ticket with ESET but the tech had no idea what  was talking about and never heard of  "ELAM" (Early Launch Anti-Malware) protection. He just said after the initial scan, run the scan again. Thanks, Pal!

Bob

Link to comment
Share on other sites

  • Administrators

The ELAM driver does nothing; but it's required for ekrn to start. Please make sure it's not renamed and ekrn starts with Windows. Configure the system to generate complete memory dumps as per https://support.eset.com/en/kb380, reproduce the issue, trigger a manual crash to generate a dump and then provide it to us in a zipped form for perusal.

Link to comment
Share on other sites

Thanks for all your suggestion.

I ask to Eset a working solution. Theese servers are Domain controller and I can't test or joke with it.

I'm on a production environment. Do you have an official solution?

I've 4 servers with same problem (the only 4 server supdated from 8 to 9 but I've other 30 servers).

My best regards

Link to comment
Share on other sites

  • Administrators

If you have the ESET Inspect agent installed, it's most likely a known issue and excluding the MUI extension in the real-time protection setup should work around the issue.

Otherwise we recommend generating a complete memory dump from a frozen state of the system as per https://support.eset.com/en/kb380 and supply the dump to ESET for perusal and to determine the cause of the issue.

Link to comment
Share on other sites

8 hours ago, Marcos said:

If you have the ESET Inspect agent installed, it's most likely a known issue and excluding the MUI extension in the real-time protection setup should work around the issue.

Otherwise we recommend generating a complete memory dump from a frozen state of the system as per https://support.eset.com/en/kb380 and supply the dump to ESET for perusal and to determine the cause of the issue.

So if we're not using Inspect agent (EDR) then excluding the mui extension doesn't work?

Link to comment
Share on other sites

  • Administrators
7 hours ago, FRiC said:

So if we're not using Inspect agent (EDR) then excluding the mui extension doesn't work?

In that case the cause of the issue in unknown and developers will need a complete memory dump from the freeze to determine the root cause.

Link to comment
Share on other sites

5 hours ago, Marcos said:

In that case the cause of the issue in unknown and developers will need a complete memory dump from the freeze to determine the root cause.

Thanks, can confirm exluding extension doesn't work since we don't have ESET Inspect agent.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...