Eset Server File Security

0 views

Skip to first unread message

Bethann Gendernalik

unread,

Aug 3, 2024, 11:36:27 AM8/3/24

to dumbtinfefi

Am also seeing this across every Server 2012 R2 ESET Server security install, been on hold for USA Business support for 10 minutes trying to check with them about this. I don't think I've seen it on newer server versions but as far as I'm aware 2012R2 should still be supported by ESET for another year?

I'm not entirely sure it's 100% non-functional as it still blocks an eicar on both the rollback and non-rollback server but I'd like to know when a new module is available to force an update and know if we need to reboot all the servers tonight to clear the errors or if it'll clear all the red in the console without that

Edit: Also support hasn't picked up the call for almost an hour now, would be nice if they had a way to update the voice IVRs to let people know it's a known issue rather than park what's likely hundreds of calls on hold.

This should not be necessary, as MarcFL wrote, clicking Dismiss in the warning should suffice and the protection status will be green. The eicar test file is detected then so protection seems to work fine. We'll make some further tests to make sure. So far it appears to be a glitch with the notification during modules reload after update.

while the status appears green on the server...my eset protect console shows all 7 of my 2012 servers as critical status...how do we clear eset protect critical error showing on eset protect console...

just going to update my post that we found a reboot on a system affected with this error/bad module would then be unprotected, so I would recommend deploying a module rollback task for 12 or 24 hours, depending on your availability to check on things after the rollback expires to give ESET time to fix the modules on their end.

Picked one of the systems with the error, the system seemed protected while showing the warning. Performed only a reboot of a system showing that error without doing a rollback or any other changes, and when it came up it was green and said protected but on the update tab show all modules detail window it was blank. Could tell it wasn't scanning files, was able to download Eicar and a common blocked PUP utility without issue and scan them manually without them being flagged as well. This was fixed with a 24h rollback.

I can't say that would be the case on your systems but would recommend either further testing (like a reboot) or the rollback, though if they are not rebooted and a new module is released and it updates, this should also be OK.

Thanks for the report. We're not in a position to restart our server yet. But I think we'll wait for Eset guidance as right now it's protected.

I just noticed this red box update above: "To fix the issue, please reboot the server. Do not click Dismiss as it will merely hide the warning. If you want to make sure that everything works, you should be able to open the advanced setup with advanced settings. If the window is blank, reboot the machine. You can also make an additional detection test by downloading the Eicar test file from We continue to analyze the issue in the mean time. While updates are suspended, ESET will continue to download the so-called pico updates that are issued every few minutes. Also ESET LiveGrid and ESET LiveGuard will continue to protect your machine."

We have not rebooted and advanced settings is not blank and Eset blocks Eicar...

If eicar is not detected, the advanced setup window will be likely blank as well. In such case a reboot should resolve the issue and modules should load alright then according to our tests. We continue working on finding out the root cause.

Temporarily disabling protected service in the HIPS setup and rebooting the machine resolves the issue. However, within 1-2 hours there will be a newer update that will address the issue. Protected service is an important protection feature and re-enabling it would require another reboot.

1. In Eset Protect Cloud i get a critical warning about that machine saying that the protecton services could not be started (all in red), whereas on the machine itself seems ESET is working fine (green lights).

What you have pinned in the forums is the wrong advice! Servers that haven't rebooted still have the real time protection working. If you reboot you lose malware protection. Rolling back updates does not work.

I have a problem, that sometimes Eset services start using up all CPU. I look at the Eset logs and there is nothing written about anything blocked or scanned. Such occurances happen on randoms days. How do I stop, or find out, what is making eset use all the CPU?

Ok, will do.

Also, I don't know if this helps, but once I saw that Eset was using all the CPU, I tried to pause protection, but it gave me a message, that it will not pause, because a threat has just been neutralized.

Another thing, I can't turn it off even for testing, because that would leave the protection off for too long, since the 100% CPU issue happens randomly. It can happen next day or next month. While brute force attacks are happening daily.

It may not be needed. Looks like the problem is with generating dumps for a scan upon attack detection which was addressed in the firewall module currently available on the pre-release update channel. Please try switching to it at least for a while to confirm that it resolves the issue. Nevertheless, CyberarmsIdsService.exe was utilizing CPU more than ekrn so you may still notice a higher CPU utilization.

It's more better to bring a firewall or Windows Firewall to whitelist to certain IPs or a VPN IP to connect from to eliminate all the attacks, If it's not possible to do so , then using a firewall like pfSense , OPNSENSE , Fortinet , Palo-Alto etc... , can help take off the attacks with their intrusion prevention services that would block the attacks on the firewall level not the server level which is making the CPU run more and also might bring your server down , or with bad luck a breach could happen.

If it's not possible to do so , then using a firewall like pfSense , OPNSENSE , Fortinet , Palo-Alto etc... , can help take off the attacks with their intrusion prevention services that would block the attacks on the firewall level not the server level which is making the CPU run more and also might bring your server down , or with bad luck a breach could happen.

Supplementing the above, you want to block the brute force attacks at the network perimeter using a stand alone dedicated appliance. Not only is this a more effective way in doing so, but it will take the CPU load off of the server that is currently performing this activity.

I use eset 5. and I can change the update server. U just need to boot the PC in safe mode and then change the value data in regedit HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info PackageFeatures to 00000001 . Restart the computer. Foila , u can change it.