Jump to content

Pop3, HTTP error


Rainer

Recommended Posts

Hello,

 

we've ESET 5 installed on our clients.

I want to update to ESET 6.

The suggested solution from ESET was to install the ESET 6 Agent first on all clients, before removing the old ESET 5 client.

I've done this on many clients (installation of the ESET 6 Agent), but now I get an error message from a lot of clients.

 

------------------------------------------

During execution of Personal firewall on the computer XXXXXXXX, the following waning occured:

An error occurred while starting proxy server. Analysis of application protocols (POP3, HTTP) will not function.

------------------------------------------

 

How can I get rid of this error message?

What do I have to configure on my ERA 6 console?

 

Please help!

 

Best regards

Rainer

Link to comment
Share on other sites

  • ESET Staff

Hello, what is the installed product / version & what is the operating system used?

Is it ESET Endpoint Security / Antivirus V5, or after deployment of ERA agent, you have also upgraded ESET Endpoint Security / Antivirus to V6?

ERA agent itself should not interfere with V5 in no other way, than to adjust its configuration to connect to ERA agent instead of the ERA V5 server, and then enforce the policies assigned to that computer by ERA V6 server.

Couple of questions:

Are there any policies applied to the computer via ERA 6?

Is the issue occurring after computer restart?

can you please send us Pcap log?

  1. Open Advanced settings of ESET product.
  2. Go to Network - Personal firewall - IDS and advanced options.
  3. Open Troubleshooting (click on plus button in the tree) and check check-box for Enable advanced PCAP logging, save advanced settings.
  4. Simulate problem with network.
  5. Stop pcap loging in advanced settings.
  6. Log from pcap: "c:\Users\All Users\ESET\ESET Smart Security\Diagnostics\".

Also please specify the versions of modules used by your product (located in about section of ESET product).

Edited by MichalJ
Link to comment
Share on other sites

Hello, what is the installed product / version & what is the operating system used?

Is it ESET Endpoint Security / Antivirus V5, or after deployment of ERA agent, you have also upgraded ESET Endpoint Security / Antivirus to V6?

ERA agent itself should not interfere with V5 in no other way, than to adjust its configuration to connect to ERA agent instead of the ERA V5 server, and then enforce the policies assigned to that computer by ERA V6 server.

Hello Michal,

 

the installed product version is ESET Endpoint Antivirus 5.0.2265.1 and the operating system is Windows 7/8.1/10.

I have just installed the ESET 6 Agent, no Endpoint Security, or Antivirus app. installed.

 

Best regards

Rainer

Link to comment
Share on other sites

Hello, what is the installed product / version & what is the operating system used?

Is it ESET Endpoint Security / Antivirus V5, or after deployment of ERA agent, you have also upgraded ESET Endpoint Security / Antivirus to V6?

ERA agent itself should not interfere with V5 in no other way, than to adjust its configuration to connect to ERA agent instead of the ERA V5 server, and then enforce the policies assigned to that computer by ERA V6 server.

Couple of questions:

Are there any policies applied to the computer via ERA 6?

Is the issue occurring after computer restart?

can you please send us Pcap log?

  1. Open Advanced settings of ESET product.
  2. Go to Network - Personal firewall - IDS and advanced options.
  3. Open Troubleshooting (click on plus button in the tree) and check check-box for Enable advanced PCAP logging, save advanced settings.
  4. Simulate problem with network.
  5. Stop pcap loging in advanced settings.
  6. Log from pcap: "c:\Users\All Users\ESET\ESET Smart Security\Diagnostics\".

Also please specify the versions of modules used by your product (located in about section of ESET product).

Hi Michal,

 

I cannot find the "Network --> Personal firewall - IDS and advanced options" (in ESET 5.0.2265.1)

Where can I find this setting in ESET 5 ( I have just installed the ESET 6 Agent, not the Antivirus app. from ESET 6).

 

...and yes, I have a policy applied to these systems (but nothing with POP3 or HTTP).

 

I'm not sure if the error message comes again after a restart, because the systems are mostly in our subsidiaries.

But I assume, that one or the other has powered off, at closing-time, and powered on again next morning.

 

Best regards

Rainer

Link to comment
Share on other sites

I have seen this on ENDPOINT AV which is rather confusing being that it does not have a firewall. 

I would suggest first one one machine only, is doing a push install task to install EEA 6.4 over the top of the V5 Endpoint. After the upgrade you need to reboot (Reboot automatically check box).

If after the reboot, you go local to that machine and it is still showing the same status then I would suggest using a push uninstall task >> hxxp://help.eset.com/era_admin/62/en-US/?client_tasks_software_uninstall.htm to uninstall the broken V5 version and then reboot. After reboot, use your same push install task for 6.4 and install. This should resolve your issue. 

BTW. were these windows 10 machines? 

Link to comment
Share on other sites

I have seen this on ENDPOINT AV which is rather confusing being that it does not have a firewall. 

I would suggest first one one machine only, is doing a push install task to install EEA 6.4 over the top of the V5 Endpoint. After the upgrade you need to reboot (Reboot automatically check box).

If after the reboot, you go local to that machine and it is still showing the same status then I would suggest using a push uninstall task >> hxxp://help.eset.com/era_admin/62/en-US/?client_tasks_software_uninstall.htm to uninstall the broken V5 version and then reboot. After reboot, use your same push install task for 6.4 and install. This should resolve your issue. 

BTW. were these windows 10 machines? 

Hi Tmuster,

 

thanks for your help!

 

This works fine!

When I'm deinstalling the ESET 5 and install the ESET 6, then I have no issue, but my problem is, that I cannot remove all ESET 5 at this time. I just want to install the ESET Agent on all systems from our headquarter and our subsidiaries. After the Agent is installed on all systems, I can remove the old ESET 5 and install the new ESET 6 (step by step)..

I must do this in that way, because we have no it spezialists in our subsidiaries (only field staff --> you know what I mean) :-)

 

--> I have this issue only on systems where I have installed the ESET Agent.

 

Btw.: The systems are W7, W8.1 and W10

 

Best regards

Rainer

Link to comment
Share on other sites

  • ESET Staff

Hello, for Endpoint V5 please do the following:

  1. Enable dumping to protoscan pcaps by
    • importing the appropriate xml configuration (dump_to_pcaps-enable-endpoint.xml)
  2. Replicate the problem, note the time (with time zone information) when the problem occured (e.g. 16.10.2013 at 16:14:30 UTC +0900).
  3. Disable the dumping (dump_to_pcaps-disable-endpoint.xml).
  4. Include:
    1. the files EsetProxyInner.pcapng and EsetProxyOuter.pcapng (located in "c:\ProgramData\ESET\<product name>\Diagnostics")
    2. time from step 2
    3. any error messages that were displayed
    4. description of the problem
    5. OS, ESET product and protoscan versions
    6. All other ESET modules (from about section)

Can you also check, if the driver "epfwwfpr.sys" is running? (sc query epfwwfpr).

Thank you,

Michal

dump_to_pcaps-disable-endpoint.xml

dump_to_pcaps-enable-endpoint.xml

Edited by MichalJ
Link to comment
Share on other sites

Hello, for Endpoint V5 please do the following:

  1. Enable dumping to protoscan pcaps by
    • importing the appropriate xml configuration (dump_to_pcaps-enable-endpoint.xml)
  2. Replicate the problem, note the time (with time zone information) when the problem occured (e.g. 16.10.2013 at 16:14:30 UTC +0900).
  3. Disable the dumping (dump_to_pcaps-disable-endpoint.xml).
  4. Include:
    1. the files EsetProxyInner.pcapng and EsetProxyOuter.pcapng (located in "c:\ProgramData\ESET\<product name>\Diagnostics")
    2. time from step 2
    3. any error messages that were displayed
    4. description of the problem
    5. OS, ESET product and protoscan versions
    6. All other ESET modules (from about section)

Can you also check, if the driver "epfwwfpr.sys" is running? (sc query epfwwfpr).

Thank you,

Michal

Hello Michal,

 

thanks again for your help!

 

I have news.

Investigating this issue, my colleague has find out, that after the first reboot (means: The Agent is installed, the user powers off the system,

leaves the office and powers on next morning the system again) the ESET shows the POP3, HTTP error message.

After a second reboot of the system, the error message is gone (??).

We get every morning dozens of messages from other systems, but when we reboot the systems (once, or twice), the error message is gone.

So we have to reboot (twice) all our systems, where the new ESET Agent is installed.

This is a working concept (a workaround).

We can live with that.

I have installed the Agent on nearly 60 percent of our systems, so we have to wait until all systems are installed and rebooted (twice). 

 

Best regards

Rainer

Link to comment
Share on other sites

  • Administrators

Basically Agent should not affect protocol filtering and the speed of loading drivers. I'm afraid that nothing can be done about this in EPv5 but with EPv6 no such errors should be reported if it takes longer to load protocol filtering-related drivers.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...