[KB7622] Legacy products startup issue

Last Updated: May 6, 2020, 10:45 AM CET

Last changes:
  • New version of CertFix.exe - enhanced list of supported product versions (Feb 13, 2020, 1:57 AM CET)
  • Download links for ESET Endpoint Antivirus/ ESET Endpoint Security 5.0.2272.7 (Feb 13, 2020, 1:57 AM CET)
  • Antivirus and antispyware module update (version 1559.4 for v5) (Feb 13, 2020, 2:00 PM CET)
  • How to download and use the fixing tool (Feb 13, 2020, 3:30 PM CET)
  • New version of CertFix.exe - enhanced list of supported product versions (Feb 13, 2020, 8:30 PM CET)
  • The fixing tool for v5 (Feb 13, 2020, 8:30 PM CET)
  • The solution section has been split into three separate articles (Feb 14, 2020, 2:08 PM CET)
  • New version of CertFix.exe for v5 and v6.5 (Feb 18, 2020, 7:30 AM CET)
  • How to identify the affected computers on the network (Feb 18, 2020, 4:00 PM CET)
  • New version of CertFix.exe v6.5 (Feb 18, 2020, 6:00 PM CET)
  • Video tutorial added (Feb 19, 2020, 1:25 PM CET)
  • How to identify the affected computers on the network - ERA 5.3.39.0 (Feb 19, 2020, 1:50 PM CET)
  • All-in-one fixing tool (Feb 21, 2020, 12:28 PM CET)
  • New version of cdf.exe (Feb 27, 2020, 12:06 PM CET)
  • New version of CertFix.exe for v6.5 - fix for several minor scenarios (March 2, 2020, 9:20 AM CET)
  • New modes for All-in-one fixing tool (March 2, 2020, 9:35 AM CET)
  • New version of CertFix.exe for v6.5 - fix for several minor scenarios (March 4, 2020, 12:30 PM CET)
  • New version of CertFix.exe for v6.5 (March 10, 2020, 7:30 AM CET)
  • New version of cdf.exe (March 11, 2020, 10:41 AM CET)
  • New version of cdf.exe (March 19, 2020, 11:00 AM CET)
  • ESET Security for Kerio 6.5.16009.1 download links (May 6, 2020, 10:45 AM CET)

Solution

We would like to inform you that we have identified an issue in older versions of the product of our Windows business products, specifically:

ESET Endpoint Antivirus/ESET Endpoint Security 5
Version
5.0.2248.0
5.0.2254.0
5.0.2254.1
5.0.2254.1000
5.0.2260.0
5.0.2260.1
5.0.2265.0
5.0.2265.1
ESET Endpoint Antivirus/ESET Endpoint Security 6.5.2000+
Version
6.5.2086.0
6.5.2086.1
6.5.2093.1
6.5.2094.0
6.5.2094.1
6.5.2107.0
6.5.2107.1
6.5.2118.0
6.5.2118.1
6.5.2118.2
6.5.2118.3
6.5.2118.4
6.5.2123.5
6.5.2123.7
6.5.2123.8
6.5.2132.1
6.5.2132.2
ESET File Security for Windows 6.5.12000+
Version
6.5.12002.1
6.5.12002.0
6.5.12004.0
6.5.12007.0
6.5.12010.0
6.5.12013.0
6.5.12014.0
6.5.12017.0
6.5.12018.0
ESET Mail Security for Microsoft Exchange Server 6.5
Version
6.5.10057
6.5.10059

⯈ ESET Security for Kerio 6.5
⯈ ESET Mail Security for Lotus Domino 6.5.14026
⯈ ESET Security for Sharepoint Server 6.5
⯈ ESET NOD32 Antivirus/ESET Smart Security 9

This issue DOES NOT affect the latest versions of our products including the latest ESET Endpoint Antivirus/ESET Endpoint Security – 6.6.2089, 7.2 and 7.3 and ESET File Security for Windows 7.1.12008 and customers using the latest versions are not affected in any way. This issue relevant to the impacted versions listed and described above. Newest versions of our products are NOT affected.

ESET has identified that our kernel has a problem with verification of the timestamp of an already expired certificate (expired by 7th Feb 2020). This method fails and our modules in older, legacy versions, are declared as untrusted and therefore are not loaded. This mechanism ensures that no untrusted library is loaded.

As a result, the affected versions fail to load modules (Firewall, HIPS, Updated, Device Control, Web and Email protection) and are not functional, therefore the protection is not functional.

 

Symptoms

For versions older than 5.0.2271.x symptoms are:

  • Failed loading of modules for v5 family
  • GUI of the main window is in English and logo shows ESET Smart Security 5 instead of Endpoint Security

For versions 6.5.x symptoms are:

  • Product reports "Anti-Phishing protection is non-functional"
  • Product reports that it is not activated
  • Product’s advanced settings have features missing

If they are managed by our ESET Remote Administrator or ESET Security Management Center, they will fall back to the respective parametric group and report an alert as not being activated and the antiphishing module as not functional.

How to identify the affected computers on the network
ESET Security Management Center 7.1.27.0

 

Navigate to Computers screen.
In the tree hierarchy select group All and select the checkbox in filter Show Subgroups (to display all computers).
Click [ADD FILTER] button. Select filter Version.
Type requested product version to added filter Version and confirm by pressing Enter on the keyboard.


ESET Remote Administrator 6.5.34.0
 
Navigate to Admin -> Groups.
Create new Dynamic group, where all computers with specific version of installed product will be displayed.
Click the button [GROUP] and select option + New Dynamic Group…
Wizard for creation of new Dynamic group will display in the part Basic you can name your Dynamic group (field NAME), e.g. EES 5.0.2260.1
Click the part TEMPLATE and click the button [NEW…].

New window New Template - Basic will appear, where you create a new template for Dynamic group in the part Basic, name your template, e.g. EES_5.0.2260.1_template.

Click the part EXPRESSION and click + ADD RULE.
Select item Application version under the Installed software root and confirm by clicking [OK].

In the newly created rule, type the requested version of installed software, e.g. 5.0.2260.1.

Click the [FINISH] button in the part SUMMARY.
You can see the overview of current settings for Dynamic group. If everything is OK, click the [FINISH] button.

New Dynamic group is created.

 
Please note, that computers will not appear in this group immediately, it is needed to wait until particular computers will connect to ERA Server and match created condition.
 
ECA 1.2.11.0 (does not support Endpoint 5)

 

Navigate to Computers screen.
In the tree hierarchy select group All and select the checkbox in filter Show Subgroups (to display all computers).
Click [ADD FILTER] button.
Select filter Version
Type requested product version to added filter Version and confirm by pressing Enter on the keyboard.

ERA 5.3.39.0

 

Navigate to Tools -> Group Manager.

Navigate to Parametric Groups.
Create new Parametric Group, where all computers with specific version of installed product will be displayed.
Click the [Create] button and you can name your Parametric Group (field NAME), e.g. 5.0.2260.
Click the EDIT… button and then select the checkbox Product Version IS (specify).


Click on specify and Enter rule condition e.g. Equal to 5.0.2260 and click the button Add.


Field Rule condition list (OR) displays Equal to 5.0.2260.
Confirm by clicking [OK] – 3 times.

https://support.eset.com/storage/IMAGES/en/alert7396/alert7396_era5_1
New Parametric group is created and after selecting the checkbox by Parametric groups -  5.0.2260 requested computers are displayed.

Solution

Important!

If you are using affected versions and issue is not manifesting, do not restart the machine and perform upgrade immediately.

Frequently Asked Questions

Please read the following ESET Knowledgebase article:
Legacy products startup issue FAQ

All-in-one fixing tool

If you have not data-limited internet connection, use cfd.exe (otherwise follow instructions below for specific solution). How to use cfd.exe:

  • run Windows Command prompt in an elevated command line
  • cfd.exe will download the proper version of the product regarding the version and language version
  • the fixing tool operates in three modes:
    • GUI - default mode
    • command line utility - use --cli parameter
    • silent mode - use --silent parameter
  • example: cfd.exe --proxy-host 10.1.122.14 --proxy-port 3129 --proxy-username test --proxy-password test --silent

Video Tutorial

If you have installed ESET Endpoint product 5.x on your computer, see our instructions.

If you have installed ESET Endpoint product 6.5 on your computer, see our instructions.

If you have installed ESET Security product for Windows Servers 6.5 on your computer, see our instructions.