Jump to content

Katsuro

Member
  • Posts

    14
  • Joined

  • Last visited

Posts posted by Katsuro

  1. Thanks for the response Arthur.

    Just to give a total breakdown of what I have done. As you know the last time I posted we had removed Emsisoft from the computer and the EyeMD software worked fine. After reading your post I have done the following.

    1. Tested to make sure EyeMD still functioned before the reinstall of Emsisoft and it was functioning correctly and it was indeed still working.
    2. Attempted to reinstall Emsisoft. It said there was remaining files from the previous install so it needed to restart the computer before it could proceed so I told it to restart the computer.
    3. Re-ran the Emsisoft installer and it installed without a hitch. I licensed it once again.
    4. Attempted to run EyeMD and found that it was no longer working again.
    5. Opened Emsisoft and added all EyeMD executables to the Behavior Blocker (as Trusted). Then went into Scanning and Monitoring and added the folders there. I have attached screenshots of that.
    6. Rebooted the computer and just for the fun of it I disabled Fast Startup. We typically try to do this in all of our environments.
    7. Opened EyeMD and it was unable to open once again.
    8. Uninstalled Emsisoft. After Emsisoft was uninstalled I opened EyeMD and it opened just fine.

    Just to reiterate this is happening on all workstations in their office. Wanted to mention that to eliminate any suspicion of a computer specific issue and these workstations are Windows 10 as well. I'm curious if the customer has a Windows 7 workstation to maybe see if there was some weird reaction with Emsisoft and Windows 10. If you think that may be a possibility I can certainly look into checking if there is a Windows 7 workstation we can test Emsisoft/EyeMD on. 

    The one thing I find interesting is Emsisoft is also installed on their server (Server 2008 R2) and EyeMD opens just fine and runs without any rules in behavior blocker or the exclusions of the file guard (for both scanning and monitoring). I don't know if Emsisoft is just having some sort of problem with the way the software is connecting over the LAN to the server vs the EyeMD opening locally on the server and just connecting to localhost (or it's own LAN IP). 

    The EyeMD software "opens" fine on these workstations but it's hinting at some sort of connection issue when it's getting blocked or when I say it isn't working.

    2019-02-06 14_51_40-Window.png

    2019-02-06 14_54_56-Window.png

  2. Posting this here because I'm not sure where to go or how to approach this issue. Client of mine uses a program called EyeMD which is server/client EMR software based on MSSQL. For some reason Emsisoft appears to be blocking this program. No matter what exclusion I add I can't get the software to work. Even disabling Emsisoft does not get it to work and the only time it will work is when I uninstall Emsisoft. Not sure why the disable doesn't work but removing Emsisoft does. Made sure there was exclusions in both file blocker and behavior blocker but it doesn't work. I do not see anything in Emsisoft's logs either that indicate that it is blocking this software but I can only come to the conclusion that it is blocking it since it works perfectly fine when Emsisoft is removed.

    If you need logs or any additional information I'll gladly post it here.

  3. We have a few clients of ours that is experiencing the same issue. I haven't had a chance to gather any log information till this customer. Here is all the log information I have.

    4/25/18 @ 8:39pm.

    Problem signature
    Problem Event Name:	APPCRASH
    Application Name:	a2service.exe
    Application Version:	2018.3.1.8572
    Application Timestamp:	5acb5d54
    Fault Module Name:	ntdll.dll
    Fault Module Version:	10.0.16299.334
    Fault Module Timestamp:	e508fc03
    Exception Code:	c0000005
    Exception Offset:	000000000001d14c
    OS Version:	10.0.16299.2.0.0.768.101
    Locale ID:	1033
    Additional Information 1:	abcc
    Additional Information 2:	abcc8f7853b48d9807d6d51eb1fa5df9
    Additional Information 3:	abcc
    Additional Information 4:	abcc8f7853b48d9807d6d51eb1fa5df9
    
    Extra information about the problem
    Bucket ID:	f546f896b06d48e3afdd7143cfe261bc (2296115921093288380)
    

    4/25/18 @ 8:39pm.

    Problem signature
    Problem Event Name:	BEX64
    Application Name:	a2service.exe
    Application Version:	2018.3.1.8572
    Application Timestamp:	5acb5d54
    Fault Module Name:	StackHash_2264
    Fault Module Version:	0.0.0.0
    Fault Module Timestamp:	00000000
    Exception Offset:	PCH_84
    Exception Code:	c0000005
    Exception Data:	0000000000000008
    OS Version:	10.0.16299.2.0.0.768.101
    Locale ID:	1033
    Additional Information 1:	2264
    Additional Information 2:	2264db07e74365624c50317d7b856ae9
    Additional Information 3:	875f
    Additional Information 4:	875fa2ef9d2bdca96466e8af55d1ae6e
    
    Extra information about the problem
    Bucket ID:	cb86500791ae58132a7e97c612d496a7 (1909130169026909863)
    

    4/25/18 @ 8:40pm.

    Problem signature
    Problem Event Name:	BEX64
    Application Name:	a2service.exe
    Application Version:	2018.3.1.8572
    Application Timestamp:	5acb5d54
    Fault Module Name:	StackHash_2264
    Fault Module Version:	0.0.0.0
    Fault Module Timestamp:	00000000
    Exception Offset:	PCH_84
    Exception Code:	c0000005
    Exception Data:	0000000000000008
    OS Version:	10.0.16299.2.0.0.768.101
    Locale ID:	1033
    Additional Information 1:	2264
    Additional Information 2:	2264db07e74365624c50317d7b856ae9
    Additional Information 3:	875f
    Additional Information 4:	875fa2ef9d2bdca96466e8af55d1ae6e
    
    Extra information about the problem
    Bucket ID:	cb86500791ae58132a7e97c612d496a7 (1909130169026909863)
    

    4/25/18 @ 8:40pm.

    Problem signature
    Problem Event Name:	BEX64
    Application Name:	a2service.exe
    Application Version:	2018.3.1.8572
    Application Timestamp:	5acb5d54
    Fault Module Name:	StackHash_2264
    Fault Module Version:	0.0.0.0
    Fault Module Timestamp:	00000000
    Exception Offset:	PCH_84
    Exception Code:	c0000005
    Exception Data:	0000000000000008
    OS Version:	10.0.16299.2.0.0.768.101
    Locale ID:	1033
    Additional Information 1:	2264
    Additional Information 2:	2264db07e74365624c50317d7b856ae9
    Additional Information 3:	875f
    Additional Information 4:	875fa2ef9d2bdca96466e8af55d1ae6e
    
    Extra information about the problem
    Bucket ID:	cb86500791ae58132a7e97c612d496a7 (1909130169026909863)
    

    4/25/18 @ 8:43pm.

    Problem signature
    Problem Event Name:	APPCRASH
    Application Name:	a2service.exe
    Application Version:	2018.3.1.8572
    Application Timestamp:	5acb5d54
    Fault Module Name:	ntdll.dll
    Fault Module Version:	10.0.16299.334
    Fault Module Timestamp:	e508fc03
    Exception Code:	c0000005
    Exception Offset:	000000000001d14c
    OS Version:	10.0.16299.2.0.0.768.101
    Locale ID:	1033
    Additional Information 1:	abcc
    Additional Information 2:	abcc8f7853b48d9807d6d51eb1fa5df9
    Additional Information 3:	abcc
    Additional Information 4:	abcc8f7853b48d9807d6d51eb1fa5df9
    
    Extra information about the problem
    Bucket ID:	f546f896b06d48e3afdd7143cfe261bc (2296115921093288380)
    

    4/25/18 @ 8:44pm.

    Faulting application name: a2service.exe, version: 2018.3.1.8572, time stamp: 0x5acb5d54
    Faulting module name: a2service.exe, version: 2018.3.1.8572, time stamp: 0x5acb5d54
    Exception code: 0xc0000005
    Fault offset: 0x000000000000fbc5
    Faulting process id: 0x17f8
    Faulting application start time: 0x01d3dd29f689ece3
    Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    Faulting module path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    Report Id: 6a70efda-2562-481e-be11-08397a0e5a96
    Faulting package full name: 
    Faulting package-relative application ID: 

    Then the machine was totally locked up (no BSOD) and they had to force a restart.

    The previous system shutdown at 8:45:09 PM on 4/25/2018 was unexpected.


    Then again today. Here are the logs from today.

    4/16/18 @ 3:16pm.

    Problem signature
    Problem Event Name:	APPCRASH
    Application Name:	a2service.exe
    Application Version:	2018.3.1.8572
    Application Timestamp:	5acb5d54
    Fault Module Name:	a2service.exe
    Fault Module Version:	2018.3.1.8572
    Fault Module Timestamp:	5acb5d54
    Exception Code:	c0000005
    Exception Offset:	000000000000fbc5
    OS Version:	10.0.16299.2.0.0.768.101
    Locale ID:	1033
    Additional Information 1:	136f
    Additional Information 2:	136fcb3dc2c33c68a7227035c36a2916
    Additional Information 3:	a20e
    Additional Information 4:	a20e0a7c5c148753e1be3574c1bc67ae
    
    Extra information about the problem
    Bucket ID:	72198391b6715d90e0200c2033fcbbc6 (1161942036312275910)
    

    4/26/18 @ 3:16pm.

    Problem signature
    Problem Event Name:	APPCRASH
    Application Name:	a2service.exe
    Application Version:	2018.3.1.8572
    Application Timestamp:	5acb5d54
    Fault Module Name:	a2service.exe
    Fault Module Version:	2018.3.1.8572
    Fault Module Timestamp:	5acb5d54
    Exception Code:	c0000005
    Exception Offset:	000000000000fbc5
    OS Version:	10.0.16299.2.0.0.768.101
    Locale ID:	1033
    Additional Information 1:	136f
    Additional Information 2:	136fcb3dc2c33c68a7227035c36a2916
    Additional Information 3:	a20e
    Additional Information 4:	a20e0a7c5c148753e1be3574c1bc67ae
    
    Extra information about the problem
    Bucket ID:	72198391b6715d90e0200c2033fcbbc6 (1161942036312275910)
    

    4/26/18 @ 3:17pm.

    Faulting application name: a2service.exe, version: 2018.3.1.8572, time stamp: 0x5acb5d54
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0000000000000000
    Faulting process id: 0x3e0
    Faulting application start time: 0x01d3ddc56d05db48
    Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    Faulting module path: unknown
    Report Id: 4980c5b7-6c0c-4fc4-88f9-c17afaa8550d
    Faulting package full name: 
    Faulting package-relative application ID: 
    

    Then again - Machine locked up (no BSOD) and they have to force the machine off via power button.

    The previous system shutdown at 3:16:45 PM on ‎4/‎26/‎2018 was unexpected.

    image.png.27a71d097747970cd4bf47ae3a529d26.png

    image.png.b80f85848d631957f32825b50ea65300.png

    We have a fairly large customer base and are seeing this occur on quite a few machines. So far it seems like uninstalling and reinstalling Emsisoft resolves the issue. I'm not 100% sure since we have not had a customer complain since reinstalling Emsisoft but I'm going to stick with that assumption since we haven't had anyone call us with this issue after a reinstall.

  4. Tried installing the current version of Emsisoft on three different servers. Two of which is Server 2008 and the third one was Server 2012. Seems to be an issue on all server OS's. It appears to be the Installer - not Emsisoft itself. We are able to download Emsisoft but get this when running the download. We do not have any issues with server's that already has Emsisoft installed.

    EmsisoftError.png

×
×
  • Create New...