Jump to content

Eset Server Security Non-Functional After Last Module Update


Go to solution Solved by Marcos,

Recommended Posts

Posted (edited)

RE: ESET Server Security for Microsoft Windows Server

Immediately after the last automatic module / definition update that occurred a few minutes ago, this error occurred:
11/13/2023 15:49:28 PM - During execution of Kernel on the computer SERVER, the following event occurred: An error occurred during loading scanner modules. Malware protection will not work correctly.

Edited by MarcFL
  • MarcFL changed the title to Eset Server Security Non-Functional After Last Module Update
Posted (edited)

Same issue here. I have to assume it was a bad module update pushed out? We have 1 last 2012R2 server standing and it's the one with the issue.

Edited by SSIRichard
Clarified it's on the 2012 server.
Posted

Am also seeing this across every Server 2012 R2 ESET Server security install, been on hold for USA Business support for 10 minutes trying to check with them about this. I don't think I've seen it on newer server versions but as far as I'm aware 2012R2 should still be supported by ESET for another year?

Posted (edited)

Add me to this list....only 2012 servers so far. if i dismiss error on the server...protection status shows green across the board...both 7.x and 8.x versions of file security...

Edited by slarkins
  • Administrators
Posted

Updates have been stopped, we're investigating the issue. Does anybody have also other than Windows Server 2012 systems affected?

Posted

I only see this issue so far on my 7 windows 2012 servers...ver 7.x and 8.x...first notice was 3.29pm eastern(about 50 minutes ago)

Posted

I fixed several servers by rolling back update for 12 hours and then enable updates and the warning went away.

Posted (edited)
34 minutes ago, Marcos said:

Updates have been stopped, we're investigating the issue. Does anybody have also other than Windows Server 2012 systems affected?

About 50 Windows Server 2012 R2 affected, also have two Windows 8.1 Desktops with Eset Endpoint Antivirus (one on an older 7.x build) that also have the same error.

I have tested a module rollback on one server, and it seems to initialize just fine on the older modules.

I'm not entirely sure it's 100% non-functional as it still blocks an eicar on both the rollback and non-rollback server but I'd like to know when a new module is available to force an update and know if we need to reboot all the servers tonight to clear the errors or if it'll clear all the red in the console without that :)

 

Edit: Also support hasn't picked up the call for almost an hour now, would be nice if they had a way to update the voice IVRs to let people know it's a known issue rather than park what's likely hundreds of calls on hold.

Edited by russell_t
  • Administrators
  • Solution
Posted
13 minutes ago, DannyC said:

I fixed several servers by rolling back update for 12 hours and then enable updates and the warning went away.

This should not be necessary, as MarcFL wrote, clicking Dismiss in the warning should suffice and the protection status will be green. The eicar test file is detected then so protection seems to work fine. We'll make some further tests to make sure. So far it appears to be a glitch with the notification during modules reload after update.

Posted (edited)

while the status appears green on the server...my eset protect console shows all 7 of my 2012 servers as critical status...how do we clear eset protect critical error showing on eset protect console...

 

with message...Antivirus and antispyware protection disabled..

Edited by slarkins
Posted
50 minutes ago, Marcos said:

Updates have been stopped, we're investigating the issue. Does anybody have also other than Windows Server 2012 systems affected?

Just got a call that issue is also on several windows 8 systems

Posted

just going to update my post that we found a reboot on a system affected with this error/bad module would then be unprotected, so I would recommend deploying a module rollback task for 12 or 24 hours, depending on your availability to check on things after the rollback expires to give ESET time to fix the modules on their end.

 

Thanks to ESET support for going through all this over the phone with me and gathering some additional data!

Posted (edited)

  

30 minutes ago, russell_t said:

just going to update my post that we found a reboot on a system affected with this error/bad module would then be unprotected, so I would recommend deploying a module rollback task for 12 or 24 hours, depending on your availability to check on things after the rollback expires to give ESET time to fix the modules on their end.

Thanks to ESET support for going through all this over the phone with me and gathering some additional data!

 

Thanks Russell_t.  How did you know that after a reboot the system wasn't protected?

Edited by MarcFL
Posted (edited)
41 minutes ago, MarcFL said:

  

 

Thanks Russell_t.  How did you know that after a reboot the system wasn't protected?

Picked one of the systems with the error, the system seemed protected while showing the warning. Performed only a reboot of a system showing that error without doing a rollback or any other changes, and when it came up it was green and said protected but on the update tab show all modules detail window it was blank. Could tell it wasn't scanning files, was able to download Eicar and a common blocked PUP utility without issue and scan them manually without them being flagged as well.  This was fixed with a 24h rollback.

 

I can't say that would be the case on your systems but would recommend either further testing (like a reboot) or the rollback, though if they are not rebooted and a new module is released and it updates, this should also be OK.

Edited by russell_t
Posted (edited)
34 minutes ago, russell_t said:

Picked one of the systems with the error, the system seemed protected while showing the warning. Performed only a reboot of a system showing that error without doing a rollback or any other changes, and when it came up it was green and said protected but on the update tab show all modules detail window it was blank. Could tell it wasn't scanning files, was able to download Eicar and a common blocked PUP utility without issue and scan them manually without them being flagged as well.  This was fixed with a 24h rollback.

 

I can't say that would be the case on your systems but would recommend either further testing (like a reboot) or the rollback, though if they are not rebooted and a new module is released and it updates, this should also be OK.

Thanks for the report.  We're not in a position to restart our server yet.  But I think we'll wait for Eset guidance as right now it's protected. 

I just noticed this red box update above: "To fix the issue, please reboot the server. Do not click Dismiss as it will merely hide the warning. If you want to make sure that everything works, you should be able to open the advanced setup with advanced settings. If the window is blank, reboot the machine. You can also make an additional detection test by downloading the Eicar test file from https://secure.eicar.org/eicar.com  We continue to analyze the issue in the mean time. While updates are suspended, ESET will continue to download the so-called pico updates that are issued every few minutes. Also ESET LiveGrid and ESET LiveGuard will continue to protect your machine."

We have not rebooted and advanced settings is not blank and Eset blocks Eicar...

Edited by MarcFL
  • Administrators
Posted

If eicar is not detected, the advanced setup window will be likely blank as well. In such case a reboot should resolve the issue and modules should load alright then according to our tests.  We continue working on finding out the root cause.

  • ESET Moderators
Posted

Hello guys,

we are checking the issue with the highest priority.

Please provide us with the ESET Log Collector output taken during such problematic state so we can check it.

Peter

Posted (edited)

Error persists after restarting the server. (tested for ESET Mail Security 10.1.10012.0 and ESET Server Security 10.0.12012.0 in 3 cases). In all cases ESET went green, and after 1-2 minutes back to red again. I sent one ESET Log Collector file @Peter Randziak

Edited by Marco L
Posted

Error Persists even after rollback and restart. Eicar file is also not getting detected. Issue is with 2012-r2 servers

  • Administrators
Posted

Temporarily disabling protected service in the HIPS setup and rebooting the machine resolves the issue. However, within 1-2 hours there will be a newer update that will address the issue. Protected service is an important protection feature and re-enabling it would require another reboot.

Posted

Server 2012 R2 Standard here. After that last update two issues:

1. In Eset Protect Cloud i get a critical warning about that machine saying that the protecton services could not be started (all in red), whereas on the machine itself seems ESET is working fine (green lights).

2. Configuration requested by ESET Protect Cloud shows completely different things than what I can see on the machine itself via advanced settings.

 

No such issues on Server 2022 Standard.

 

Posted

What you have pinned in the forums is the wrong advice! Servers that haven't rebooted still have the real time protection working. If you reboot you lose malware protection. Rolling back updates does not work.

Tested with Eicar file. Please advise people NOT TO RESTART THE SERVERS until the issue is solved!

  • ESET Moderators
Posted
3 minutes ago, Estrelo said:

What you have pinned in the forums is the wrong advice! Servers that haven't rebooted still have the real time protection working. If you reboot you lose malware protection. Rolling back updates does not work.

Tested with Eicar file. Please advise people NOT TO RESTART THE SERVERS until the issue is solved!

Yes I admit that the information provided in the alert was not up to date and accurate. The situation was quite dynamic and new findings were emerging...

As of now, it is up to date https://support.eset.com/en/alert8521-error-during-auto-updates-in-eset-server-security-for-microsoft-windows-server 

We apologize for the inconvenience caused.

  • ESET Moderators
Posted

Hello guys,

the fixed modules are available on the Update servers since ~13:00 CET (November 14, 2023).

Users affected by this issue do not need to take any steps, the module will be updated automatically and the issue will be resolved by it.

We apologize for the inconvenience caused,

Peter on behalf of the teams involved

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...