[KB3544] ESET Installation Fixer

Issue

Solution

What is an ESET Installation Fixer?

ESET Installation Fixer (InstaFix, install fix) is a technical support tool for ESET products. ESET Installation Fixer is designed to fix several issues that can occur with services while installing ESET software.

ESET home, endpoint, and server products only

ESET Installation Fixer tool can be used only for ESET home, endpoint, and server products. It cannot be used for Management Agents.

Before using ESET Installation Fixer
  • Run the program only when advised by ESET Technical Support.
  • The program must be run from an administrative account. Installation Fixer commands must be executed using a command prompt with elevated full admin privileges.
  • The ESET Installation Fixer will not function in Safe Mode.
  • When working on a 64-bit operating system, you must use a 64-bit version of ESET Installation Fixer.
  • ESET Installation Fixer is intended for use on Windows XP SP3 and later versions of Windows.

This current version supports the following fixes:


How do I use ESET Installation Fixer?

  1. Click the appropriate link below to download the ESET Installation Fixer for your operating system (Click for steps to determine whether your OS is 32-bit or 64-bit):
  1. After the tool has finished downloading, run the ESET Installation Fixer from an administrative command prompt using one of the commands detailed below. All commands should be added after the directory where the Installation Fixer is located, for example:

    C:\Users\Owner\Desktop\InstFix_nt64.exe -fix MRL

    Users with the 32-bit version

    Users with the 32-bit version of Installation Fixer will type "InstFix_nt32.exe" rather than "InstFix_nt64.exe"


MSI Registry Leftovers

Issue

An attempt to upgrade an ESET product to the latest version fails. The installation log reports the error "Error 2753: The File 'shellExt.dll' is not marked for installation."

Cause
  • The upgrade process is interrupted by a new installation of an earlier product that was already upgraded in the past. This happens right after the RunEngine section responsible for removing the product currently being upgraded ends successfully.
  • The group policy application management (AppMgmt) service is suspected of running the installation of the missing software. The reason for this may be a misconfiguration of some Group Policy Objects, where according to this policy the old product should still be installed on the system, and the application upgrade process is not detected.
Solution

Command:

C:\Users\Owner\Desktop\InstFix_nt64.exe -fix MRL -b

InstFix enumerates all ESET security products with a specific MSI Upgrade Code from the Windows Installer Registry and tries to determine the installer version of the current product. Registry entries that do not match the installed version are deleted from the following locations:

  • HKCR\Installer\UpgradeCodes
  • HKCR\Installer\Products

When using the -b switch with this command, each entry that will be deleted is backed up to a separate REG file.


Missing MSI Registry

Issue

An attempt to upgrade an ESET product to the latest version fails when stopping the ESET Service (ekrn). The installation log contains RunEngine sections that reference only the MSI package that is currently installed.

Cause
  • Windows Installer is missing registry entries for the currently installed application. During an upgrade, the old MSI package must be called in a separate RunEngine section with its GUID listed as the product name. After a successful uninstallation of the old MSI package, a new RunEngine section starts, and the main installation of the latest version begins. The main reason why the Registry entries are missing is unknown.
Solution

Command:

C:\Users\Owner\Desktop\InstFix_nt64.exe -fix MMR

InstFix checks if the problem is present and then tries to restore all known mandatory Windows Installer Registry keys and values.

  1. Manually copy the original MSI package (same product, version, platform, and language) of the currently installed product into the hidden system directory %SystemRoot%\Installer!
  2. InstFix will gather all required information about the currently installed product and search for the original MSI package in the Windows Installer MSI Cache. If the MSI package is found, a list of mandatory registry keys and values is restored in the following locations:

    • HKCR\Installer\UpgradeCodes
    • HKCR\Installer\Products
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

Search Service Index

Issue

Installation of an ESET product fails in CA EpfwInst!FinalizeInstall on EpfwWfpRegisterCallouts with error code ERROR_RM_NOT_ACTIVE (0x1a91 = 6801).

Cause
  • Some system files related to the Windows Search service are corrupted or left in an inconsistent state. One reason for this may be that a System Restore was performed.
Solution

Command:

C:\Users\Owner\Desktop\InstFix_nt64.exe -fix SSI

InstFix deletes all *.blf and *.regtrans-ms files in the following locations:

  • %SystemRoot%\system32\config\TxR
  • %SystemRoot%\system32\SMI\Store\Machine

InstFix attempts to stop the Windows Search Service if running. The main fix is applied, and the service is started again. A restart may still be required if unsuccessful.

Higher CPU and HDD load

You can expect higher CPU and HDD load while rebuilding the search index.


Registry Value Types

Issue

Installation of an ESET Security product fails in CA InstSupp!InstallDriverPackages for EDEVMON on SetupInstallFromInfSection with error code 13.

The Setup API APP log reports "[SetupInstallFromInfSection - DefaultInstall]" related to the error time and EDEVMON ("inf: AddReg=EDEVMON") the issue "!!! inf: Error setting registry value HKLM...".

Cause
  • Some third-party applications write values to the Registry using the wrong Registry type as declared in the Windows Registry documentation. This causes driver installation failures when the next driver is installed because Windows expects to read a different Registry type.
Solution

Command:

C:\Users\Owner\Desktop\InstFix_nt64.exe -fix RVT -b

InstFix iterates over a list of known registry values and checks their types. If a type does not match the expected type, InstFix converts the value appropriately and stores it as the correct and expected registry type.

The list currently contains only EDEVMON registry values located under the registry key HKLM\System\CurrentControlSet\Control\Class. Each registry value that needs to be converted will first be backed up to a separate REG file when using the -b switch.

Third-party software may stop working properly

Third-party software that sets registry values using the wrong registry types and then tries to read the fixed values may stop working properly. This issue needs to be reported as a software bug to the third-party application vendor.


MaxNumFilters

Issue

Installation of an ESET Security product fails in CA InstSupp!InstallDriverPackages for EPFWLWF on HrInstallComponent with error code NETCFG_E_MAX_FILTER_LIMIT (0x8004a029).

Cause

Windows has a restriction for the maximum number of network filter drivers that can be loaded at a time. If the maximum value is reached, then the next filter driver installation will fail. Each version of Windows has this maximum value hard coded and also defined in the Registry. The value in the Registry is typically set to a much smaller value than the hardcoded one. If the Registry value is not defined, then the hard-coded value is used.

Location

HKLM\SYSTEM\CurrentControlSet\Control\Network\MaxNumFilters:dword

Solution

Command:

C:\Users\Owner\Desktop\InstFix_nt64.exe -fix MNF

InstFix deletes the MaxNumFilters registry value which enables Windows to use the internal hardcoded value.


PSL Fix (The Protected Service Leftovers fix)

Issue

An attempt to install an ESET Security product after a previously failed installation.

The Installation log contains: "Product: ESET Security - Error 1923. Service 'ESET Service' (ekrn) could not be installed. Verify that you have sufficient privileges to install system services." 

Cause
  • The ESET Service remains protected even if it is not present.
Solution

Command:

C:\Users\Owner\Desktop\instfix_PSL.7z -fix PSL -b
InstFix deletes the HKLM\System\CurrentControlSet\Services\ekrn\LaunchProtected Registry key if the service seems not to be installed and does not exist on the hard drive. No side effects are known yet. 

SIL Fix (The Service Installation Leftovers fix)

Issue

An attempt to install an ESET Security product after a previously canceled or roll-backed install fails.

The Installation log contains: "Product: ESET Security - Error 1923. Service 'ESET Service' (ekrn) could not be installed. Verify that you have sufficient privileges to install system services." 

Cause
  • The ESET Service may remain partly registered after the installation is canceled or when a rollback occurs.
Solution

Command:

C:\Users\Owner\Desktop\instfix_SIL.7z -fix SIL -b
InstFix deletes completely the HKLM\System\CurrentControlSet\Services\ekrn Registry key if the service seems not to be installed and does not exist on the hard drive. No side effects are known yet. 

PIT Fix (The Product Installation Time Fix)

Issue

Using the ESET Remote Administrator (ERA) to do a push-install of an Endpoint product, can sometimes result in an incorrect Installation Date being shown inside the ERA.

Cause
  • The exact reason for this behavior is yet unknown.
Solution

Command:

C:\Users\Owner\Desktop\instfix_PIT.7z -fix PIT -b

InstFix retrieves the proper installation date of the ESET Security product from the Windows Installer Registry. Then the PackageTag value, found inside the ESET Info Key, is encoded with the correct date.

The whole ESET Info registry key will first be backed up to a separate REG file when using the -b switch.

Note: Self-Defense forbids write access to the ESET Info Key. To perform this fix, Self-Defense must be temporarily disabled using the product's advanced settings or ERA! No side effects are known yet.