Jump to content

was temporal fault on ESET servers causing incorrect "legacy upgrade"?


Recommended Posts


This happens on 2022/06/07 at around 07:40 GMT.

I have the license (ESET PROTECT Essential On-Prem: ESET Endpoint Antivirus) for some numbers of machines. Many machines are running Windows 10 Pro (19044.1706) and few others remaining with Windows 7 Pro, all of them with ESET Endpoint Antivirus on latest version 9.0.2046.0. They are running 24 hours per day. I do not administer products via any cloud service (like ESET PROTECT), except with EBA, to track license status.

Looks like on some machines 7 of 27, ESET decided that the product was obsolete, then execute a legacy upgrade automatically from 9.0.2046.0 (uninstalling it) to 9.0.2046.0 (installing it from C:\Windows\Temp\eset\bts.session\{UUID}\eea_nt64.msi) leaving the machine waiting for "accept" the license since "legacy product" was updated. This was bad, because non-admin users can not do this step since admin privileges are needed plus a reboot to work again. So machines was vulnerable until I can take the action. Indeed I tested with EICAR file and ESET did not anything to block it.

On machines that this was not happens, only the executable from "legacy upgrade" keep running without doing any action.

To avoid this fault in future (I guest), now all ESET are configured with "Disabled Product Upgrade".

If more information is needed please let me know.

Link to comment
Share on other sites

  • Administrators

Could you confirm or deny that the troublesome clients were managed (ie. had the ESET management agent installed)?

Link to comment
Share on other sites

No, all installations of "ESET Endpoint Antivirus" are standalone, no management, no proxy, no mirrors, just plain with default config (only disabled warnings from windows updates) from the .msi downloaded from eset [#1]. In fact, my license does not have an "elegible" so I can not manage endpoints from cloud.


[#1] https://download.eset.com/com/eset/apps/business/eea/windows/latest/eea_nt64.msi


Link to comment
Share on other sites

  • 2 weeks later...

For now I am tracking all machines if this directory [C:\Windows\Temp\eset\] exists and launch an alert to me. This has not happened again for the moment.

Correction: In initial commment I said this incident was on 07:40 ART (so in GMT is 10:40).


Link to comment
Share on other sites

  • 3 weeks later...

Also I set "SkipLegacyUpgrade" in all machines in order to avoid future wrong upgrades from ESET.

reg.exe add "HKLM\SOFTWARE\ESET\Legacy Upgrade" /v "SkipLegacyUpgrade" /t REG_DWORD /d "1" /f

Maybe setting a configuration password looks like a good idea, since "upgrade" to the same version is locked without entering the right password.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...