Jump to content

was temporal fault on ESET servers causing incorrect "legacy upgrade"?


Recommended Posts

Hello

This happens on 2022/06/07 at around 07:40 GMT.

I have the license (ESET PROTECT Essential On-Prem: ESET Endpoint Antivirus) for some numbers of machines. Many machines are running Windows 10 Pro (19044.1706) and few others remaining with Windows 7 Pro, all of them with ESET Endpoint Antivirus on latest version 9.0.2046.0. They are running 24 hours per day. I do not administer products via any cloud service (like ESET PROTECT), except with EBA, to track license status.

Looks like on some machines 7 of 27, ESET decided that the product was obsolete, then execute a legacy upgrade automatically from 9.0.2046.0 (uninstalling it) to 9.0.2046.0 (installing it from C:\Windows\Temp\eset\bts.session\{UUID}\eea_nt64.msi) leaving the machine waiting for "accept" the license since "legacy product" was updated. This was bad, because non-admin users can not do this step since admin privileges are needed plus a reboot to work again. So machines was vulnerable until I can take the action. Indeed I tested with EICAR file and ESET did not anything to block it.

On machines that this was not happens, only the executable from "legacy upgrade" keep running without doing any action.

To avoid this fault in future (I guest), now all ESET are configured with "Disabled Product Upgrade".

If more information is needed please let me know.

Link to comment
Share on other sites

  • Administrators

Could you confirm or deny that the troublesome clients were managed (ie. had the ESET management agent installed)?

Link to comment
Share on other sites

No, all installations of "ESET Endpoint Antivirus" are standalone, no management, no proxy, no mirrors, just plain with default config (only disabled warnings from windows updates) from the .msi downloaded from eset [#1]. In fact, my license does not have an "elegible" so I can not manage endpoints from cloud.

Thanks.

[#1] https://download.eset.com/com/eset/apps/business/eea/windows/latest/eea_nt64.msi

 

Link to comment
Share on other sites

  • 2 weeks later...

For now I am tracking all machines if this directory [C:\Windows\Temp\eset\] exists and launch an alert to me. This has not happened again for the moment.

Correction: In initial commment I said this incident was on 07:40 ART (so in GMT is 10:40).

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...