Jump to content

ESET Endpoint Antivirus broke licensing service


bi4sam
 Share

Recommended Posts

Hi!

 

We are a software company and have our own licensing service to which our software installations (installed at our clients) need to connect to in order to license the software. We also use, for purposes of protecting our workstations, ESET Endpoint AV v.6.0.2033.1. Recently, on 15th of March at 19:37 CET (UTC+1) there's been a program modules update (not only definitions update, but a program components update) that is now blocking the access to our own licensing service!

 

There is no information in any logs about ESET blocking this website (which I will not paste here for obvious security reasons). Looking at WWW logs on the licensing server, I've noticed the POST requests to the service (an IIS-hosted .asmx or .svc file) are being sent to the server, but somehow the response must be filtered/blocked/altered by one of AV modules. Disabling modules one by one did not help, disabling protection for 10 minutes temporarily did not help, only UNINSTALLING the AV suite completely off the machine is the only solution OR rolling back module version using the Advanced Settings ---> Rollback (I'm translating from a localized translation so this might not be the accurate English title of the settings panel).

 

Please advise or direct me to your support directly; in this case, I believe we are looking at a case of false positive or a new "feature" of the smart AV protection algorithms that is a blocker to our work as well as potentially a problem for our clients!!!

Link to comment
Share on other sites

  • Administrators

Does temporarily disabling web protection or protocol filtering make a difference? If so, you could try temporarily excluding that particular application from protocol filtering.

Also please post information about installed modules from the About window.

Link to comment
Share on other sites

Thank you both for your helpful advice.

 

I've mistyped the version, it's 6.2.xxxx not 6.0.xxxx, so not that ancient. An upgrade to 6.3.2016 appears to have helped on a test machine, will deploy this version ASAP on all workstations as well.

 

If this will solve the problem, I will report back next week that the issue has been completely resolved. Would be interested in knowing how and why this happened though, especially since it exhibited very odd behaviour. As stated in my original post, temporarily disabling modules or entire ESET AV protection did not rectify the situation, only a complete uninstall of the suite did (or a rollback).

Link to comment
Share on other sites

Upgrading to 6.3.2016 solved this issue on all machines. Wanted to debug using the recommended diagnostics software, but ultimately I ran out of time I can spend on this issue. Will try it though if it comes back.

 

Thanks for the help.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...