Jump to content

Eset Server Security Non-Functional After Last Module Update

MarcFL

By MarcFL
in ESET Products for Windows Servers

 Share
Go to solution Solved by Marcos,

Recommended Posts

MarcFL

MarcFL 26

Posted
Posted (edited)

RE: ESET Server Security for Microsoft Windows Server

Immediately after the last automatic module / definition update that occurred a few minutes ago, this error occurred:
11/13/2023 15:49:28 PM - During execution of Kernel on the computer SERVER, the following event occurred: An error occurred during loading scanner modules. Malware protection will not work correctly.

Edited by MarcFL
Link to comment
Share on other sites
  • MarcFL changed the title to Eset Server Security Non-Functional After Last Module Update
SSIRichard

SSIRichard 0

Posted
Posted (edited)

Same issue here. I have to assume it was a bad module update pushed out? We have 1 last 2012R2 server standing and it's the one with the issue.

Edited by SSIRichard
Clarified it's on the 2012 server.
Link to comment
Share on other sites
russell_t

russell_t 2

Posted
Posted

Am also seeing this across every Server 2012 R2 ESET Server security install, been on hold for USA Business support for 10 minutes trying to check with them about this. I don't think I've seen it on newer server versions but as far as I'm aware 2012R2 should still be supported by ESET for another year?

Link to comment
Share on other sites
slarkins

slarkins 5

Posted
Posted (edited)

Add me to this list....only 2012 servers so far. if i dismiss error on the server...protection status shows green across the board...both 7.x and 8.x versions of file security...

Edited by slarkins
Link to comment
Share on other sites
MarcFL

MarcFL 26

Posted
  • Author
Posted (edited)

This is on Server 2012 R2 with ESU.   I clicked "Dismiss" on the error and the dashboard shows green.  I then tested Eset by using this page and it blocked the Eicar test files : https://www.eicar.org/download-anti-malware-testfile/

Edited by MarcFL
Link to comment
Share on other sites
russell_t

russell_t 2

Posted
Posted (edited)
34 minutes ago, Marcos said:

Updates have been stopped, we're investigating the issue. Does anybody have also other than Windows Server 2012 systems affected?

About 50 Windows Server 2012 R2 affected, also have two Windows 8.1 Desktops with Eset Endpoint Antivirus (one on an older 7.x build) that also have the same error.

I have tested a module rollback on one server, and it seems to initialize just fine on the older modules.

I'm not entirely sure it's 100% non-functional as it still blocks an eicar on both the rollback and non-rollback server but I'd like to know when a new module is available to force an update and know if we need to reboot all the servers tonight to clear the errors or if it'll clear all the red in the console without that :)

 

Edit: Also support hasn't picked up the call for almost an hour now, would be nice if they had a way to update the voice IVRs to let people know it's a known issue rather than park what's likely hundreds of calls on hold.

Edited by russell_t
Link to comment
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 5,074

Posted
  • Administrators
  • Solution
Posted
13 minutes ago, DannyC said:

I fixed several servers by rolling back update for 12 hours and then enable updates and the warning went away.

This should not be necessary, as MarcFL wrote, clicking Dismiss in the warning should suffice and the protection status will be green. The eicar test file is detected then so protection seems to work fine. We'll make some further tests to make sure. So far it appears to be a glitch with the notification during modules reload after update.

Link to comment
Share on other sites
slarkins

slarkins 5

Posted
Posted (edited)

while the status appears green on the server...my eset protect console shows all 7 of my 2012 servers as critical status...how do we clear eset protect critical error showing on eset protect console...

 

with message...Antivirus and antispyware protection disabled..

Edited by slarkins
Link to comment
Share on other sites
DannyC

DannyC 0

Posted
Posted
50 minutes ago, Marcos said:

Updates have been stopped, we're investigating the issue. Does anybody have also other than Windows Server 2012 systems affected?

Just got a call that issue is also on several windows 8 systems

Link to comment
Share on other sites
russell_t

russell_t 2

Posted
Posted

just going to update my post that we found a reboot on a system affected with this error/bad module would then be unprotected, so I would recommend deploying a module rollback task for 12 or 24 hours, depending on your availability to check on things after the rollback expires to give ESET time to fix the modules on their end.

 

Thanks to ESET support for going through all this over the phone with me and gathering some additional data!

Link to comment
Share on other sites
MarcFL

MarcFL 26

Posted
  • Author
Posted (edited)

  

30 minutes ago, russell_t said:

just going to update my post that we found a reboot on a system affected with this error/bad module would then be unprotected, so I would recommend deploying a module rollback task for 12 or 24 hours, depending on your availability to check on things after the rollback expires to give ESET time to fix the modules on their end.

Thanks to ESET support for going through all this over the phone with me and gathering some additional data!

 

Thanks Russell_t.  How did you know that after a reboot the system wasn't protected?

Edited by MarcFL
Link to comment
Share on other sites
russell_t

russell_t 2

Posted
Posted (edited)
41 minutes ago, MarcFL said:

  

 

Thanks Russell_t.  How did you know that after a reboot the system wasn't protected?

Picked one of the systems with the error, the system seemed protected while showing the warning. Performed only a reboot of a system showing that error without doing a rollback or any other changes, and when it came up it was green and said protected but on the update tab show all modules detail window it was blank. Could tell it wasn't scanning files, was able to download Eicar and a common blocked PUP utility without issue and scan them manually without them being flagged as well.  This was fixed with a 24h rollback.

 

I can't say that would be the case on your systems but would recommend either further testing (like a reboot) or the rollback, though if they are not rebooted and a new module is released and it updates, this should also be OK.

Edited by russell_t
Link to comment
Share on other sites
MarcFL

MarcFL 26

Posted
  • Author
Posted (edited)
34 minutes ago, russell_t said:

Picked one of the systems with the error, the system seemed protected while showing the warning. Performed only a reboot of a system showing that error without doing a rollback or any other changes, and when it came up it was green and said protected but on the update tab show all modules detail window it was blank. Could tell it wasn't scanning files, was able to download Eicar and a common blocked PUP utility without issue and scan them manually without them being flagged as well.  This was fixed with a 24h rollback.

 

I can't say that would be the case on your systems but would recommend either further testing (like a reboot) or the rollback, though if they are not rebooted and a new module is released and it updates, this should also be OK.

Thanks for the report.  We're not in a position to restart our server yet.  But I think we'll wait for Eset guidance as right now it's protected. 

I just noticed this red box update above: "To fix the issue, please reboot the server. Do not click Dismiss as it will merely hide the warning. If you want to make sure that everything works, you should be able to open the advanced setup with advanced settings. If the window is blank, reboot the machine. You can also make an additional detection test by downloading the Eicar test file from https://secure.eicar.org/eicar.com  We continue to analyze the issue in the mean time. While updates are suspended, ESET will continue to download the so-called pico updates that are issued every few minutes. Also ESET LiveGrid and ESET LiveGuard will continue to protect your machine."

We have not rebooted and advanced settings is not blank and Eset blocks Eicar...

Edited by MarcFL
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

If eicar is not detected, the advanced setup window will be likely blank as well. In such case a reboot should resolve the issue and modules should load alright then according to our tests.  We continue working on finding out the root cause.

Link to comment
Share on other sites
Marco L

Marco L 1

Posted
Posted (edited)

Error persists after restarting the server. (tested for ESET Mail Security 10.1.10012.0 and ESET Server Security 10.0.12012.0 in 3 cases). In all cases ESET went green, and after 1-2 minutes back to red again. I sent one ESET Log Collector file @Peter Randziak

Edited by Marco L
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Temporarily disabling protected service in the HIPS setup and rebooting the machine resolves the issue. However, within 1-2 hours there will be a newer update that will address the issue. Protected service is an important protection feature and re-enabling it would require another reboot.

Link to comment
Share on other sites
Czeslaw LIebert

Czeslaw LIebert 0

Posted
Posted

Server 2012 R2 Standard here. After that last update two issues:

1. In Eset Protect Cloud i get a critical warning about that machine saying that the protecton services could not be started (all in red), whereas on the machine itself seems ESET is working fine (green lights).

2. Configuration requested by ESET Protect Cloud shows completely different things than what I can see on the machine itself via advanced settings.

 

No such issues on Server 2022 Standard.

 

Link to comment
Share on other sites
Estrelo

Estrelo 2

Posted
Posted

What you have pinned in the forums is the wrong advice! Servers that haven't rebooted still have the real time protection working. If you reboot you lose malware protection. Rolling back updates does not work.

Tested with Eicar file. Please advise people NOT TO RESTART THE SERVERS until the issue is solved!

Link to comment
Share on other sites
  • ESET Moderators
Peter Randziak

Peter Randziak 1,130

Posted
  • ESET Moderators
Posted
3 minutes ago, Estrelo said:

What you have pinned in the forums is the wrong advice! Servers that haven't rebooted still have the real time protection working. If you reboot you lose malware protection. Rolling back updates does not work.

Tested with Eicar file. Please advise people NOT TO RESTART THE SERVERS until the issue is solved!

Yes I admit that the information provided in the alert was not up to date and accurate. The situation was quite dynamic and new findings were emerging...

As of now, it is up to date https://support.eset.com/en/alert8521-error-during-auto-updates-in-eset-server-security-for-microsoft-windows-server 

We apologize for the inconvenience caused.

Link to comment
Share on other sites
  • ESET Moderators
Peter Randziak

Peter Randziak 1,130

Posted
  • ESET Moderators
Posted

Hello guys,

the fixed modules are available on the Update servers since ~13:00 CET (November 14, 2023).

Users affected by this issue do not need to take any steps, the module will be updated automatically and the issue will be resolved by it.

We apologize for the inconvenience caused,

Peter on behalf of the teams involved

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...