ESET Endpoint Antivirus v5.0122.1 and LogMein

Discussion in 'ESET Endpoint Products' started by ramirez1, Jul 10, 2012.

Thread Status:
Not open for further replies.
  1. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    Hello

    We just started deploying the new version of ESET Endpoint Antivirus (v5.02122.1)

    We recently started noticing that when we use LogMeIn we are unable to use the ctrl+alt+del function to login into the system. Doing a search online we noticed multiple users having the same problem when using logmein and ESET Endpoint Antivirus. The only way to resolve this is by disabling HIPS.

    System info

    Win 7 Professional 64bit


    Virus signature database: 7286 (20120710)
    Update module: 1041 (20120430)
    Antivirus and antispyware scanner module: 1363 (20120702)
    Advanced heuristics module: 1121 (2011120:cool:
    Archive support module: 1147 (20120620)
    Cleaner module: 1057 (20120626)
    Anti-Stealth support module: 1030 (20120322)
    ESET SysInspector module: 1224 (20120223)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1006 (20110921)
    Translation support module: 1064P (20120427)
    HIPS support module: 1047P (20120419)
    Internet protection module: 1035 (20120323)
    Database module: 1019 (20120404)
     
  2. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    Hi Ramirez1,

    We also have LogMeIn rescue, but I haven't tried doing a login yet with the application. I'm assuming that you are using "install as a service" button before you do screen sharing?
     
  3. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    We dont use Logmein rescue. We have LogMein free already installed and Logmein central to manage the systems. This only started happening when we updated the nod32 clients. This is also happening on a brand new build PC.
     
  4. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    I don't have that product. What you *can* do however is take a test PC and enable logging of blocked actions.

    Advanced Setup -> Computer -> Hips -> Advanced setup.

    Replicate the action and then push a policy to allow that action on all computers.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    You have several old modules installed. Try running a manual update and make sure that the HIPS and Internet protection modules update to a newer version.
     
  6. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    I've done this and still not working. I also did a manual update

    Here's the HIPS log

     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Do you have the HIPS module version 1052 and the Internet protection module 1041 installed now? If not, there's some problem updating your signature database. Do you update from ESET's servers?
     
  8. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Marcos - Is there an issue with ERA 5 pushing out module updates? I just checked my two Endpoint Antivirus machines that I am testing version 5 on and they both have HIPS module 1047p and Internet Protection 1035, both very old. If I update from my mirror, there are no updates. I then cleared the cache on ERA server and did an Update Now. Running update on the clients again isn't downloading any module updates.

    This server was a migration from ERA 4 to 5. Possibly ramirez1 is having the same issue, hence the older modules.
     
  9. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Just confirmed that my ERA 5 mirror isn't sending module updates. Cleared cache on one client, updated from mirror and HIPS module was still 1047P, Internet Protection Module 1035.

    Added username/password and cleared cache and updated from ESET Servers and HIPS module updated to 1052, Internet Protection to 1041.
     
  10. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Yes, that's why I asked if you update from ESET's servers. Just yesterday I tested a new service build of ERA5 which has this issue already fixed and should be released after it passes QA tests.

    The easiest solution to this issue is to install Endpoint on the computer running ERAS, enable mirroring of update files and disable mirroring in ERAS temporarily. This way you won't need to adjust any settings on clients and the change will be transparent. When the new ERAS is available, you'll simply disable mirroring in Endpoint and enable it in ERAS.
     
  12. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30

    After pushing the manual update the HIPS and Internet protection module updated

    I'm still having the problem I reported.

    I have these allowed HIPS rules

    I still see this messages on the log

     
  13. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    I'm still dealing with this issue and I've been troubleshooting with ESET Support.

    Just an update for everyone:

     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Please provide the output of running the commands
    set ProgramFiles
    set ProgramFiles(x86)
     
  15. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    This is the last info I provided to ESET TEch support.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    The problem is you don't have LogMeIn installed in the default %ProgramFiles% folder (C:\Program Files) but on drive D:
     
  17. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    I've updated ERAC/ERAS to the new versions, run an 'update now' from Tools > Server Options in ERAC, and then forced an update on my Endpoint client, but the modules still haven't updated correctly.

    Is there something else I need to do to ensure that program modules update correctly in EEA?

    edit: my client did pull down an update from ERAC, as it went from 7332 > 7333, but no modules updated.
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Please check if you have the latest version of ERAS 5.0.122 installed.
     
  19. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    Thanks, it's definitely been updated to 5.0.122 though. I just checked in Tools > Server Options
     
  20. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    Yes installing LogMeIn on C: correct this issue but this means I'll have to hold on deploying Endpoint. We have over 500 systems with LogMeIn installed on D: and there's other programs as well.

    I just replied to ESET technical support to see if this is something they will fix on some later release.

    Thank You.
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    There's nothing to fix, just appropriate allowing rules need to be created. Try the following:
    - on one computer, switch to learning mode for a while
    - connect via LogMeIn
    - check the rules created
    - create these rules in the policy that is applied to clients connecting to ERAS

    I'll inquire the devs about the rule that was created for LogMeIn in the latest HIPS module update.
     
  22. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    We already tried the learning mode and it didn't work. For now the only solution is installing LogMeIn on C: which is a pain due to the amount of machine where we have it installed on D: :thumbd:
     
  23. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    I just wanted to update everyone on this.

    I noticed ESET Endpoint Antivirus 5.0.2126.0 was release and I decided to test it out.

    I installed LogMeIn back on the D: partition and updates ESET to 5.0.2126.0


    I can now use the Ctrl+ALT+DEL function.


    Thank you :argh:
     
    Last edited: Aug 9, 2012
Thread Status:
Not open for further replies.