Cybersecurity 8 update complains about full disk access even though it has it

[gisuck 11]

My computer just did an in place product update to Cybersecurity 8, and the wizard now states that I need to enable ESET Full Disk Access even though it already has it.

 

 

 

Edited 21 hours ago by gisuck
Screenshot wasn't added

[AlterMann 0]

with macOS Sequoia.0.1 too.

sorry, Japanese.

[gisuck 11]

Tried a complete reinstall. It installed 7, upgraded to 8 and then encountered the same issue. I tried clicking on the + and adding the ESET application, but that also didn't work. Filed a ticket with support.

[AlterMann 0]

I try clear install.

1. uninstall ver.8

"ESET Real-time File System Protection"(OFF) Remains on System Preference>Privacy & Security>Full Disk Access

2. "ESET Real-time File System Protection" delete on System Preference>Privacy & Security>Full Disk Access. use "-".

3. install ver.8. Onboarding.app ended without any problems.

From this, I imagine that macOS will not be able to recognize that "ESET Real-time File System Protection" has become new, macOS will not be able to grant permissions, and Onboarding.app will not progress.

The uninstaller also has a bug that cannot uninstall "ESET Real-time File System Protection".

 

Edited 14 hours ago by AlterMann

[AlterMann 0]

Over time, full disk access rights are lost.

Is it a bug on the macOS Sequoia side?

 

[Marcos 5,332]

According to your description of the issue, it sounds like the same bug in macOS that was in macOS Sonoma: https://support.eset.com/en/kb8709.

Those who are experiencing the issue, are you able to fix it by following the instructions in the above KB?

[gisuck 11]

I've tried adding the application, it didn't work. The KB does not list where the extension is installed so I can try reinstalling that. Still not able to detect full disk access.

[AnthonyQ 56]

I installed ESET V8 from scratch and I also encountered this problem...

[Marcos 5,332]

There have been several FDA-related bugs reported in the past, e.g. https://www.threatdown.com/blog/macos-ventura-bug-disables-security-software/.

[gisuck 11]

Note that this would be a version bug introduced with version 8. When I did a reinstall, using version cyber security 7, it was operational and did not have issues with full disk access. Then an inplace product update happened, and the new version cannot detect full disk access.

 

Otherwise, I don't think this is an OS issue since I'm on Monterey. Cyber Security 7 works fine, it's 8 that has issues.

[AlterMann 0]

1 hour ago, gisuck said:

Note that this would be a version bug introduced with version 8. When I did a reinstall, using version cyber security 7, it was operational and did not have issues with full disk access. Then an inplace product update happened, and the new version cannot detect full disk access.

 

Otherwise, I don't think this is an OS issue since I'm on Monterey. Cyber Security 7 works fine, it's 8 that has issues.

On macOS Sequoia.0.1 too.

[AlterMann 0]

This is not for the purpose of showing how to solve it or hacking ESET's copyright, but I write it thinking that it would be good if it could be some kind of clue.

ESET did not clearly indicate the entity I wanted to grant Full Disk Access authority, so I looked it up.

Where do ESET need Full Disk Access.

Enviroment : ESET CyberSecurity 7.5.74.0 On macOS Sequoia.0.1

1. open System Preference.app

2. select Privacy and Security > Full Disk Access

3. select “ESET Real-time File System Protection"

4. open contexial menu “ESET Real-time File System Protection"

5. select “open folder”

“ESET Real-time File System Protection" is /Library/SystemExtensions/(UUID?)/com.eset.endpoint.systemextension

6. open /Library/SystemExtensions/

7. open to use text editor at db.plist

8. search “Real”

/Applications/ESET Cyber Security.app/Contents/Helpers/ESET Real-time File System Protection.app/Contents/Library/SystemExtensions/com.eset.endpoint.systemextension (REAL FILE)

Perhaps installer regist on db.plist.

 

This is a delusion,

4. Off at “ESET Real-time File System Protection"

5. tap “-“

6. tap “+”

7. select (REAL FILE)

Does macOS recognize it correctly?

 

And one more thing.

3. select ESET CyberSecurity

4. open contexial menu “ESET CyberSecurity"

5. select “open folder”

/Applicatoon/ESET CyberSecurity.app

 

P.S. I’m not native language at English. Sorry if it's linguistically funny.

[AlterMann 0]

Please note that this issue only occurs in ver.8 due to gisuck, AnthonyQ, and me.

Therefore, is processing part where the installer registers "com.eset.endpoint.systemextension" the same or different in ver.7 and ver.8?

No way, ESET don't tell end users to read installer script yourself and get diff ? (If I have mental energy, I can try it.)

Edited 2 hours ago by AlterMann

[Robertos 24]

Hello, this seems like problem in macOS TCC database. May be it is somehow corrupted. We tested this on all supported macOS version and it works correctly  in our environments. But sometimes  TCC database is corrupted by macOS and sometimes macOS has bug that does not allow product to handle FDA manipulation correctly.

 

Before user will do such steps written in above post I would advise to try to recover TCC db by macOS itself using standard approach. If you have product installed do this:

1. turn off real time file protection
2. disable FDA for all ESET items you could see in macOS full disk access
3. uninstall the product
4. restart macOS
5. check system extension  in the macOS

   systemextensionsctl list

   output should be 0 for ESET extensions

6. install ECS 8.2.800.0
7. macOS should ask FDA for application bundle and for real-time file protection during onboarding 
8. allow FDA for all ESET items in system preferences, actually should be 2

If this won't work try to clean TCC database in recovery mode of macOS. How to do this could be found on internet, it is only for skilled user. In recovery mode, remove all ESET items from TCC database. Then after macOS restart product should ask for allowing required FDA.

If nothing help, please, contact ESET support we will need more info and details. Logs will be required.

[AlterMann 0]

But in the case of AnthonyQ, this procedure is not good, right?

 

With the installer script, check presence or absence of "ESET Real-time File System Protection" before installing, and if so, "systemextensionsctl uninstall <teamId> <bundleId>" and then install it?

[gisuck 11]

@Robertos, please note that at the time of writing, version 8 of the cyber security wasn't available for download on my eset. I had to go through an inplace product update to get version 8. I believe this is where the fault might lie. I just noticed that version 8 was on my eset website today. I'm going to test a full reinstall now.

[time passes]

Okay, so I followed the steps above where i removed full disk access and perform the uninstall of eset and rebooted. After reboot, I ran systemextensionsctl list and confirmed that there was 0 entries. Ran the new installer and that seemed to fix the issue.

So the problem is definitely with the in product upgrade process.

[Robertos 24]

What version of Mac/Linux configuration module do you have in the product? It should be 1053 (20240924) for correct working of FDA detection.

[gisuck 11]

Interesting... I just forced a module update after getting everything installed and I'm back to having errors with the FDA.

[Robertos 24]

gisuck: I'm happy that issue is fixed, at least  for you. It's hard to say if problem is in product update or in macOS in this case. You've successfully cleaned TCC db so new installation works correctly but I assume that previous scenario of product update will work too after cleaning of TCC db.

[Robertos 24]

Anthony provided too less information to determine if it helps. He should try it. At least, my advised steps won't do it worse, it only could help.

[gisuck 11]

Found the problem. Issues with the pre-release module update. Changed the profile to regular and the error message went away.

[Robertos 24]

gisuck: How did you make 'forced' update of modules?
What does it mean that problem is back? Do you have to allow FDA in macOS once again or you are not able to allow it?

[gisuck 11]

Just now, Robertos said:

gisuck: How did you make 'forced' update of modules?
What does it mean that problem is back? Do you have to allow FDA in macOS once again or you are not able to allow it?

change the module updates to pre-release then force an update on "Check for update" button on Update page. Wait for update. Eventually the FDA error occurs. Changed the module update to regular and then updated again, FDA error goes away.

Needs testing to confirm but this is what I observed.

[Robertos 24]

If anybody has problem with allowing FDA for application bundle and are you using pre-release mode of module update, try at first to change product module update mode to regular.