Protections non functional after getting the nanos updates

[Peri 1]

Greetings to all,

If someone can assist with the strange issue as per below it would be great,

I'm using EEA 10.0.2 and as an updating method I'm using the Level and Nanos updates. On a fresh installation, I apply the general levels update and everything goes well until the point that I deploy the next in sequence nano update.

For instance, I'm deploying first the level update  20221202_112001_dll64_levels.rar (size 86.6MB) and then when I'm applying the nanos 20221209_112001_dll64_nanos.rar (size 812kb) after sometime I'm getting errors as per attached.

HIPS non functional

IDS non functional

Web and email protocol non functional.

 

I've tried to enable/disable those services protection without success.

The device has been restarted several times without success.

 

PS1: the update is applied as you can see on the update image but the errors cannot be resolved.

PS2:  if the module gets the updates via internet, then all issues resolved.

 

Thanks in advance,

Peri

 

[Marcos 5,074]

Did you use the full module package and then applied the differential update files? If so, please open a support ticket as this would have to be tested by ESET personnel.

[Peri 1]

Good day Marcos,

 

Thanks for the reply.

Yes, I have used the full package as you said and then I applied the nanos sequentially.. It seems that, there is an issue with the HIPS drivers as per attached.

I'm wondering how can I uninstall that particular driver. It might work. 

I/m already in contact with ESET support team but we're still working on that issue.

 

Thanks

Peri

[Marcos 5,074]

An important question, did you update Endpoint v10 from ESET's servers after installation and only then applied the micro update files?

[Peri 1]

Good day Marcos,

No, the Endpoint hasn't been updated from ESET servers. Even for the activation, I've used an offline licence file.

Thanks,

Peri

[Marcos 5,074]

You must either use a full (offline) installer of Endpoint 10 (downloadable from https://support.eset.com/en/kb8288) or activate and update Endpoint 10 from ESET's servers first before applying micro updates.

[Peri 1]

Hi Marcos,

The full installer worked fine!

I've been using the installers created directly from the eset protect console. Besides the obvious size difference, (the ones created from the protect installer are about 109MB), is there anything else that might affect?

I'm also looking for a full installer for the Windows server 2019. Is there any version or should I use?

 

Thanks for your support,

Peri

 

[Marcos 5,074]

By the way, what is the reason why you use micro updates? Keep in mind that they should be used only on machines where Internet connection is too expensive (e.g. satellite connection on a ships). Using micro updates will cause that important protection modules like HIPS, Deep Behavioral Inspection module, etc. will not be updated and the machines won't be protected proactively against newly emerging threats as good as they could be if they were updated from ESET's servers or a local mirror.

Quote

I'm also looking for a full installer for the Windows server 2019. Is there any version or should I use?

ESET server security products are still distributed as full installers with all modules included.

[Peri 1]

11 minutes ago, Marcos said:

By the way, what is the reason why you use micro updates? Keep in mind that they should be used only on machines where Internet connection is too expensive (e.g. satellite connection on a ships).

Bingo!! :-)

I have around 30 PCs across the fleet showing that behaviour and I've tried that on my personal laptop which showed the same behaviour before applying the solution to those affected PCs.

If I wont be able to resolve the issue, I will upload the full installer and rerun the installation.

[Marcos 5,074]

4 minutes ago, Peri said:

I have around 30 PCs across the fleet showing that behaviour and I've tried that on my personal laptop which showed the same behaviour before applying the solution to those affected PCs.

Are those machines connected to the Internet via a satellite connection?

[Peri 1]

Yes, but internet connectivity is very limited and allowed only to specific url's/ip's.

One of them is *.eset.* for licencing verification

[Marcos 5,074]

9 minutes ago, Peri said:

Yes, but internet connectivity is very limited and allowed only to specific url's/ip's.

ESET HTTP proxy already limits the connectivity to ESET servers. If computers are completely offline but there is at least one machine with connectivity to ESET servers, you should create a local mirror using the Mirror tool and transfer the mirror to other machines, e.g. via a flash disk.

Micro updates should only be used basically on ships where the connectivity is too expensive. Otherwise you will sacrifice protection for no reason.