[KB7444] Resolve failed loading of modules in earlier versions of ESET security products for Windows servers

Issue

Details


Click to expand

ESET has identified that our kernel has a problem with verification of the timestamp of an already expired certificate (expired by the 7th of February 2020). This method fails and our modules in earlier, legacy versions, are declared as untrusted and therefore are not loaded. This mechanism ensures that no untrusted library is loaded.

As a result, the affected versions fail to load modules (Firewall, HIPS, Updated, Device Control, Web and Email protection) and are not functional, therefore the protection is not functional.

Click here to read more about this issue or visit Legacy products startup issue FAQ


Solution

Do not restart the machine if using affected versions with an issue not manifesting

If you are using affected versions and the issue is not manifesting, do not restart the machine and perform an upgrade immediately.

Update your security product to the latest version

Check the version of installed modules in ESET Endpoint Security

In the main program window, click Help and SupportAbout ESET Endpoint SecurityShow modules. If the version of the Update module is 1025, your ESET product has been successfully updated.

If you have not restarted your computer with the ESET Security product yet, make sure you have Update Module (version 1025) listed in Modules. This module ensures protection and enables a subsequent upgrade to the latest version, which is a required step to fully mitigate the situation.

Then, upgrade to the latest version:


Use the fixing tool if you restarted your computer

If you have restarted your computer with ESET Security product v6.5, use the Fixing tool and upgrade to the latest version if possible.

  1. Download CertFix.exe. If you are unable to download an executable file with your browser, download CertFix.rar.

  2. Run the Fixing tool. If you manage your computer remotely, run the Fixing tool as a client task in ESET PROTECT → Operating systemRun command.

    Optionally, automatically download and run the Fixing tool with the following script (the log will be created):

powershell -command "& {(New-Object System.Net.WebClient).DownloadFile('http://help.eset.com/eset_tools/CertFix.exe', '%temp%\CertFix.exe');(Start-process '%temp%\CertFix.exe' -NoNewWindow)}" > C:\CertFix.log
Windows PowerShell comes installed by default

Windows PowerShell comes installed by default in every Windows, starting with Windows 7 SP1 and Windows Server 2008 R2 SP1.

  1. If the registration did not execute correctly, run the Fixing tool with the following parameter:

CertFix.exe --fix-wsc-only
  1. If you are having any concerns or questions – or are unable to upgrade to the latest versions – contact ESET Technical Support in your region.


Recommended ESET software versions

ESET recommends upgrading Server products version 6.5 to the following versions:

ESET Server Security for Microsoft Windows Server (9.x)
ESET Mail Security for Microsoft Windows Exchange Server (8.x – 9.x)
ESET Security for Kerio or ESET Mail Security for IBM Lotus Domino
ESET Security for Microsoft SharePoint Server (8.x – 9.x)

If you choose to run version 6.5 we recommend the following versions:

ESET business product no longer supported

This content applies to an ESET product version that is currently in End of Life status and is no longer supported. This content is no longer updated. 

For a complete list of supported products and support level definitions, review the ESET End of Life policy for business products.

Upgrade ESET business products.

ESET File Security for Windows 6.5.12018.0 32-bit
ESET File Security for Windows 6.5.12018.0 64-bit

ESET Mail Security for Microsoft Exchange Server 6.5.10059.0 32-bit
ESET Mail Security for Microsoft Exchange Server 6.5.10059.0 64-bit

ESET Mail Security for Lotus Domino 6.5.14026.0 32-bit
ESET Mail Security for Lotus Domino 6.5.14026.0 64-bit

ESET Security for Kerio 6.5.16009.1 32-bit
ESET Security for Kerio 6.5.16009.1 64-bit

If you do not upgrade, you will see the following message in the main program window of your ESET security product:

Figure 1-1