Multiple issues with build 6.0.316.0

Discussion in 'ESET Smart Security' started by tommy456, Apr 3, 2013.

Thread Status:
Not open for further replies.
  1. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    1, in situ upgrade install fails to complete leaving users computer in a frozen/non responsive state, requiring a hard reset/power cycle (with a risk to data corruption etc)
    After a reboot eset appears to work, but on updating the av database it again causes the users PC to freeze whilst it is installing what it had downloaded , This was followed by the EGUI.EXE crashing when a program is requesting access to the internet , the product isn't listed in add or remove programmes in windows or other 3rd party apps that can uninstal programmes
    Even trying via the windows start menu fails ,
    2, I had to run the eset uninstall tool several times in safe mode to completely uninstall the mess eset had created

    After which i downloaded the latest build from eset.co.uk ran the installer

    which after reaching the point where it asks if you want to scan for unwanted programmes ect, which you select one of the 2 options, the installer continues,more or less straight after this eset throws some error messages

    ess instal error.JPG

    ess instal error 2.JPG

    Confused ? so was i wth is this about ? I did on second attempt successfully install eset ss, But shortly after activating & updating it i see multiple error messages these which are recorded in esets event log
    Code:
    <?xml version="1.0" encoding="utf-8" ?>
    <ESET>
      <LOG>
        <RECORD>
          <COLUMN NAME="Time">
            <DATE>03/04/2013</DATE>
            <TIME>13:13:17</TIME>
          </COLUMN>
          <COLUMN NAME="Module">ESET Kernel</COLUMN>
          <COLUMN NAME="Event">Virus signature database successfully updated to version 8188 (20130403).</COLUMN>
          <COLUMN NAME="User"></COLUMN>
        </RECORD>
        <RECORD>
          <COLUMN NAME="Time">
            <DATE>03/04/2013</DATE>
            <TIME>13:13:15</TIME>
          </COLUMN>
          <COLUMN NAME="Module">HIPS</COLUMN>
          <COLUMN NAME="Event">Communication with the driver failed. HIPS does not work.</COLUMN>
          <COLUMN NAME="User"></COLUMN>
        </RECORD>
        <RECORD>
          <COLUMN NAME="Time">
            <DATE>03/04/2013</DATE>
            <TIME>13:11:07</TIME>
          </COLUMN>
          <COLUMN NAME="Module">ESET Kernel</COLUMN>
          <COLUMN NAME="Event">Error initializing file submission system.</COLUMN>
          <COLUMN NAME="User"></COLUMN>
        </RECORD>
        <RECORD>
          <COLUMN NAME="Time">
            <DATE>03/04/2013</DATE>
            <TIME>13:11:06</TIME>
          </COLUMN>
          <COLUMN NAME="Module">Personal firewall</COLUMN>
          <COLUMN NAME="Event">
    An error occurred while reading control file. The Personal firewall will not work.</COLUMN>
          <COLUMN NAME="User"></COLUMN>
        </RECORD>
        <RECORD>
          <COLUMN NAME="Time">
            <DATE>03/04/2013</DATE>
            <TIME>13:11:06</TIME>
          </COLUMN>
          <COLUMN NAME="Module">HIPS</COLUMN>
          <COLUMN NAME="Event">Loading module failed. HIPS configuring does not work.</COLUMN>
          <COLUMN NAME="User"></COLUMN>
        </RECORD>
      </LOG>
    </ESET>
    3,Then after setting the various modules up the way i wanted, like sll scanning on, hips to learning mode,firewall to interactive, ect ect,
    I notice that eset repeats the same request for access to the internet and makes several rules (makes a carbon copy ) with some apps, it has never displayed this behaviour before today, then shortly afterwards when initiating VLC to check for updates, and eset requesting /creating the same rule 5 times the EGUI.EXE process quits/crashes i have a screen shot of the errors, as i think that there is definitely a link between the firewall and GUI causing it to crash or just plain bad programing, im getting passed the stage of caring which
    eset gui bug.JPG eset fwall_gui error.JPG And i would like to know if the previous build is still available 6.0.314 en? if so please could someone provide a link for it,
     
    Last edited: Apr 3, 2013
  2. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    276
    Location:
    USA
    Filehippo.com seems to have the older versions.
     
  3. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    Thanks for the heads up, they do indeed have older builds of ess,

    Just an update on the problems i had with ess build 6.0.316.0 After posting the above thread it became apparent that the eset firewall module wasn't working as it should, in that it wasn't blocking any out going requests and it wasn't showing any request notification messages ( firewall set to interactive mode ),
    inbound traffic wasnt being blocked either and again no pop up message asking to allow or deny communication for the process, It was at this point i yet again un installed it, and installed the last build of version 5 (which i still had on my old HDD) So far non of the issues i had with version 6 are evident ,

    Also there was another issue, with utorrent , even when u torrent wasn't uploading/downloading any data if i open a browser its opens very slowly and loads web pages slowly too, i know 100% it's down to ess, because i tested it whilst ess was not on my system, maybe that's something else that needs looking into ?
     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Maybe an XP issue? Or something else system specific? I installed this build of EAV on a Windows 7 machine and 2 copies of ESS on a pair of Windows 8 machines yesterday with no issues.
     
  5. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    I understand what you are saying, as in the past (ess v5) i had an issue that only affected Win 7 , this did get resolved by eset suport around a month after reporting it and them getting as much info from my pc ,
    So i know it can happen, A bit more info has come to light regarding this, shortly after i installed V5 and updated it, i even installed pre release, then after a short time whilst browsing my machine locked up, just as it had earlier on, after i had power cycled my pc (again) eset loaded or should i say partly loaded, the GUI showed only half the modules View attachment ess v5 load failure.txt I nearely at that point removed eset ss from my system for the last time, but i instead rebooted and ess loaded up properly
    It then updated a couple of times ? not sig updates, so it could be that for some stupid reason eset isn't fully downloading everything first time, leaving it barely working and possibly the system exposed during this time , after these updates no more lock up's of my pc, once the EGUI.EXE crashed but restarted instantly so it never disapeared from taskbar, It did not create a full DMP as it is set up to do
    What is 2. NODv2? Also there would appear to be some sort of conflict between Utorrent client and ess, if i open utorrent noactive torrents running and then try to browse or check e-mail's with outlook express they load slower than normal and almost hang, it's 100% ess causing this, until recently this never happened, and another app is suddenly having issues or was pingplotter pro, i un checked imcp checking and it runs normal it was causing abnormal latency jitter between lan and router, So i think maybe the intrusion dectection or the module that is responsible for that (Firewall module ?) needs checking out
     
    Last edited: Apr 3, 2013
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Are you using the live installer or the offline? I always use the offline. I've had too many issues with live installers from any vendor.
     
  7. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    I have always used the offline installers too
     
  8. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    This is a follow up, After disabling the HIPS module, and using eset in this way, which also enabled me to restart the main eset process when ever it accumulated a lot of physical memory(private bytes)AKA memory leak issue
    By turning off the ssl/https scanning prior to a restart the fwall would reload properly, so was a workaround, although not an ideal one, The other day i updated utorrent ,

    following installation,(which seemed to take an abnormally long time) i noticed a new problem, when utorrent started to download a file and got to around 30mbps eset would cause the download to cease,but the connections where still open, no throughput, i also noticed that utorrent was frozen(hung) and something was using 50-70% of my CPU so i killed it with task man, at wich point i noticed eset ekrn.exe was the process responsible for the abnormal cpu load, this continued for over 1 minute before it finally returned to normal, so after reproducing it several times, and rolling back utorrent to the previous version which had been working fine, which made no difference and gave the same results, as did using a older version of u torrent,
    At this point i decided to re install eset so i un-installed eset via the usual windows add & remove programs menu method, and re booted as per prompt from eset upon loading of windows(which was slower than normal) here's the mess that was left from the failed un install process eset failed uninstall 2.JPG

    eset uninstall fail 1.JPG

    And using task man i could see that EKRN.EXE was also running although eset was supposed have been removed from my pc,

    So i had to run the eset uninstall tool
    here is the log from that tool incase it provides any clue as to why this happened
    Code:
    [COLOR="Blue"][FONT="Arial Black"]>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
    [05/11/13  21:42:08]	C:\Documents and Settings\Administrator\Desktop\ESETUninstaller.exe 6.0.3.0
    [05/11/13  21:42:08]	Input arguments: 
    [05/11/13  21:42:10]	Online (PC booted from fixed disk) mode detected.
    
    [05/11/13  21:42:10]	WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
    Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
    Are you really sure to continue? (y/n): y
    
    
    [05/11/13  21:42:12]	Scanning available operating systems ...
    
    [05/11/13  21:42:12]	Available operating systems, which AV product can be removed from:
    
    [05/11/13  21:42:12]	[1]
    [05/11/13  21:42:12]	Product Name: Microsoft Windows XP
    [05/11/13  21:42:12]	Current Version: 5.1.3.2600.WinNT.x86
    [05/11/13  21:42:12]	Volume: C:\
    [05/11/13  21:42:12]	System Root: C:\WINDOWS
    [05/11/13  21:42:12]	Program Files: C:\Program Files
    [05/11/13  21:42:12]	Program Files (x86): 
    [05/11/13  21:42:12]	Common files: C:\Program Files\Common Files
    [05/11/13  21:42:12]	Common files (x86): 
    [05/11/13  21:42:12]	Common application data folder: C:\Documents and Settings\All Users\Application Data
    [05/11/13  21:42:12]	Common programs folder: C:\Documents and Settings\All Users\Start Menu\Programs
    [05/11/13  21:42:12]	Device path folder: C:\WINDOWS\inf
    [05/11/13  21:42:12]	Drives mapping:
    [05/11/13  21:42:12]	Current Letter: C	Native Letter: C
    [05/11/13  21:42:12]	Current Letter: D	Native Letter: D
    [05/11/13  21:42:12]	Current Letter: E	Native Letter: E
    [05/11/13  21:42:12]	Current Letter: F	Native Letter: F
    [05/11/13  21:42:12]	Current Letter: G	Native Letter: G
    [05/11/13  21:42:12]	Current Letter: H	Native Letter: H
    [05/11/13  21:42:12]	Current Letter: I	Native Letter: I
    
    [05/11/13  21:42:12]	Building cache: COM: AppID -> DllName ... 
    [05/11/13  21:42:12]	Building cache: COM: Category -> ReferenceCounter ... 
    [05/11/13  21:42:12]	Scanning installed AV products ...
    
    [05/11/13  21:42:14]	Installed AV products:
    [05/11/13  21:42:14]		1. ESS/EAV/EMSX
    [05/11/13  21:42:14]		2. NODv2
    
    [05/11/13  21:42:14]	Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 2
    
    [05/11/13  21:42:18]	Are you sure to uninstall NODv2 from this OS? (y/n): y
    
    
    [05/11/13  21:42:21]	Product uninstallation: NODv2
    
    [05/11/13  21:42:21]	Uninstallation in progress, please wait ...
    
    [05/11/13  21:42:21]	Current control set ...   ControlSet002
    
    [05/11/13  21:42:21]	WSC: NODv2 unregistered of Windows Security Center
    
    
    [05/11/13  21:42:21]	Dmon: deleted: Classes\Component Categories\{56FFCC30-D398-11d0-B2AE-00A0C908FA49}
    
    [05/11/13  21:42:21]	Uninstallation NODv2 finished successfully.
    
    
    [05/11/13  21:42:21]	Installed AV products:
    [05/11/13  21:42:21]		1. ESS/EAV/EMSX
    
    [05/11/13  21:42:22]	Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1
    
    [05/11/13  21:42:29]	Are you sure to uninstall ESS/EAV/EMSX from this OS? (y/n): y
    
    
    [05/11/13  21:42:31]	Product uninstallation: ESS/EAV/EMSX
    
    [05/11/13  21:42:31]	Uninstallation in progress, please wait ...
    
    [05/11/13  21:42:32]	Current control set ...   ControlSet002
    
    [05/11/13  21:42:32]	Services: deleted: ControlSet002\Enum\Root\LEGACY_EPFW
    [05/11/13  21:42:32]	Services: deleted: ControlSet002\Enum\Root\LEGACY_EAMON
    [05/11/13  21:42:32]	Services: deleted: ControlSet002\Enum\Root\LEGACY_EPFWTDI
    [05/11/13  21:42:32]	Services: deleted: ControlSet002\Enum\Root\LEGACY_EHDRV
    [05/11/13  21:42:32]	Services: deleted: ControlSet002\Services\ekrn
    [05/11/13  21:42:32]	Services: deleted: ControlSet002\Enum\Root\LEGACY_EKRN
    
    [05/11/13  21:42:32]	WSC: ESS/EAV unregistered of Windows Security Center
    
    
    [05/11/13  21:42:32]	Product code of ESET product: {FBFA7DDB-4188-457E-BD16-81B26E2B447C}
    [05/11/13  21:42:32]	Name of ESET product: ESET Smart Security
    [05/11/13  21:42:32]	Reverse product code: BDD7AFBF8814E754DB61182BE6B244C7
    [05/11/13  21:42:32]	Install location: C:\Program Files\ESET\ESET Smart Security\
    [05/11/13  21:42:32]	Local MSI package: 
    [05/11/13  21:42:32]	Product icon: 
    
    [05/11/13  21:42:32]	Install directory: deleted: C:\Program Files\ESET\ESET Smart Security\
    [05/11/13  21:42:33]	ESET folder: deleted: C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\
    [05/11/13  21:42:33]	ESET folder: deleted: C:\Documents and Settings\All Users\Start Menu\Programs\ESET\ESET Smart Security\
    [05/11/13  21:42:33]	Delete of empty folders ...
    [05/11/13  21:42:33]	ESET folder: deleted: C:\Documents and Settings\All Users\Start Menu\Programs\ESET\
    [05/11/13  21:42:33]	Installer folders: deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
    [05/11/13  21:42:33]	deleted: C:\Documents and Settings\All Users\Start Menu\Programs\ESET\
    [05/11/13  21:42:33]	ESET folder: deleted: C:\Documents and Settings\All Users\Application Data\ESET\
    [05/11/13  21:42:33]	Installer folders: deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
    [05/11/13  21:42:33]	deleted: C:\Documents and Settings\All Users\Application Data\ESET\
    [05/11/13  21:42:33]	ESET folder: deleted: C:\Program Files\ESET\
    [05/11/13  21:42:33]	Installer folders: deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
    [05/11/13  21:42:33]	deleted: C:\Program Files\ESET\
    
    [05/11/13  21:42:33]	ESET Product: deleted: ESET\ESET Security
    [05/11/13  21:42:33]	ESET Product: deleted: ESET\Setup
    [05/11/13  21:42:33]	ESET Product: deleted: ESET\NOD\CurrentVersion\InstalledComponents\V3
    [05/11/13  21:42:33]	ESET Product: deleted value in: ESET\NOD\CurrentVersion\Info ...
    [05/11/13  21:42:33]	deleted: InstallDir
    [05/11/13  21:42:33]	ESET Product: deleted: ESET\NOD\CurrentVersion\Info
    [05/11/13  21:42:33]	ESET Product: deleted: ESET\NOD\CurrentVersion\InstalledComponents
    [05/11/13  21:42:33]	ESET Product: deleted: ESET\NOD\CurrentVersion
    [05/11/13  21:42:33]	ESET Product: deleted: ESET\NOD
    [05/11/13  21:42:33]	ESET Product: deleted: ESET
    
    
    [05/11/13  21:42:33]	Uninstallation ESS/EAV/EMSX finished successfully.
    
    
    [05/11/13  21:42:33]	Log file location: "C:\Documents and Settings\Administrator\Desktop\~ESETUninstaller.log"
    
    [05/11/13  21:42:34]	Uninstallation finished successfully, please restart your PC now.
    
    [05/11/13  21:42:34]	Press any key to exit ...
    >>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>[/FONT][/COLOR]
    
    Following this i downloaded a new copy of the offline installer from the eset uk site, install process did not complete without issue, but i manually got it to finish the install , entered my licence details activated it,updated it, & configured it to the way i have always used it, within a very short time frame, (mins not hours) eset gui was crashing and also the ekrn.exe , so i un-installed again, again using the uninstall tool in safe mode, this time i chose to download the offline installer from the eset .com web site, and install that instead, the install completed without issue,as it is supposed to do, and activated &updated it, imported my saved settings and so far around 24hrs no issues with esset gui or utorrent
     
    Last edited: May 12, 2013
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    If ekrn is crashing, enable generation of complete application memory dumps under Tools -> Diagnostics in the main setup. When ekrn crashes and a dump is created, upload it to a safe location and PM me the download link so that we can check it out and determine the cause of the crash.
     
  10. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    It is set to do that, now one of the first things that i do, But i was that pi**ed at it i forgot to save the DMP files that ekrn.exe had created
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    If you didn't delete the dumps manually, they should still be in the Diagnostics folder (the path can be configured to your likings).
     
Thread Status:
Not open for further replies.