john_White24778 1 Posted July 2 Posted July 2 Hi Dear ESET Administrators. From Yesterday many Endpoint and Servers that revived Configuration module update 2127.2 and all local Exclusions are now Ignored and Exclusions is locked as the picture attached. RollBack update to Configuration 2116.5 will unlock the exclusion and local exclusion will be enable ! ESET PROTECT (Server), Version 10.1 (10.1.1291.0) Update module 1039 (20231023) Translation support module 2011 (20240619) SysInspector module 1283 (20220614) SSL module 1086 (20240328) Push Notification Service module 1137 (20240208) Configuration module 2127.4 (20240628) Server Security 10.0.1212.0 Detection Engine;29488;2024/07/02 Rapid Response module;24560;2024/07/02 Update module;1039;2023/10/23 Antivirus and antispyware scanner module;1613;2024/06/12 Advanced heuristics module;1228;2024/01/05 Archive support module;1351;2024/06/04 Cleaner module;1250;2024/05/27 Anti-Stealth support module;1191;2024/02/05 Firewall module;1447;2024/06/04 Translation support module;2011;2024/06/19 HIPS support module;1474;2024/06/04 Internet protection module;1475.2;2024/05/23 Database module;1125;2024/01/15 Configuration module;2127.3;2024/06/20 Direct Cloud communication module;1139;2024/06/03 Rootkit detection and cleaning module;1033;2022/09/16 Network protection module;1697;2024/05/13 Script scanner module;1173;2024/02/01 Cryptographic protocol support module;1086;2024/03/28 Advanced Machine Learning module;1154;2024/06/13 Security Center integration module;1040;2023/08/15 What can we Do ?
Administrators Marcos 5,466 Posted July 2 Administrators Posted July 2 Please provide logs collected with ESET Log Collector from the machine in question.
john_White24778 1 Posted July 2 Author Posted July 2 We found the problem , OLD Policy cause this Problem ! if Old Policy is assigned , Allow appending detection exclusions to locally defined list will not work so local policy will not work ! Re generating Policy with new configuration module solve the Problem !
Administrators Marcos 5,466 Posted July 2 Administrators Posted July 2 We're going to revert the Configuration module and release version 2116.6 soon while the issue with converting exclusions from old policies for Endpoint 7.1 and older gets fixed.
john_White24778 1 Posted July 2 Author Posted July 2 It seems that there is many problem in 2127.3 We force "Allow appending detection exclusions to locally defined list" , Now local Exclusion is active but Console Exclusion will not Apply !!!
john_White24778 1 Posted July 2 Author Posted July 2 right now Console 10.1 has Configuration module 2127.4 (20240628) Endpoint Security V9 , Server V10 that has 2127.4 Will not apply Local Exclusions and Exclusions are Locked ! Endpoint Security with 2116.5 has no issue , Policy Exclusion and Local are work find.
john_White24778 1 Posted July 2 Author Posted July 2 Console 11 ( With 2127.4 ) + Endpoint 11 ( With 2127.4 ) has no issue ( Local and policy Exclusion will work find ) 😑 We are completely Confused !
john_White24778 1 Posted July 2 Author Posted July 2 1 hour ago, Marcos said: We're going to revert the Configuration module and release version 2116.6 soon while the issue with converting exclusions from old policies for Endpoint 7.1 and older gets fixed. Right Now Revert is OK and All Versions are reverted to 2116.5 , And all Issue is solved right now ! Peter Randziak 1
Administrators Marcos 5,466 Posted July 2 Administrators Posted July 2 Please kindly provide ELC logs from the server, we'd need to check your configuration policies even if there's no issue after reverting the Configuration module. Peter Randziak 1
john_White24778 1 Posted July 2 Author Posted July 2 1 hour ago, Marcos said: Please kindly provide ESET Log Collector logs from the server, we'd need to check your configuration policies even if there's no issue after reverting the Configuration module. This Console is belong to a UAE Goverment and we can not export full ESET Log Collector logs. Because they have sensitive data , But we can ask them to give us a limited ESET Log Collector maybe . Witch Logs of ESET Log Collector do you need ?
Administrators Marcos 5,466 Posted July 3 Administrators Posted July 3 LastPolicy.dat from the archive created by ELC might suffice for now.
john_White24778 1 Posted July 8 Author Posted July 8 again this issue occurred by configuration module 2127.6 Local Exclusions are ignored and exclusion section are fully locked by Policy !
Administrators Marcos 5,466 Posted July 8 Administrators Posted July 8 Please provide LastPolicy.dat at least. What product is affected? ESET Endpoint Antivirus / Security? Or ESET Server Security? What version?
john_White24778 1 Posted July 8 Author Posted July 8 Many Versions are affected EES V9 EES V10 EES V11 . ESS V10 We are trying to get the LastPolicy.dat in few hours.
john_White24778 1 Posted July 8 Author Posted July 8 We successfully regenerate the issue in TEST environment and Full ESET Log Collector is attached. Right now the exclusion is locked and local Exclusions is not apply even in ESS that installed on ESET Protect Server ! Same as EES/ESS V9 V10 V11 on all Clinets and servers Exclution_Issue.zip
john_White24778 1 Posted July 8 Author Posted July 8 We find the solution , After Upgrading Console to Configuration Module 2127.6 and re create the policy with enable "Allow appending detection exclusions to locally defined list" solve the issue !
john_White24778 1 Posted July 8 Author Posted July 8 Also "Allow appending detection exclusions to locally defined list" must be Enable in a Separated policy to worked !
john_White24778 1 Posted July 8 Author Posted July 8 after a while again Exclutions locked and problem reoccurred !
john_White24778 1 Posted July 8 Author Posted July 8 in some special situations if we assign two policy and both has "Allow appending detection exclusions to locally defined list" enabled , The Local Exclusions will be unlocked ! So the problem is very Confusing !
Recommended Posts