djgera 0 Posted June 11 Share Posted June 11 Hello This happens on 2022/06/07 at around 07:40 GMT. I have the license (ESET PROTECT Essential On-Prem: ESET Endpoint Antivirus) for some numbers of machines. Many machines are running Windows 10 Pro (19044.1706) and few others remaining with Windows 7 Pro, all of them with ESET Endpoint Antivirus on latest version 9.0.2046.0. They are running 24 hours per day. I do not administer products via any cloud service (like ESET PROTECT), except with EBA, to track license status. Looks like on some machines 7 of 27, ESET decided that the product was obsolete, then execute a legacy upgrade automatically from 9.0.2046.0 (uninstalling it) to 9.0.2046.0 (installing it from C:\Windows\Temp\eset\bts.session\{UUID}\eea_nt64.msi) leaving the machine waiting for "accept" the license since "legacy product" was updated. This was bad, because non-admin users can not do this step since admin privileges are needed plus a reboot to work again. So machines was vulnerable until I can take the action. Indeed I tested with EICAR file and ESET did not anything to block it. On machines that this was not happens, only the executable from "legacy upgrade" keep running without doing any action. To avoid this fault in future (I guest), now all ESET are configured with "Disabled Product Upgrade". If more information is needed please let me know. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,244 Posted June 12 Administrators Share Posted June 12 Could you confirm or deny that the troublesome clients were managed (ie. had the ESET management agent installed)? Quote Link to comment Share on other sites More sharing options...
djgera 0 Posted June 12 Author Share Posted June 12 No, all installations of "ESET Endpoint Antivirus" are standalone, no management, no proxy, no mirrors, just plain with default config (only disabled warnings from windows updates) from the .msi downloaded from eset [#1]. In fact, my license does not have an "elegible" so I can not manage endpoints from cloud. Thanks. [#1] https://download.eset.com/com/eset/apps/business/eea/windows/latest/eea_nt64.msi Quote Link to comment Share on other sites More sharing options...
djgera 0 Posted June 21 Author Share Posted June 21 For now I am tracking all machines if this directory [C:\Windows\Temp\eset\] exists and launch an alert to me. This has not happened again for the moment. Correction: In initial commment I said this incident was on 07:40 ART (so in GMT is 10:40). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.