Jump to content

EAM Automatic updates aren't happening automatically


Recommended Posts

Both my 32-bit and my 64-bit versions of EAM have stopped auto-updating about 4 or 5 days ago. I only notice that because the teenie shield in the notification area has turned orange (or red in one case). Opening the app tells me the database hasn't been updated in 2 days. The log does NOT show any attempt to auto update in any 4-hour period as I have set it up to do.

Today, when I finally got it to update, it said that the PROGRAM had updated and needed to restart. I clicked OK and the app left the screen. When it came back, it was RED and I could not click ANY of the boxes to activate Surf/File/Behavior. I did a complete reboot. The process took at least three times longer than normal, but it did come up green this time.

Is this going to be a future problem, or is there something temporarily wrong with the update servers?

 

Normally, while I am the computer, I get faithful pop-up notices every 4 hours that an update has been performed. I have NOT been getting these over the last 4-day period. All my notification boxes are checked except that of Removable Devices, but I don't get the pop-ups.

Bill
 

Link to comment
Share on other sites

Following yesterday's problems, I set EAM on both machines to update very 4 hours. According to the status on the home page, it last updated 12 hours ago. The logs support that statement. Why isn't auto-update working I'd like to know.

 

Bill

Link to comment
Share on other sites

Are you able to update manually? If not, then lets try getting a diagnostic log. Please download the following ZIP archive:

Emsisoft_Diagnostic_Batch_File.zip

When you open this ZIP archive, there will be a file inside called Emsisoft_Diagnostic. Just double click on that Emsisoft_Diagnostic file, and if a dialog pops up about the Windows Command Processor from Microsoft then please click the Yes button so that the diagnostic can continue.

Please note that it is possible for the Behavior Blocker in Emsisoft Anti-Malware/Emsisoft Internet Security to display an alert when the diagnostic starts. This is due to the way it requests administrator rights, and is normal. You can safely allow it to run.

When it's done, it will open a log in Notepad. Please save this log somewhere easy to find, such as on your Desktop or in your Documents folder, and then send it to me in a Private Message so that I can take a look at it.

Important: Don't post the log publicly. It contains a copy of your a2settings.ini file, which contains encrypted license information. If someone were to figure out how to break that encryption, then someone else could use your license key.

Link to comment
Share on other sites

When I turned my monitor on this morning and checked both my 32 and 64-bit machines, which run 24/7/365, told me that their last update was "1 day ago" despite being set to update every 4 hours. The logs on both of them showed NO automatic update between my last manual one yesterday and today.

 

I'll give the Diagnostic bit a try because, after all, automatic should be automatic.

 

EDIT: Sorry. Yes, I can update manually.

 

Bill

Link to comment
Share on other sites

It appears to have been fixed by the beta build. I did have a VERY strange thing happen to my 64-bit machine, however. When I went to the Logs page, I saw the the automatic updates had been performed correctly. Then, AS I WATCHED, all the entries changed to "Unspecified update error". This includes the previous weeks updates what were already correct. Stunned, I tried several things before I shut down protection (duly notified that a2start was still running), waited about a minute, and started the program again. I got an immediate popup telling me that the program had updated to a new version and that a program restart was necessary. I clicked OK and, apparently, it did it as my system calmed down and the flag telling me I was unprotected went away. I went again to Logs, and EVERY ONE of the past and present logs reverted back to their normal state. The "unspecified update error" was gone.

 

I wish I had taken a screenshot of this because is was truly bizarre.

 

Tomorrow, I will know if the updates are consistently doing it correctly every 4 hours. I'll report back in the afternoon.

 

Bill

Link to comment
Share on other sites

I watched both machine today. The updates happened and were logged every 4 hours all day long.

 

BUT, When i checked the logs again tonight at 2210 (local) on BOTH machines, the log entries had changed to Update Error and NO logs existed past 06/01/2015 @ 17:05. The Overview status showed "Last update 1 day ago". Once again, I wish I had taken a screen shot because there WERE log entries extended all the way through June 1 until 22:00. Now they are gone.

 

I restarted EAM on both machines and the logs changed back to a normal indication of a good auto update, but all past the cutoff of June the first, first update, are now gone. The Overview changed to "last update 5 hours ago" and that is supported by the log entry of 17:05. This is NOT consistent with my setting of every 4 hours.

 

By the way, I opened several of the "update unsuccessful" log entries and was surprised to find that all the various signatures read "updated" only at the top did it say "Update Failed". How can all the signatures show update, and the status be a failure? The very same log entry before that had changed back to successful after the restart had the upper notation of "Update Successful" instead of "unsuccessful". Extremely strange.

 

This is one wacky program that can make logs appear and disappear.

 

Was anyone able to figure out anything from the files I submitted?

 

If this program won't auto update, it becomes high maintenance if I have to remember to manually update it all the time.

 

Bill

Link to comment
Share on other sites

Everything in the diagnostic logs looked fine.

Somewhere around 5:00 PM to 6:00 PM (EDT) on Wednesday we released another beta version, so it's possible that the computer having the issue had a problem installing one or more of the new program files. I recommend switching back to the Stable update feed on that computer, running an update to downgrade, then switching back to the Beta feed and updating again to reinstall the beta.

Link to comment
Share on other sites

Both computers had the issue. I've set the updates back to Stable and done a manual update. Let's see how that runs today. There were NO updates at all last night on either machine.

 

For some reason, the 32-bit machine dropped back to 6394 without requiring a computer reboot, but the 64-bit machine had me do a complete reboot. I'm guessing that there is something in the 64-bit version that required this. No big deal, just different than the 32-bit.

 

I can go back to Beta if you want me to, but maybe I should wait and see if I get my 4-hour updates normally.

 

Bill

Link to comment
Share on other sites

It happened again. This time I got pictures. My 64-bit machine, running build 6394.

 

The first shot is what greeted me in the Update Logs list/ As you can see, all the previous updates are now marked "Unknown update error".

 

update_error1.jpg

I stopped EAM, using the shutdown procedure, waited a couple of minutes, and restarted it.

 

This is what the logs had changed to:

 

 

update_error2.jpg

 

Clearly, something is wrong when an entire set of logs can be altered that way.

 

Double-clicking the top "failed" entry, I saw that all the signatures had been updated, but the top entry said "failed".After I restarted EAM, I double-clicked the SAME LOG, and it told me "update successful" at the top.

 

This is really getting strange. How can a log of events be changed, and then be changed back? When the programs I write log items, they stay logged.

 

EDIT: My 32-bit machine did EXACTLY the same thing as my 64-bit. I just checked.

 

Bill

Link to comment
Share on other sites

For some reason, the 32-bit machine dropped back to 6394 without requiring a computer reboot, but the 64-bit machine had me do a complete reboot. I'm guessing that there is something in the 64-bit version that required this. No big deal, just different than the 32-bit.

Reboots happen when a driver is still running, as our drivers can't be replaced/updated while they are running. They're supposed to be stoppable so that the update process doesn't require a reboot, however there may be times when they can't be stopped and a reboot is required to update them.

 

It happened again. This time I got pictures. My 64-bit machine, running build 6394.

Have you tried a reinstall rather than a downgrade? Something may have been messaged up in your logs file after the upgrade to the beta.

Link to comment
Share on other sites

To answer your last question first, no, I have not tried a reinstall. In my email notification of your response, you also said this: "After the reinstall, did you import your old settings, or did you leave EAM with its default settings?"

 

Does EAM actually revert to default settings every time it updates the build? If so, that is a horrible design. This is especially true when there is no notification that we would have a need to import settings we want. Fortunately, after every change in build, I go through my settings and verify they haven't changed, and then export the settings.

 

Frankly, if it weren't for the occasional notification popup while I surf the web, I'd drop EAM because I've lost a lot of confidence in it.

 

This morning, I had the same thing happen as my previous post concerning log files changing status. I had to kill EAM and restart on both machines to being them back.

 

Bill

Link to comment
Share on other sites

Okay. This isn't fun any more. A little bit ago, EAM crashed. The following information was in my Event Viewer:

 

Log Name:      Application
Source:        Application Error
Date:          06/03/2016 13:26:40
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Prinserver
Description:
Faulting application name: a2start.exe, version: 11.8.0.6465, time stamp: 0x574f37b6
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb2fb9
Exception code: 0x0eedfade
Fault offset: 0x0000845d
Faulting process id: 0x1528
Faulting application start time: 0x01d1bda1eb6cbf60
Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2start.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 54b619b0-29b0-11e6-a0b0-d027880116dd
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-06-03T17:26:40.000000000Z" />
    <EventRecordID>15016</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Prinserver</Computer>
    <Security />
  </System>
  <EventData>
    <Data>a2start.exe</Data>
    <Data>11.8.0.6465</Data>
    <Data>574f37b6</Data>
    <Data>KERNELBASE.dll</Data>
    <Data>6.1.7601.23392</Data>
    <Data>56eb2fb9</Data>
    <Data>0eedfade</Data>
    <Data>0000845d</Data>
    <Data>1528</Data>
    <Data>01d1bda1eb6cbf60</Data>
    <Data>C:\Program Files\Emsisoft Anti-Malware\a2start.exe</Data>
    <Data>C:\Windows\system32\KERNELBASE.dll</Data>
    <Data>54b619b0-29b0-11e6-a0b0-d027880116dd</Data>
  </EventData>
</Event>

 

This is my 32-bit machine. I haven't check my 64-bit yet. But I will right now.

 

 

EDIT: My 64-bit machine had scrambled logs yet again. I had to manually kill and restart EAM.

 

 

Bill

Link to comment
Share on other sites

Hiballer if they were my machines I would download the new build of EAM.

 

Uninstall the install you have now.

 

Reboot twice.

 

Run Emsiclean to get rid of all leftovers.

 

Install the new download you did earlier.(6465)

 

Then I think you will find that all of your issues will have gone.

 

Sometimes software, for whatever reason, gets itself in a tangle on our machines and only a fresh start solves it.

 

It happens to all of us :)

Link to comment
Share on other sites

It has rarely happened to me in over 54 years of working in the IT field. However, I did as you suggest, explicitly, and have just finished the reinstall on my 32-bit machine. I will await results on that one before tackling my 64-bit because it takes a significantly longer time to reboot.

 

More later.

 

Bill

Link to comment
Share on other sites

By the way Bill, it may be a good idea not to import any settings you had just yet.

 

Then you can tell if the default install works, but doesn't work correctly after importing possibly corrupted settings from previous install.

Link to comment
Share on other sites

If it is of any interest, I happened to be watching my 64-bit machine as the 4-hour time period hit.Oddly enough, this problem seems to appear at around 17:00 (local). Could that be significant?

 

It updated and then immediately all the logs went to the now-familiar "unspecified error" listing. Kill, wait, restart brought it back again. Wash, rinse, repeat seems to be the mantra here. I am still waiting to see if a complete uninstall and reinstall solved the 32-bit's problems. If so, I will do it to this machine too.

 

Bill

Link to comment
Share on other sites

Nope. I had two auto updates and then it failed again, making all three log files "unknown" and then back to "successful" when I killed/restarted EAM. Whatever it is, installing after completely cleaning using EmsiClean didn't solve the problem.

 

Bill

Link to comment
Share on other sites

This evening, I complete reinstalled EAM on my 64-bit machine. No change in behavior. It still messes up the logs and then clears after i manually kill and restart the program.

 

Confidence level is dropping fast.

 

Bill

Link to comment
Share on other sites

Does EAM actually revert to default settings every time it updates the build? If so, that is a horrible design. This is especially true when there is no notification that we would have a need to import settings we want. Fortunately, after every change in build, I go through my settings and verify they haven't changed, and then export the settings.

No, I had mistakenly thought you had already tried a reinstall (which is why I edited my post). Unfortunately the edit isn't reflected in the e-mail notification.

This evening, I complete reinstalled EAM on my 64-bit machine. No change in behavior. It still messes up the logs and then clears after i manually kill and restart the program.

After uninstalling, is there anything left in the EAM folder?

C:\Program Files\Emsisoft Anti-Malware

If there is anything in the EAM folder other than the Quarantine folder, then try deleting it and then try the reinstall again.

If this doesn't help, then lets get a log from FRST, and see if it shows anything relevant. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your Downloads folder, so in those cases please move the download to your desktop):

For 32-bit (x86) editions of Windows:

For 64-bit (x64) editions of Windows: Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version.
  • Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select Run as administrator).
  • When the tool opens click Yes for the disclaimer in order to continue using FRST.
  • Press the Scan button.
  • When the scan is done, it will save a log as a Text Document named FRST in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there).
  • Please attach the FRST log file to a reply using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  • The first time the FRST tool is run it saves another log (a Text Document named Addition - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply.
Link to comment
Share on other sites

This morning, on both my machines, I was showing that all the logs were "unsuccessful" and had changed to "manual Update". After the usual kill/restart EAM cycle, they changed to "successful" and "Automatic Updates". They did reflect an update very 4 hours, however, which is a good thing I guess.

 

When I reinstalled EAM, I deleted everything related to it including the installation directory. The only thing I saved was a set of exported INI files and a DAT file associated with "export settings" (I put these on a removable USB drive).

 

I am pretty much convinced that the problem lies in the program itself, but I will download and run both versions of FRST, reporting what they turn up. That will happen, but later this morning as I have to do some shopping.

 

While reading down the forum thread titles, I can see that updates seem to be a trend in them. I set up EAM to be watched by Process Explorer during an automatic update, but couldn't see anything untoward. My SQLite database reader gave me access to a copy of the database file, but I couldn't make heads nor tails of the data itself. There didn't seem to be any significant errors in it to my untrained eye.

 

I will be back later with those FRST files. I've done this before on an earlier problem with EAM a while back.

 

Bill

Link to comment
Share on other sites

The updates on both machines have been progressing at 4-hour intervals nicely. After the end of EVERY update, the logs get scrambled and I have to kill EAM and restart it to get them back proper.

 

Something in the update process is causing this.

 

 

EDIT:  I just ran an experiment, doing a manual update. It completed fine, but while I was watching the logs page, they ALL changed to bad except the top log entry (the update I just did -- it reports properly). It HAS to be the update process.

 

 

Bill

Link to comment
Share on other sites

Over the weekend, automatic updates happened every 4 hours as I wanted. But, I have to keep killing and restarting EAM to make the logs come out right.

 

I restarted EAM and once it was active I verified that the logs were correct. Then I did a manual update. Following that, the logs were messed up again.

 

Has anything shown up in the files that were requested?

 

Bill

Link to comment
Share on other sites

Could I please get an answer: Was there anything in those files that will help diagnose this? I did notice that there were a few entries that involved "Code integrity errors" whatever those are, for an Emsisoft DLL.

 

Bill

Link to comment
Share on other sites

No, there was nothing in the FRST logs that explains the issue.

It doesn't look like we've gotten debug logs for this yet, so lets go ahead and do that so that our developers can look into this further:

  • Open Emsisoft Anti-Malware from the icon on your desktop.
  • In the 4 little gray boxes at the bottom, move your mouse into the one that says Support, and click anywhere in that gray box.
  • At the bottom, turn on the option that says Enable advanced debug logging.
  • Either click on Overview in the menu at the top, or close the Emsisoft Anti-Malware window.
  • Reproduce the issue you are having.
  • Once you have reproduced the issue, open Emsisoft Anti-Malware again, and click on the gray box for Support again.
  • Click on the button that says Send an email.
  • Select the logs in the left that show today's dates.
  • Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message).
  • If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time).
  • Click on Send now at the bottom once you are ready to send the logs.
Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.

Please note that if you have a lot of debugs logs, then you should not send all of them. There is a size limit, and currently there is no error if the message is rejected due to the size being too large. Normally we only need one copy of the 4 or 5 different logs that have been saved after the time you reproduced the issue (the list shows what time each log was saved). Those logs have the following names:

  • Security Center
  • Protection Service
  • Real-Time Protection
  • Firewall
  • Logs database (contains the logs you can view in Emsisoft Anti-Malware by clicking on Logs at the top of the window).
Link to comment
Share on other sites

Email sent at approximately 1342 GMT.

 

As this is happening to both a 32-bit and a 64-bit machine in an identical manner, I certainly hope that these logs will help you find the bug. I can do the same procedure on the 64-bit machine if you wish, but I'm fairly sure it would result in exactly the same information in those logs.

 

Bill

Link to comment
Share on other sites

I have taken a look at the logs.db3 that was included with the logs you sent (this file contains your update logs), and the entries look normal to me, so I don't think the update logs are actually getting damaged or corrupted. I'll forward your logs to our QA Manager so that he can open a bug report on this.

Link to comment
Share on other sites

I don't think the actual logs are damaged either. I am positive that it is the SQL command, or the display manager, that tells the display to "gather up the log information and put them in order for the customer".

 

When an update -- any update, manual or automatic -- is completed SOMETHING happens that causes the presentation of logs to mess up. If that is the only thing that messes up, I can live with that, but what if that isn't the only thing? What if it actually drops rules (auto or manual) on the floor and lets malware through the net? That I cannot have.

 

Bill

Link to comment
Share on other sites

I have bookmarked the site, but I am also discouraged from downloading owing to all the disclaimers they present warning us they will NOT help us remove the files once downloaded. That's like leaving a loaded gun on the floor even though it may be filled with blanks.

 

If it is a simple thing like displaying log information, then why is it taking so long to fix? Surely this is something than can be verified with a simple test by your developers and fixed with a patch. I am also having a hard time believing that I am the only one with this problem. I'm betting I may be the only one who has questioned this behavior though.

 

I've also looked through many threads here and found that you, GT500, are almost exclusively the one answering technical questions. Aren't there any others available? Not that the return advice isn't sound, it just seems that a second or even third opinion might help the situation as you can't be around all the time.

 

Bill

Link to comment
Share on other sites

I have bookmarked the site, but I am also discouraged from downloading owing to all the disclaimers they present warning us they will NOT help us remove the files once downloaded. That's like leaving a loaded gun on the floor even though it may be filled with blanks.

The EICAR AntiMalware Testfile is safe. It's just a simple plain-text file with a string of seemingly random text that a anti-virus software can easily identify. It doesn't actually do anything if you try to run/open it.

The warnings are there for those extremely rare cases where something goes wrong even though it shouldn't. In this case we'll be assisting you, so you don't have to worry about the fact that EICAR won't help you.

The EICAR AntiMalware Testfile isn't actually difficult to remove, and can be deleted like any other file.

 

If it is a simple thing like displaying log information, then why is it taking so long to fix? Surely this is something than can be verified with a simple test by your developers and fixed with a patch. I am also having a hard time believing that I am the only one with this problem. I'm betting I may be the only one who has questioned this behavior though.

Debugging almost always takes time. In this case, due to changes we made to preload a2start.exe when the computer starts up, it can take some time to determine why the UI is displaying incorrect information.

 

I've also looked through many threads here and found that you, GT500, are almost exclusively the one answering technical questions. Aren't there any others available? Not that the return advice isn't sound, it just seems that a second or even third opinion might help the situation as you can't be around all the time.

I handle the majority of the English product support on our forums (except for our Enterprise Console and our Mobile Security app for Android). We do have other English support representatives, David Biggar II who mostly handles helpdesk/e-mail support, and Kevin Zoll who handles malware removal support. Sometimes one of our German support representatives will also answer questions in the English section of the forums if it's something they can answer quickly while I'm not around, or a sales/license renewal related question.

If you want me to pass this on to someone else, then I certainly can. That being said, I'm fairly certain that we will have to wait for our developers to come up with a fix for this (unless you want to try a more thorough uninstall/reinstall to see if that has any effect on the issue).

Link to comment
Share on other sites

Oh, I am satisfied with the level of support at the moment. I do know it takes time to resolve some issues, but I have also found, using my own programs as a guide, that the more people who are having the difficulty, the easier is it to correlate all the systems involved and decide a point of attack.

 

As for the EICAR files, none of them survived the download and store process. They were intercepted and quarantined properly - then deleted, by me.

 

I have this thread also bookmarked so I can return to it if anything changes.

 

Shall I change my program update feed back to Beta, or leave it at stable?

 

Bill

Link to comment
Share on other sites

I have had only 2 entries in my Event Viewer for a2start.exe in over six months. Both of them apparently happened following a scheduled automatic update. I don't think they are significant. In my case, automatic updates still happen at a 4-hour interval (as I've set up), but their results are being reported incorrectly unless I kill the current a2start and restart the program.

 

Ive never had any problems with a2service.

 

Bill

Link to comment
Share on other sites

Shall I change my program update feed back to Beta, or leave it at stable?

I can't be certain when a beta will be released, however you will certainly receive it faster if you already have the Beta update feed selected, so feel free to go ahead and switch to the Beta update feed if you would like to. You can also keep an eye on our Changeblog to look for new releases, or subscribe to our Changeblog's RSS feed if you would like to be automatically notified when we release a new version of one of our programs.

You can also try the Delayed update feed if you would like to downgrade to an older version of EAM to see if it does not have this issue.

Link to comment
Share on other sites

Hi,

     I'm having update issues also even with the latest beta release,so i feel your pain.

                                                                                                                                       Thank you

Link to comment
Share on other sites

Version 6486 was installed a few days ago. The problem still persists in both machines.

The version that was released the other day was a bug fix build to address a few more serious issues. I'm fairly certain our developers are still debugging this particular issue.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...