rrichglow 0 Posted November 10, 2015 Share Posted November 10, 2015 (edited) We are still getting lock ups on clients without the MS Hotfix installed, even after applying the change in the updated KB hxxp://support.eset.com/kb3668/ We use the appliance, stopped service, copied the .SO file and restarted service. Still have lockups. FYI Edited November 10, 2015 by rrichglow Link to comment Share on other sites More sharing options...
dlaporte 14 Posted November 10, 2015 Share Posted November 10, 2015 BUMP Please update if you find that you didn't install the .dll correctly Thanks for posting!! Link to comment Share on other sites More sharing options...
Administrators Marcos 4,718 Posted November 11, 2015 Administrators Share Posted November 11, 2015 We are still getting lock ups on clients without the MS Hotfix installed, even after applying the change in the updated KB hxxp://support.eset.com/kb3668/ We use the appliance, stopped service, copied the .SO file and restarted service. Still have lockups. FYI Does temporarily disabling protocol filtering in Endpoint make the issue go away? If so, does installing the hotfix KB2664888 solve the issue? It is the only 100% solution to the issue as lockups can be caused virtually by any application that utilizes Windows Filtering Platform. The ERA hotfix has a certain performance improvement removed (duplex communication) that was found to catalyze the issue in WFP. Link to comment Share on other sites More sharing options...
rrichglow 0 Posted November 11, 2015 Share Posted November 11, 2015 We are still getting lock ups on clients without the MS Hotfix installed, even after applying the change in the updated KB hxxp://support.eset.com/kb3668/ We use the appliance, stopped service, copied the .SO file and restarted service. Still have lockups. FYI Does temporarily disabling protocol filtering in Endpoint make the issue go away? If so, does installing the hotfix KB2664888 solve the issue? It is the only 100% solution to the issue as lockups can be caused virtually by any application that utilizes Windows Filtering Platform. The ERA hotfix has a certain performance improvement removed (duplex communication) that was found to catalyze the issue in WFP. I believe we've had a few clients where the hotfix is installed and the lockups were still occurring. We definitely have a mixed environment going on now. I'll continue to install MS Hotfix. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,718 Posted November 12, 2015 Administrators Share Posted November 12, 2015 (edited) If installing the hotfix doesn't help, please configure Windows to create complete memory dumps as per the instructions at hxxp://support.eset.com/kb380/ and manually create one when the system freezes. When done, compress the dump, upload it to a safe location and pm me the download link. Complete memory dumps should reveal the actual cause of freezes or BSOD crashes. Edited November 13, 2015 by Marcos URL edited Link to comment Share on other sites More sharing options...
rrichglow 0 Posted November 12, 2015 Share Posted November 12, 2015 If installing the hotfix doesn't help, please configure Windows to create complete memory dumps as per the instructions at hxxp://support.eset.com/kb380/ and manually create one when the system freezes. When done, compress the dump, upload it to a safe location and pm me the download link. Complete memory dumps should reveal the actual cause of freezes or BSOD crashes. So my machine is Windows 10 and it locks up, the MS Hotfix isn't compatible with Windows 10. The article you sent me wasn't in English, but i found the English one. Do i initiate the manual crash while the computer is locked up? I don't know if my computer takes any input. Link to comment Share on other sites More sharing options...
Tad2020 0 Posted November 13, 2015 Share Posted November 13, 2015 Just wanted to add that we are also having these problems. We installed KB2664888 on 60 endpoints yesterday and already 2 have frozen again. I'm highly disappointed, we just bought this less than 2 weeks ago and its crippling our business worse than the Crypowall infection that prompted the budget approval. A proper fix better be coming soon, the CEO is likely to force me to do a return on the licenses or do a charge-back as the product is unsuitable for use. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,718 Posted November 13, 2015 Administrators Share Posted November 13, 2015 So my machine is Windows 10 and it locks up, the MS Hotfix isn't compatible with Windows 10. The article you sent me wasn't in English, but i found the English one. Do i initiate the manual crash while the computer is locked up? I don't know if my computer takes any input. Sorry for that, I've amended the link so that it points to the English version of the KB. You should be able to initiate a manual crash even if the computer is unresponsive. As for Windows 10, the bug was already fixed in Windows 8.1 so the problem must be caused by something else. We'll see from the dump if there's another problematic driver loaded or whatever is causing the issue. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,718 Posted November 13, 2015 Administrators Share Posted November 13, 2015 I'm highly disappointed, we just bought this less than 2 weeks ago and its crippling our business worse than the Crypowall infection that prompted the budget approval. A proper fix better be coming soon, the CEO is likely to force me to do a return on the licenses or do a charge-back as the product is unsuitable for use. Please supply us with a complete memory dump as asked in my previous posts. There's no known bug on ESET's part that would be causing it; it's a bug in Microsoft Windows Filtering Platform that manifests on unpatched systems if ESET's agent or another application performs full-duplex communication or if application protocols are filtered in a specific manner by a 3rd party driver. Link to comment Share on other sites More sharing options...
davidpitt 4 Posted November 16, 2015 Share Posted November 16, 2015 (edited) I'm highly disappointed, we just bought this less than 2 weeks ago and its crippling our business worse than the Crypowall infection that prompted the budget approval. A proper fix better be coming soon, the CEO is likely to force me to do a return on the licenses or do a charge-back as the product is unsuitable for use. Please supply us with a complete memory dump as asked in my previous posts. There's no known bug on ESET's part that would be causing it; it's a bug in Microsoft Windows Filtering Platform that manifests on unpatched systems if ESET's agent or another application performs full-duplex communication or if application protocols are filtered in a specific manner by a 3rd party driver. You can't say it's because of unpatched systems as the update hasn't been released to windows update! It's not common after installing software to check through microsofts thousands of unreleased hotfixes to see if one may apply to the software you are installing. I still can't comprehend the fact you are releasing software that you know will cause systems to freeze. When this software was in the alpha/beta stages in your lab and you discovered this bug did you not think this was going to be a big problem, having all your customers install a hotfix before installing your software? Why not include the hotfix in your software or if you can't do that modify the installer so that it checks for this hotfix and warns the uesr to go get it themselves before installing or update the documentation or have a warning on the download page.... something.... anything would've been better than how you've handled this mess so far! It doesn't take a genius to work out that if a customer of yours installs your software and their system freezes, it's you that they are going to mad at, not Microsoft! Edited November 16, 2015 by davidpitt Link to comment Share on other sites More sharing options...
Administrators Marcos 4,718 Posted November 16, 2015 Administrators Share Posted November 16, 2015 No, we didn't know that using a full-duplex communication to improve performance will start the bug in Windows Filtering Platform to manifest. And as I have explained, going back to half-duplex communication will not prevent other software from triggering the bug. The only 100% solution to prevent issues caused by the bug is to install the hotfix. Link to comment Share on other sites More sharing options...
Tad2020 0 Posted November 17, 2015 Share Posted November 17, 2015 I'm highly disappointed, we just bought this less than 2 weeks ago and its crippling our business worse than the Crypowall infection that prompted the budget approval. A proper fix better be coming soon, the CEO is likely to force me to do a return on the licenses or do a charge-back as the product is unsuitable for use. Please supply us with a complete memory dump as asked in my previous posts. There's no known bug on ESET's part that would be causing it; it's a bug in Microsoft Windows Filtering Platform that manifests on unpatched systems if ESET's agent or another application performs full-duplex communication or if application protocols are filtered in a specific manner by a 3rd party driver. We are patched though. Memory dump has not be possible, either because it does not work or that the affected systems are rebooted by the user or their secretary before a dump can be attempted. So far disabling protocol filtering via a policy has prevented any further incidents. Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted November 18, 2015 ESET Staff Share Posted November 18, 2015 Hi @Tad2020, "Confiscate" the computer by IT to fix the problem, and got the requested data. Link to comment Share on other sites More sharing options...
Tad2020 0 Posted November 18, 2015 Share Posted November 18, 2015 Hi @Tad2020, "Confiscate" the computer by IT to fix the problem, and got the requested data. Well, its pretty much all 50+ of them doing it every 2 to 5 days till I disabled protocol filtering so even capturing one in the fault condition is difficult, and lol. Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted November 18, 2015 ESET Staff Share Posted November 18, 2015 Hi, I never thought was such number. My guess was only a few from managers. Link to comment Share on other sites More sharing options...
Aguas de Córdoba 0 Posted November 26, 2015 Share Posted November 26, 2015 Terrum: If you are running the hotfix from a network drive, try copying the hotfix to a local drive and run it from there. Only works to me in this way. Link to comment Share on other sites More sharing options...
HSW 9 Posted November 30, 2015 Share Posted November 30, 2015 we solve this with a batch over gpo @echo offif exist \\SHARE\%computername%.txt GOTO EXIT wmic qfe list | FIND /I "KB2664888" >> C:\eset\KB2664888.txt>nul findstr /c:"KB2664888" C:\eset\KB2664888.txt && ( GOTO ENDE ) VER | find "Microsoft Windows [Version 6.0" > nulIF %errorlevel% EQU 0 GOTO VistaVER | find "Microsoft Windows [Version 6.1" > nulIF %errorlevel% EQU 0 GOTO Win7VER | find "Microsoft Windows [Version 6.2" > nulIF %errorlevel% EQU 0 GOTO ENDEVER | find "Microsoft Windows [Version 6.3" > nulIF %errorlevel% EQU 0 GOTO ENDEVER | find "Microsoft Windows [Version 10.0" > nulIF %errorlevel% EQU 0 GOTO ENDE :Vistaecho Vistaif exist %windir%\SysWOW64\cmd.exe goto update_64bitecho Windows Hotfix KB2664888 32bit fuer ESET wird installiertwusa.exe \\SHARE\Windows6.0-KB2664888-x86-(Vista).msu /quiet /norestartgoto ENDE :update_64bitecho Windows Hotfix KB2664888 64bit fuer ESET wird installiertwusa.exe \\SHARE\Windows6.0-KB2664888-x64-(Vista).msu /quiet /norestartgoto ENDE :Win7echo Win7if exist %windir%\SysWOW64\cmd.exe goto update_64bitecho Windows Hotfix KB2664888 32bit fuer ESET wird installiertwusa.exe \\SHARE\Windows6.1-KB2664888-v2-x86-(Win7+2008).msu /quiet /norestartgoto ENDE :update_64bitecho Windows Hotfix KB2664888 64bit fuer ESET wird installiertwusa.exe \\SHARE\Windows6.1-KB2664888-v2-x64-(Win7+2008).msu /quiet /norestartgoto ENDE :ENDEwmic qfe list | FIND /I "KB2664888" >> \\SHARE\%computername%.txt :EXIT Link to comment Share on other sites More sharing options...
shathippens 0 Posted January 16, 2016 Share Posted January 16, 2016 Hi, we have the same issue in our company. We have round about 250 clients with the latest version of ESET/ERA/Agent. But we're not using Windows Server 2008 R2 or Windows 7 on client side. We're using Windows Server 2012 R2 and Windows 8.1/10. But it seems that the bug is also present on these systems. Systems freezing randomly. All posted possible solutions didn't fix the problem. But downgrade to version 5 (Endpoint Antivirus) helped (or just remove ESET ). But that couldn't be the solution. Someone else who has this problems with Windows 8.1/10? Link to comment Share on other sites More sharing options...
mikeygee 0 Posted February 10, 2016 Share Posted February 10, 2016 You can push it from ERAS like "C:\Windows\system32\wusa.exe" "\\your\samba\share\kb2664888.msu" /quiet /norestart Could someone please spell this out for me on how to do this in ERA version 6.2.171? My IT manager doesn't want me poking around ERA unless I know what I'm doing. I would like to push this hotfix to about 100 computers, I'd rather do it in a day rather than a week or two. Should we upgrade to 6.3.12.0 first ?? Thanks! Link to comment Share on other sites More sharing options...
Bogdan Husdup 0 Posted February 11, 2016 Share Posted February 11, 2016 I recommend you to upgrade first. On my side worked well after upgrade and computers without microsoft kb installed didn't freeze. Link to comment Share on other sites More sharing options...
Recommended Posts