[CA6234] Old drivers remain in use after a product update on Windows 10

Summary

ESET Customer Advisory 2016-0014

October 3, 2016

Severity: High

Summary

ESET recently discovered an issue with old drivers remaining in use after a product update on Windows 10. ESET prepared fixed product builds and also an automatically distributed workaround in the form of an updated Antivirus and antispyware scanner module.

Customer Advisory

Details

When a user running Windows 10 updated their ESET product to an affected version, drivers belonging to the product did not update and the old drivers remained in use. The product did not register this anomaly and no error message or protection status change was shown. Depending on the difference between the old version and the new version, the actual consequences varied. For example, if the user updated from ESET Endpoint product 6.3 to ESET Endpoint product 6.4, the differences were minor or none and almost everything worked properly. If they updated from the 5th generation of ESET Endpoint products to the 6th generation of ESET Endpoint products (or even from the 4th generation of ESET Business Edition products to the 6th generation of ESET Endpoint products), more differences were present and some features (such as Device control) may have not worked, while others (such as Real-time file system protection) would work (and the user was still protected) with the default settings (i.e. no user-made configuration changes would be applied, as there was a change in the way configuration is stored between 5th and 6th generation of ESET Endpoint products). ESET prepared fixed builds of ESET Endpoint products 6.4 and ESET Endpoint products 5.0 and will release them soon. Also, the Antivirus and antispyware scanner module version 1502 automatically detects older driver versions and replaces them with the correct ones, therefore fixing the situation.

Solution

There are three possible solutions available and the user may choose the one they prefer the most.

  • Uninstall your current ESET product and install it again. The issue will not reappear, as it does not manifest after a clean installation, only after an update from any previous version to the affected version
  • Once ESET releases the fixed builds, perform an update to this version of the product, downloaded from ESET's website
    The issue is fixed in ESET Endpoint products 6.4.2016 (or higher version) and in ESET Endpoint products 5.0.2267 (or higher version of the 5.0.xxxx generation)
  • Once your product downloads the Antivirus and antispyware scanner module version 1502, the drivers will be replaced and the issue will be fixed after the succeeding computer restart.
    You may wait till the module is released publically and downloaded automatically to your computer, or you may switch to the pre-release channel and have the module downloaded immediately, as it is already available on this channel.

Affected products and versions

A product was affected if it was running on Windows 10 and it was updated from any previous version to one of the following versions:

  • All currently released 6th generation ESET Endpoint Antivirus and ESET Endpoint Security versions (6.4.2014 and lower)
  • All currently released 5th generation ESET Endpoint Antivirus and ESET Endpoint Security versions (5.0.2265 and lower)
  • ESET NOD32 Antivirus and ESET Smart Security versions 8.x and lower (9th generation of consumer segment products is not affected)

Feedback & Support

If you have feedback or questions about this issue, please contact us using the ESET Security Forum, or via local ESET Support.

Version log

Version 1.0 (October 3, 2016): Initial version of this document