Beware of MS hotfixes KB2735855 and KB2750841

Re: Beware of MS hotfix KB2735855

We're going to check if the mentioned Windows update KB2750841 causes the same issue with file corruption and will let you know about our findings then. Thank you for letting us know.

 

Re: Beware of MS hotfix KB2735855

I'm wondering, I have Firefox 16.0.1, and every so often (infrequently but it happens) I get a browser popup saying that "something" is trying to trick Firefox into accepting an insecure update. Please contact your network administrator and seek help." There is no further information in the popup and no way to get more.

Is this possibly related to the hotfix issue?

And please note, once I remove an installed update. I get absolutely spam-deluged with popups from eSET Smart Security: "Eset Smart Security requires your attention. Operating System is -NOT- Up to Date. Please Fix 500 octillion infinity eons prior to the beginning of the space time continuum or the most inconceivably galaxy-shaking mind-shattering catastrophes will rain down upon all living beings." Needless to say, this gets annoying after a while.

 

Re: Beware of MS hotfix KB2735855

Would getting Eset 6 solve these problems?

 

Re: Beware of MS hotfix KB2735855

ESET needs to work with Microsoft more diligently to get this issue fixed fast.

Luckily up to this point, the two problematic KB articles are not security related. However, if a security update is released that patches an exploit and uses updated versions of these files, we cannot simply refuse to install the update (especially in a large business).

Simply rolling out a new version of NOD32 is not an option for large businesses.

 

Re: Beware of MS hotfix KB2735855

No it doesn't. The release candidate doesn't have any effect unfortunately

 

Re: Beware of MS hotfix KB2735855

I agree 100%. This has taken entirely too long already for such a large issue. Luckily most of our users don't download often, so we haven't had to rollback the patch,..."yet".

Curiously, the #1 place I've had downloads corrupt, slowdown and fail mid-download is ESET's download page.

 

Re: Beware of MS hotfix KB2735855

I've haven't noticed any issues with chrome, some with Firefox, and mainly IE (including IE 10) exhibit the failures in my environment.

At the LEAST, they appear to be taking steps (even though we have no final result) to remediate the issue - which is more than I can say for another av vendor I am migrating from.

 

Re: Beware of MS hotfix KB2735855

I believe the problem got worse, I can't even browse without having Firefox excluded from protocol filtering.

 

Re: Beware of MS hotfix KB2735855

Looked back to see that it was on 10-4, that I posted to this thread and yet another "Black Tuesday" has come and gone and no patch has appeared from MS...Either the issue is too complicated to correct? - Unknown if other A/V - Security products are affected similarly - or perhaps ESET may have to develop it's own patch to fix this elusive "intermittent incomplete download bug". For me roughly 90% of the time the d/l's are complete verified by CRC check if available. 10% of the time they are incomplete/corrupt and the telltale sign is that the download process sub-window wil hang at 99% too long. Disabling NOD temporarily works to "fix" that 10% error rate but that's not really any fix but more of a workaround...

 

Re: Beware of MS hotfix KB2735855

We are in an environment with over 1000 users. I have so far had to decline these two KB updates on our WSUS. I can't simply start declining KB updates that patch exploits. We need a proper fix for this. Now that there are updated versions of these files that started with KB2735855, there is a much higher chance that future updates will incorporate them.

This shouldn't simply be an issue where ESET reports this to Microsoft and waits to hear back. This should be a critical escalated issue where the utmost attention is being given to resolve this as soon as possible.

 

Re: Beware of MS hotfix KB2735855

Not sure how it all works but isn't this more Eset's problem than Microsoft's, shouldn't Eset figure out their own program to work with these hotfixes? No other Antivirus program having problems that I know of.

Correct me if I'm wrong.

 

Re: Beware of MS hotfix KB2735855

Almost two months from the first post presenting the problem!

Silence, silence, silence ........

Etretat.

 

Re: Beware of MS hotfix KB2735855

Silence? There have been actually several responses from ESET's mods. Microsoft was contacted, they acknowledged the bug and now we all are awaiting a fix.

 

Re: Beware of MS hotfix KB2735855

A fix from Microsoft or a ESET one?

Thanks,

Etretat.

 

Re: Beware of MS hotfix KB2735855

The bug is present in Windows Filtering Platform. That said, any 3rd party driver performing same operations as epfwwfpr is affected. It seems that only systems with quad+ core CPUs are affected.

 

Re: Beware of MS hotfix KB2735855

Well I decided I will go with a different Anti-virus until this gets fixed because I more than often have to keep excluding my browser from protocol filtering just so I could load a page, it's just unbelievable and unacceptable.

 

Re: Beware of MS hotfix KB2735855

I keep the 2 hotfixes uninstalled on my computer until MS comes up with a solution. This way the computer remains fully protected against threats. As I wrote before, any 3rd party solution working at the WFP level (a must in Windows and intervening in http communication will suffer from the same issue.

 

Re: Beware of MS hotfix KB2735855

We should change the title of this sticky post to show all affected KB articles. All affected KB articles should be listed on the first post so people don't have to hunt through this thread.

If any more come out, we can add to the list.

 

Re: Beware of MS hotfix KB2735855

Done

 

Re: Beware of MS hotfix KB2735855

I decided I won't be changing antiviruses,I'll put my trust into you Marcos besides I don't think any other antivirus is as good as Eset.

 

I have both those hotfixes installed, and Nod32 v4. I have not had a single corrupt download yet, and protocol filtering is on. Windows 7 x64 and a Sandy Bridge 2700k CPU.

 

AFAIK, this issue affects only ESET Endpoint Products (v. 5.0) on MS Windows 7 and Windows Server 2008 R2 as the hotfixes apply only to those Windows versions.

-- rpr.

 

Oh? If that's the case, wouldn't this thread make more sense in the Endpoint sub-forum?

 

This is not true. Although home users are unlikely to use Windows Server 2008, many of them actually use Windows 7 which is affected as well.

 

In the following lists Windows Vista is not mentioned:
http://support.microsoft.com/kb/2735855#appliesto
http://support.microsoft.com/kb/2750841#appliesto