How to temporarily stop the service "ESET Service" prior to software install?

Discussion in 'ESET Endpoint Products' started by Reedmikel, Jul 13, 2012.

Thread Status:
Not open for further replies.
  1. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    JimWillsher - In all my years I've never needed to disable AV software either, though like you said many software vendors recommend doing so. But I've run into my first case with this software from SMART, and they are a leading provider of smartboard technology for schools and other sectors. I'm stuck in the middle between these 2 vendors (ESET and SMART), and simply asking for a solution. They have been in touch with each other, but I doubt any solution will be forthcoming in the near future. So that's why I'm asking ESET to consider providing a command line method for disabling their AV, WHICH IS PASSWORD-PROTECTED.

    It is frustrating to get mis-information from ESET support that tells me to disable Self-Defense in order to be able to stop the ESET Service. Then I spend the time doing what Marcos suggests, only to find out it does not work at all like he indicated. It would be much better if he said "I am not sure, but MAYBE disabling Self-Defense MIGHT in turn allow you to stop the service...". Or, say that he has no idea and will contact one of the developers for clarification.
     
  2. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    I'm inclined to agree that it would be useful to have this feature. We can do many things from ERAC/ERAS, even uninstall ESET remotely, so this could be another item for my "wishlist" thread from a few days ago :) The NOD client must have a way to confirm that the request has come from an ERAC/ERAS in order to trust the request.

    What you could do is create a config with self defence disabled, and push this out to your 50 clients. Let them reboot, then install the software, then push out a config with self defence enabled again. I know that's not a scripting solution, but it would save you walking around 50 desktops.

    Hope you manage to make some progress.



    Jim
     
  3. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    I already tried disabling self-defense (in the policy), rebooting client, then ran SMART installer. But it still complained that it needed to close the "ESET Service" service. If I respond and tell the SMART installer to try closing it, it reports right back that it cannot close/stop it.

    The only solution I found so far was to *manually* disable real-time protection by using the ESET client GUI (rgt-click on system tray icon). But that is not a realistic solution when there are many PCs to install this on...

     
  4. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Jim - you brought up a great point: Since I use ERAC, why couldn't ESET provide a console menu option to disable realtime-protection? e.g. offer options like "Disable real-time file protection for x minutes" or "Disable real-time file protection until next reboot". Since the request would be originated at the console, there would be no security concerns.

    Maybe this ability exists and I'm just not aware of it? Marcos?

    If no such option exists - what do you think of the suggestion to add it to ERAC Marcos?
     
  5. simple0

    simple0 Registered Member

    Joined:
    Aug 2, 2012
    Posts:
    1
    Location:
    USA
    I don't have an answer on how to disable ESET service (ekrn.exe) from a command line. However, I do run Windows (7) with this service in Manual mode.

    I'm using netbooks a lot and the processors of these very useful devices are not very powerful. When ekrn.exe is active, after daily updates, when downloading files from the Net, when installing anything, the processor use spikes to about 100%. This is not acceptable for me, so I decided to run ESET only when I need it (VERY rarely).

    I load Windows in safe mode and rename the ESET folder. I start Windows in normal mode, open services and now I can modify the ESET service startup type to manual. I delete the egui entry from the registry so it doesn't try to load at Windows startup, then I restart Windows in safe mode again and rename back the ESET folder to its original name.

    After these actions ESET service doesn't load automatically with Windows and it can be started manually from Services. As I've mentioned, I don't start this service very often. I always run Windows as a standard user, so chances to get infected while browsing the Net are minimal. When I download any software and when I install anything, I first scan it with Dr. Web virus scanner to make sure it's clean. I have to mention that I didn't have a virus or malware program on any of my computers since I stopped using Windows 98 (before 2000).
     
    Last edited: Aug 2, 2012
  6. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Thanks for that info Simple!

    Marcos - have you thought about what I asked on 7/20 (below)?
     
  7. captainfish

    captainfish Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    35
    Location:
    USA
    One way to do this "programatically" is to make the required changes to your Configuration from the ERAS server using ESET Configuration Editor. But don't save the changes. Click on FILE, then Save Marked As...

    This will export the changes as an XML file. Then, you can push out that change to the desired machines temporarily disabling auto-protect and self-defense if necessary.

    Then once the software is installed, you can send out the primary fully configured Configuration XML to the machines to turn everything back on.
     
  8. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Thanks captain! Sure would be easier though if ESET provided a way to do this directly from the console (ERAC). But Marcos never followed up on that suggestion...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.