[CA7458] Legacy products startup issue

ESET Customer Advisory 2020-0004
February 27, 2020
Severity: High

Summary

ESET has identified an issue with digital signature validity verification. The issue occurs in cases of already expired certificates within the certificate chain in some legacy product versions. In this case, an affected product would not trust its plugins and would refuse to load them, which made the product non-functional.

Details

A software flaw in several old versions of ESET security products caused properly signed binaries to be treated as untrusted, thus the loading of the signed plugins failed and the product’s features, including malware protection, could not start. Specifically, the digital signature verification mistakenly evaluated the current system time instead of a timestamp set during the binary signing process. Full details can be found in this knowledgebase video: https://www.youtube.com/watch?v=oHibrFGvxfc

Symptoms

For versions older than 5.0.2271.x the symptoms are:

  • After reboot, the product is non-functional and cannot be uninstalled or updated
  • GUI of the main window is in English and logo shows ESET Smart Security 5 instead of Endpoint Security or Endpoint Antivirus
  • Some features in the product’s advanced settings are missing

For versions 6.5.x symptoms are:

  • After reboot, the product is non-functional and can’t be uninstalled or updated
  • Product reports "Anti-Phishing protection is non-functional"
  • Product reports that it is not activated
  • Some features in the product’s advanced settings are missing

This issue DOES NOT affect the latest versions of ESET’s products, including the latest ESET Endpoint Antivirus/ESET Endpoint Security 6.6.2089 and 7.2 and ESET File Security for Windows 7.1.12008, and customers using the latest versions are not affected in any way.

Solution

ESET sincerely apologizes for any inconvenience caused by this issue. We have dedicated our full effort to provide affected customers with various automated and manual means of fixing the issue within a matter of days, despite the products already being out of scope for regular support. Our support teams remain ready to assist any customers in remedying the issue.

If you have installed ESET Endpoint product 5.x on your computer, follow https://support.eset.com/kb7442

If you have installed ESET Endpoint product 6.5 on your computer, follow https://support.eset.com/kb7443

If you have installed ESET Security product for Windows Servers 6.5 on your computer, follow https://support.eset.com/kb7444

The ultimate solution to the incident is to upgrade to the latest supported version of the product on your OS.

Affected programs and versions

ESET Endpoint Antivirus/ESET Endpoint Security 5 ESET Endpoint Antivirus/ESET Endpoint Security 6.5 ESET File Security for Windows 6.5 ESET Mail Security for MS Exchange Server 6
5.0.2248.0 6.5.2086.0 6.5.12002.1 6.5.10057
5.0.2254.0 6.5.2086.1 6.5.12002.0 6.5.10059
5.0.2254.1 6.5.2093.1 6.5.12004.0  
5.0.2254.1000 6.5.2094.0 6.5.12007.0  
5.0.2260.0 6.5.2094.1 6.5.12010.0  
5.0.2260.1 6.5.2107.0 6.5.12013.0  
5.0.2265.0 6.5.2107.1 6.5.12014.0  
5.0.2265.1 6.5.2118.0 6.5.12017.0  
  6.5.2118.1 6.5.12018.0  
  6.5.2118.2    
  6.5.2118.3    
  6.5.2118.4    
  6.5.2123.5    
  6.5.2123.7    
  6.5.2123.8    
  6.5.2132.1    
  6.5.2132.2    
  • ESET Security for Kerio 6.5
  • ESET Mail Security for Lotus Domino 6.5.14026
  • ESET Security for SharePoint Server 6.5
  • Several older builds of ESET NOD32 Antivirus/ESET Smart Security 9 (versions 9.0.402.1 and lower)

All affected products were already in the “Basic Support” or “Limited Support” categories of ESET’s End of Life Policy as per https://support.eset.com/en/kb3592-is-my-eset-product-supported-eset-end-of-life-policy-business-products

Feedback & Support

If you have any feedback or questions about this issue, please contact us using the ESET Security Forum, or via local ESET Technical Support.

Version log

Version 1.0 (February 26, 2020): Initial version of this document