czechoto 0 Posted April 17, 2015 Share Posted April 17, 2015 Hello I have a problem with servers 2008r2 which hang randomly after install EFS6. Some servers have version 6.0.12035 and some 6.0.12032 The servers response on a ping but I can not logon via RDP or open VMware console. When I was logged on the server when it hanged I could move the cursor clik on the start but could not open any software and could not reboot the server. Only hard reset works. Please can you help. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted April 21, 2015 Administrators Share Posted April 21, 2015 If you can reproduce the issue easily, could you try temporarily disabling real-time protection for a test just to see if it makes a difference? If the issue occurs, we'd need to get a kernel or better complete memory dump created as per the instructions in hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN380. Link to comment Share on other sites More sharing options...
czechoto 0 Posted April 22, 2015 Author Share Posted April 22, 2015 I cannot reproduce the issue. I already have setup Kernel memory dump on all of my servers but the dump is not created during this issue. I already removed the EFS from one of my server week ago and the server is still OK. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted April 27, 2015 Administrators Share Posted April 27, 2015 ... the dump is not created during this issue Did the server actually crash to BSOD when you triggered a crash manually? Link to comment Share on other sites More sharing options...
pesphil 1 Posted April 29, 2015 Share Posted April 29, 2015 I too am experiencing this exact problem. Have a 2008R2 server with File Security 6.0.12035.0 installed and system locks up every 3 to 5 days. No BSOD just frozen up. Is a VM and machine performance graph shows CPU usage jumps up at time of crash and stays high until I do a hard reset of the VM. Memory usage stays normal throughout and disk usage stops at time of crash. Windows logs show nothing, ESET logs show nothing. Thankfully this is not a critical server. No issues with EFS version 6 on 2012 servers. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted May 4, 2015 Administrators Share Posted May 4, 2015 Does disabling network drives in EFSW real-time protection setup make a difference? Link to comment Share on other sites More sharing options...
czechoto 0 Posted May 5, 2015 Author Share Posted May 5, 2015 I disabled real-time protection with no success, only uninstall works for me. I already created logs and dump file and sent it to polish eset support. Waiting for any feedback. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted May 6, 2015 Administrators Share Posted May 6, 2015 I disabled real-time protection with no success, only uninstall works for me. I already created logs and dump file and sent it to polish eset support. Waiting for any feedback. Please let me know if you have received a response and supply me with a ticket ID so that I can check if the Polish distributor has already relayed the dump to us for analysis. It'd also help if you could narrow it down by renaming the following drivers in safe mode, one at a time: C:\Windows\System32\drivers\eamonm.sys C:\Windows\System32\drivers\ehdrv.sys After booting to normal mode you'll get some warnings which you can disregard as long as drivers have been renamed intentionally. Link to comment Share on other sites More sharing options...
czechoto 0 Posted May 6, 2015 Author Share Posted May 6, 2015 The ticket number is: [Ticket#005095138] Link to comment Share on other sites More sharing options...
tomha 3 Posted May 13, 2015 Share Posted May 13, 2015 Same problem here on a SBS 2011 which is based on Server 2008R2. No Information from the eventlogs, only some messages from Exchange regarding the DC not responding. In the Eset logs we saw that protocol filtering does not log filtered URLs anymore, when the Server is frozen. We disabled protocol filtering and there was no freeze since. But we have to wait some more time, because the protocol filtering was disabled a week ago and the freezes occured in an interval between 3 Days and 3 Weeks. Link to comment Share on other sites More sharing options...
wind-e 1 Posted May 15, 2015 Share Posted May 15, 2015 We too are experiencing random hangs (every few days to couple weeks) on Server 2008R2 server using version 6.0.120.25. No event logs, no memory dumps generated, and no ESET logs provide any kind of clue. Does anyone have any updates/fixes yet? I'm debating if I should even upgrade to 6.0.12035 as it seems this version has the same issue. @czechoto, any feedback from Polish support team? @tomha, any crashes after disabling Protocol Filtering yet? I may give this a try as it seems to be the only suggestion other than completely uninstalling. Link to comment Share on other sites More sharing options...
pesphil 1 Posted May 15, 2015 Share Posted May 15, 2015 This forum post: https://forum.eset.com/topic/4672-eset-endpoint-antivirus-locking-up-windows-7-pro/page-2 is dealing with a similar lockup issue on Windows 7 and the last couple of entries refer to a Microsoft hotfix: https://support.microsoft.com/en-us/kb/2664888 I just installed the hotfix on my 2008R2 server (requires reboot) so will wait and see if this helps Link to comment Share on other sites More sharing options...
wind-e 1 Posted May 15, 2015 Share Posted May 15, 2015 This forum post: https://forum.eset.com/topic/4672-eset-endpoint-antivirus-locking-up-windows-7-pro/page-2 is dealing with a similar lockup issue on Windows 7 and the last couple of entries refer to a Microsoft hotfix: https://support.microsoft.com/en-us/kb/2664888 I just installed the hotfix on my 2008R2 server (requires reboot) so will wait and see if this helps Thanks, going to install over the weekend. Link to comment Share on other sites More sharing options...
czechoto 0 Posted May 18, 2015 Author Share Posted May 18, 2015 Still waiting for any feedback. We have also problem with Windows Server 2012R2 and this hotfix is for Server2008r2. Link to comment Share on other sites More sharing options...
wind-e 1 Posted May 18, 2015 Share Posted May 18, 2015 Installed hotfix from Microsoft as mentioned by @pesphil in post #12 over the weekend. Though it's only been a couple of days, so far so good. I will follow up 2 or 3 times over the next few weeks and post status. Hopefully this resolves the issue. @czechoto, are you having the same issue on Server 2012 R2? Please keep up posted, thanks! Link to comment Share on other sites More sharing options...
tomha 3 Posted May 18, 2015 Share Posted May 18, 2015 We had no freeze after disabling the protocol filtering. We did this 10 days ago, but had to restart the Server 2 times due to MS Updates. So we cannot confirm that disabling protocol filtering does the trick. Link to comment Share on other sites More sharing options...
czechoto 0 Posted May 19, 2015 Author Share Posted May 19, 2015 @wind-e, yes I have this same problem on Server 2012 R2 and the logs and dump file were sent to Eset from server 2012R2. Please wait 3-4 weeks to check if everything Is ok with your server. I reinstalled EFS 6 on one of my server and everything was fine for 3 weeks, after 3 weeks I had this same issue again. Link to comment Share on other sites More sharing options...
wind-e 1 Posted June 5, 2015 Share Posted June 5, 2015 Following up to post install of hotfix. It's been 3 weeks (21 days) and have not experienced hanging issue. We plan on rebooting server tonight for unrelated reasons for the first time since hotfix was applied. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted June 8, 2015 Administrators Share Posted June 8, 2015 We had no freeze after disabling the protocol filtering. We did this 10 days ago, but had to restart the Server 2 times due to MS Updates. So we cannot confirm that disabling protocol filtering does the trick. Please make sure that protocol filtering is enabled after installing the above mentioned hotfixes from Microsoft. Protocol filtering is an important protection layer as it protects you also against otherwise unrecognized pieces of malware. Link to comment Share on other sites More sharing options...
tomha 3 Posted June 9, 2015 Share Posted June 9, 2015 I Installed Hotfix KB2664888-v2, restarted the Server and reenabled protocol filtering. Time will tell. Link to comment Share on other sites More sharing options...
nloiselle 0 Posted June 10, 2015 Share Posted June 10, 2015 I am also having this issue and just stumbled onto this thread. I installed the Hotfix this morning, and will keep everyone here updated. Link to comment Share on other sites More sharing options...
deszynda 0 Posted July 3, 2015 Share Posted July 3, 2015 We've installed hot fix KB2664888 on Server 2008R2 but it didn't help. After disabling bwColumbus (asked by polish ESET support) our print server is working for 17 days. Previous version of EFS - 4.5.12017 is working with Columbus without any issues. So the question is what to do to avoid conflict of EFS v 6.0.12035.0 with Columbus.exe? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted July 7, 2015 Administrators Share Posted July 7, 2015 We've installed hot fix KB2664888 on Server 2008R2 but it didn't help. After disabling bwColumbus (asked by polish ESET support) our print server is working for 17 days. Previous version of EFS - 4.5.12017 is working with Columbus without any issues. So the question is what to do to avoid conflict of EFS v 6.0.12035.0 with Columbus.exe? This is most likely a different issue. Is it a terminal server? If not, make sure that protocol filtering is not enabled. Link to comment Share on other sites More sharing options...
deszynda 0 Posted July 8, 2015 Share Posted July 8, 2015 The biggest issues we met with our print and file servers. I would test it on print server. So you suggest to disable protocol filtering? Link to comment Share on other sites More sharing options...
tomha 3 Posted July 8, 2015 Share Posted July 8, 2015 Short Update: No freezes so far, after installing MS Hotfix. Protocol filtering is enabled. Link to comment Share on other sites More sharing options...
Recommended Posts