st3fan 6 Posted July 20, 2022 Share Posted July 20, 2022 We use ESET Protect 9.0.1144.0 and have ESET Server Security 8.0.12011.0 installed on our Windows Servers. Yesterday we started noticing that some of our servers are automatically updated to ESET Server Security 9.0.12013.0. This seems to happen even though we have disabled this new auto-update feature, following these intructions. I would like to understand why the 9.0.12013.0 update is being rolled out and I hope someone can clarify this for me. 1. According to this article, only ESET Endpoint Antivirus/Security 9.0 and later and ESET security products for Windows Server version 9.0 and later support automatic updates. We currently use ESET Server Security 8.0.12011.0, so why did we receive the automatic update? Sounds to me this is not even supported. 2. According to this article, it is not possible to disable the auto-update for "security and stability" updates. Is ESET Server Security 9.0.12013.0 a "security and stability" update? In the release notes I found this: - Fixed: Issues with upgrading to the latest product version - Fixed: Issues to uninstall a product version - Fixed: Machine deadlock after a reboot Sounds like it might qualify as a stability update, however, do these bugs and fixes even affect our version 8.0.12011.0? I am honestly confused about ESET's approach. Half of our servers are now red in the PROTECT console, we have no clue what is happening and no control over this entire process. I would appreciate if someone could explain to me why we are receiving this update in this case, referring to points 1 and 2. Thanks a lot! Link to comment Share on other sites More sharing options...
st3fan 6 Posted July 20, 2022 Author Share Posted July 20, 2022 Follow-up question: since we generally only reboot servers for Windows updates, is this going to cause problems if both Windows updates and the ESET update is done at the same time? Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,160 Posted July 21, 2022 ESET Moderators Share Posted July 21, 2022 Hello @st3fan, my colleague tried to reproduce the issue in a testing environment and the automatic upgrade did not happen, Can you please provide us (via a private message) output from the ESET Log Collector to check for the start? Peter Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,160 Posted July 21, 2022 ESET Moderators Share Posted July 21, 2022 20 hours ago, st3fan said: Follow-up question: since we generally only reboot servers for Windows updates, is this going to cause problems if both Windows updates and the ESET update is done at the same time? It should not, the ESET auto-update is being applied on system reboot. Link to comment Share on other sites More sharing options...
st3fan 6 Posted July 29, 2022 Author Share Posted July 29, 2022 Hi @Peter Randziak I messaged you privately. Please advise which logs you need. Thank you. Link to comment Share on other sites More sharing options...
st3fan 6 Posted August 1, 2022 Author Share Posted August 1, 2022 I will open a support ticket. Link to comment Share on other sites More sharing options...
st3fan 6 Posted August 2, 2022 Author Share Posted August 2, 2022 Support figured it out. This setting had to be changed to "never update". Additionally, we've already had the following settings. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,238 Posted August 2, 2022 Administrators Share Posted August 2, 2022 For v8 it was necessary to change the above setting to "Auto-update" in order to enable program auto updates (by default it's set to Never update). As of v9, program auto updates are controlled via the Auto-update policy. This policy has no effect on v8 which uses the above mentioned setting. Link to comment Share on other sites More sharing options...
st3fan 6 Posted August 2, 2022 Author Share Posted August 2, 2022 Assuming v9 is in use on all endpoints. Why is there a need for this policy if auto-updates can be disabled here and be paused here? I think I don't quite understand the difference between these settings/options. I would appreciate if you could clarify @Marcos - thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,238 Posted August 2, 2022 Administrators Share Posted August 2, 2022 As the labels suggest, the first setting is for v8 which had auto-updates disabled by default ("Never update"). It was not possible to stop program updates at a specific version. Full updates have been fully supported as of v9 (again, indicated by a label in the policy) and were enabled by default. As of v9 program updates can be only temporarily paused but not disabled. Also a new "Auto-update" policy was assigned to clients. Link to comment Share on other sites More sharing options...
st3fan 6 Posted August 3, 2022 Author Share Posted August 3, 2022 For anyone else confused by all these options, this might help a bit. Link to comment Share on other sites More sharing options...
Recommended Posts