MarcFL 33 Posted November 13, 2023 Posted November 13, 2023 (edited) RE: ESET Server Security for Microsoft Windows Server Immediately after the last automatic module / definition update that occurred a few minutes ago, this error occurred: 11/13/2023 15:49:28 PM - During execution of Kernel on the computer SERVER, the following event occurred: An error occurred during loading scanner modules. Malware protection will not work correctly. Edited November 13, 2023 by MarcFL
SSIRichard 0 Posted November 13, 2023 Posted November 13, 2023 (edited) Same issue here. I have to assume it was a bad module update pushed out? We have 1 last 2012R2 server standing and it's the one with the issue. Edited November 13, 2023 by SSIRichard Clarified it's on the 2012 server.
russell_t 2 Posted November 13, 2023 Posted November 13, 2023 Am also seeing this across every Server 2012 R2 ESET Server security install, been on hold for USA Business support for 10 minutes trying to check with them about this. I don't think I've seen it on newer server versions but as far as I'm aware 2012R2 should still be supported by ESET for another year? MarcFL 1
slarkins 5 Posted November 13, 2023 Posted November 13, 2023 (edited) Add me to this list....only 2012 servers so far. if i dismiss error on the server...protection status shows green across the board...both 7.x and 8.x versions of file security... Edited November 13, 2023 by slarkins MarcFL 1
Administrators Marcos 5,460 Posted November 13, 2023 Administrators Posted November 13, 2023 Updates have been stopped, we're investigating the issue. Does anybody have also other than Windows Server 2012 systems affected?
slarkins 5 Posted November 13, 2023 Posted November 13, 2023 I only see this issue so far on my 7 windows 2012 servers...ver 7.x and 8.x...first notice was 3.29pm eastern(about 50 minutes ago)
MarcFL 33 Posted November 13, 2023 Author Posted November 13, 2023 (edited) This is on Server 2012 R2 with ESU. I clicked "Dismiss" on the error and the dashboard shows green. I then tested Eset by using this page and it blocked the Eicar test files : https://www.eicar.org/download-anti-malware-testfile/ Edited November 13, 2023 by MarcFL
DannyC 0 Posted November 13, 2023 Posted November 13, 2023 I fixed several servers by rolling back update for 12 hours and then enable updates and the warning went away.
russell_t 2 Posted November 13, 2023 Posted November 13, 2023 (edited) 34 minutes ago, Marcos said: Updates have been stopped, we're investigating the issue. Does anybody have also other than Windows Server 2012 systems affected? About 50 Windows Server 2012 R2 affected, also have two Windows 8.1 Desktops with Eset Endpoint Antivirus (one on an older 7.x build) that also have the same error. I have tested a module rollback on one server, and it seems to initialize just fine on the older modules. I'm not entirely sure it's 100% non-functional as it still blocks an eicar on both the rollback and non-rollback server but I'd like to know when a new module is available to force an update and know if we need to reboot all the servers tonight to clear the errors or if it'll clear all the red in the console without that Edit: Also support hasn't picked up the call for almost an hour now, would be nice if they had a way to update the voice IVRs to let people know it's a known issue rather than park what's likely hundreds of calls on hold. Edited November 13, 2023 by russell_t
Administrators Solution Marcos 5,460 Posted November 13, 2023 Administrators Solution Posted November 13, 2023 13 minutes ago, DannyC said: I fixed several servers by rolling back update for 12 hours and then enable updates and the warning went away. This should not be necessary, as MarcFL wrote, clicking Dismiss in the warning should suffice and the protection status will be green. The eicar test file is detected then so protection seems to work fine. We'll make some further tests to make sure. So far it appears to be a glitch with the notification during modules reload after update. Aryeh Goretsky and MarcFL 2
slarkins 5 Posted November 13, 2023 Posted November 13, 2023 (edited) while the status appears green on the server...my eset protect console shows all 7 of my 2012 servers as critical status...how do we clear eset protect critical error showing on eset protect console... with message...Antivirus and antispyware protection disabled.. Edited November 13, 2023 by slarkins
DannyC 0 Posted November 13, 2023 Posted November 13, 2023 50 minutes ago, Marcos said: Updates have been stopped, we're investigating the issue. Does anybody have also other than Windows Server 2012 systems affected? Just got a call that issue is also on several windows 8 systems
russell_t 2 Posted November 13, 2023 Posted November 13, 2023 just going to update my post that we found a reboot on a system affected with this error/bad module would then be unprotected, so I would recommend deploying a module rollback task for 12 or 24 hours, depending on your availability to check on things after the rollback expires to give ESET time to fix the modules on their end. Thanks to ESET support for going through all this over the phone with me and gathering some additional data!
MarcFL 33 Posted November 13, 2023 Author Posted November 13, 2023 (edited) 30 minutes ago, russell_t said: just going to update my post that we found a reboot on a system affected with this error/bad module would then be unprotected, so I would recommend deploying a module rollback task for 12 or 24 hours, depending on your availability to check on things after the rollback expires to give ESET time to fix the modules on their end. Thanks to ESET support for going through all this over the phone with me and gathering some additional data! Thanks Russell_t. How did you know that after a reboot the system wasn't protected? Edited November 13, 2023 by MarcFL
russell_t 2 Posted November 14, 2023 Posted November 14, 2023 (edited) 41 minutes ago, MarcFL said: Thanks Russell_t. How did you know that after a reboot the system wasn't protected? Picked one of the systems with the error, the system seemed protected while showing the warning. Performed only a reboot of a system showing that error without doing a rollback or any other changes, and when it came up it was green and said protected but on the update tab show all modules detail window it was blank. Could tell it wasn't scanning files, was able to download Eicar and a common blocked PUP utility without issue and scan them manually without them being flagged as well. This was fixed with a 24h rollback. I can't say that would be the case on your systems but would recommend either further testing (like a reboot) or the rollback, though if they are not rebooted and a new module is released and it updates, this should also be OK. Edited November 14, 2023 by russell_t
MarcFL 33 Posted November 14, 2023 Author Posted November 14, 2023 (edited) 34 minutes ago, russell_t said: Picked one of the systems with the error, the system seemed protected while showing the warning. Performed only a reboot of a system showing that error without doing a rollback or any other changes, and when it came up it was green and said protected but on the update tab show all modules detail window it was blank. Could tell it wasn't scanning files, was able to download Eicar and a common blocked PUP utility without issue and scan them manually without them being flagged as well. This was fixed with a 24h rollback. I can't say that would be the case on your systems but would recommend either further testing (like a reboot) or the rollback, though if they are not rebooted and a new module is released and it updates, this should also be OK. Thanks for the report. We're not in a position to restart our server yet. But I think we'll wait for Eset guidance as right now it's protected. I just noticed this red box update above: "To fix the issue, please reboot the server. Do not click Dismiss as it will merely hide the warning. If you want to make sure that everything works, you should be able to open the advanced setup with advanced settings. If the window is blank, reboot the machine. You can also make an additional detection test by downloading the Eicar test file from https://secure.eicar.org/eicar.com We continue to analyze the issue in the mean time. While updates are suspended, ESET will continue to download the so-called pico updates that are issued every few minutes. Also ESET LiveGrid and ESET LiveGuard will continue to protect your machine." We have not rebooted and advanced settings is not blank and Eset blocks Eicar... Edited November 14, 2023 by MarcFL
Administrators Marcos 5,460 Posted November 14, 2023 Administrators Posted November 14, 2023 If eicar is not detected, the advanced setup window will be likely blank as well. In such case a reboot should resolve the issue and modules should load alright then according to our tests. We continue working on finding out the root cause. MarcFL 1
ESET Moderators Peter Randziak 1,182 Posted November 14, 2023 ESET Moderators Posted November 14, 2023 Hello guys, we are checking the issue with the highest priority. Please provide us with the ESET Log Collector output taken during such problematic state so we can check it. Peter
Marco L 1 Posted November 14, 2023 Posted November 14, 2023 (edited) Error persists after restarting the server. (tested for ESET Mail Security 10.1.10012.0 and ESET Server Security 10.0.12012.0 in 3 cases). In all cases ESET went green, and after 1-2 minutes back to red again. I sent one ESET Log Collector file @Peter Randziak Edited November 14, 2023 by Marco L Peter Randziak 1
Harinder 0 Posted November 14, 2023 Posted November 14, 2023 Error Persists even after rollback and restart. Eicar file is also not getting detected. Issue is with 2012-r2 servers
Administrators Marcos 5,460 Posted November 14, 2023 Administrators Posted November 14, 2023 Temporarily disabling protected service in the HIPS setup and rebooting the machine resolves the issue. However, within 1-2 hours there will be a newer update that will address the issue. Protected service is an important protection feature and re-enabling it would require another reboot.
Czeslaw LIebert 0 Posted November 14, 2023 Posted November 14, 2023 Server 2012 R2 Standard here. After that last update two issues: 1. In Eset Protect Cloud i get a critical warning about that machine saying that the protecton services could not be started (all in red), whereas on the machine itself seems ESET is working fine (green lights). 2. Configuration requested by ESET Protect Cloud shows completely different things than what I can see on the machine itself via advanced settings. No such issues on Server 2022 Standard.
Estrelo 2 Posted November 14, 2023 Posted November 14, 2023 What you have pinned in the forums is the wrong advice! Servers that haven't rebooted still have the real time protection working. If you reboot you lose malware protection. Rolling back updates does not work. Tested with Eicar file. Please advise people NOT TO RESTART THE SERVERS until the issue is solved! MarcFL 1
ESET Moderators Peter Randziak 1,182 Posted November 14, 2023 ESET Moderators Posted November 14, 2023 3 minutes ago, Estrelo said: What you have pinned in the forums is the wrong advice! Servers that haven't rebooted still have the real time protection working. If you reboot you lose malware protection. Rolling back updates does not work. Tested with Eicar file. Please advise people NOT TO RESTART THE SERVERS until the issue is solved! Yes I admit that the information provided in the alert was not up to date and accurate. The situation was quite dynamic and new findings were emerging... As of now, it is up to date https://support.eset.com/en/alert8521-error-during-auto-updates-in-eset-server-security-for-microsoft-windows-server We apologize for the inconvenience caused. Estrelo 1
ESET Moderators Peter Randziak 1,182 Posted November 14, 2023 ESET Moderators Posted November 14, 2023 Hello guys, the fixed modules are available on the Update servers since ~13:00 CET (November 14, 2023). Users affected by this issue do not need to take any steps, the module will be updated automatically and the issue will be resolved by it. We apologize for the inconvenience caused, Peter on behalf of the teams involved MarcFL, O S and Ben Partouche 3
Recommended Posts