grzegorz

Emsisoft Enterprise Security causes server to be not responding

Recommended Posts

I have purchased several licences to servers (Windows Servers 2012 & Windows Servers 2012 R2) along with desktop licences. I have installed EEC and EES on the Win2012 server, other computers are connecting to this EEC correcly.

The problem is users cannot upload files to network share, they can download at the beggigning but, after some time the share and other services like RDP became unavailable. I have restarted the server, and after some time, got same situtaion (but wit EEC opened on RDP, so I was able to make a screenshot).

I've made a screenshot, but regarding to file share unavailability, we decided to completly uninstall the EES (EAM in control panel).

Image attached. What else can I send? Important settings in my opinion: File guard - THOROUGH, scanner setting LOW PRIORITY, Memory Optimization ON, Scan all files (no ext. filter).
Download Image

 

 

 

Emsisoft EEC error.jpg
Download Image

Share this post


Link to post
Share on other sites

There are two temporary workaround for this:

  • Disable Surf Protection.
  • Switch to the Delayed update feed in the update settings, and then check for updates to downgrade to an older version of Emsisoft Anti-Malware.


That being said, it would be great if we could get debug logs so that our developers can resolve the issue for you. Here's how to get us debug logs (don't worry, it's faster and easier than the instructions make it look):

  1. Open Emsisoft Anti-Malware.
  2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
  3. Click Advanced in the menu at the top.
  4. Scroll to the bottom of the Advanced section, and change the option for Debug logging to Enabled for 1 day.
  5. After that, close the Emsisoft Anti-Malware window.
  6. Reproduce the issue you are having (wait for the file sharing issue to start happening).
  7. Once you have reproduced the issue, open Emsisoft Anti-Malware again.
  8. Click on the little icon in the lower-left (right above the question mark) that looks like little chat bubbles.
  9. Click on the button that says Send an email.
  10. Select the logs in the left that show today's dates (if you try to send too many logs, then we may not receive them).
  11. Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message).
  12. If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time).
  13. Click on Send now at the bottom once you are ready to send the logs.

Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.

Share this post


Link to post
Share on other sites

the problem is, that the issue affects also RDP access to server, so the only way to get it back to life is to physically restart it - I dont want to do it again...
 

standard log from EEC:

11/19/2018 09:37:58: Error - database is locked
                             database is locked
11/19/2018 09:38:31: Error - database is locked
                             database is locked
11/19/2018 09:39:01: Error - database is locked
                             database is locked
11/19/2018 09:40:31: Error - database is locked
                             database is locked
11/19/2018 09:40:34: Error - database is locked
                             database is locked
11/19/2018 09:41:01: Error - database is locked
                             database is locked
11/19/2018 09:42:31: Error - database is locked
                             database is locked
11/19/2018 09:43:01: Error - database is locked
                             database is locked
11/19/2018 09:44:31: Error - database is locked
                             database is locked
11/19/2018 09:45:01: Error - database is locked
                             database is locked
11/19/2018 09:46:31: Error - database is locked
                             database is locked
11/19/2018 09:47:01: Error - database is locked
                             database is locked
11/19/2018 09:48:31: Error - database is locked
                             database is locked
11/19/2018 09:49:01: Error - database is locked
                             database is locked
11/19/2018 09:50:31: Error - database is locked
                             database is locked
11/19/2018 09:51:01: Error - database is locked
                             database is locked

 

RDP not responding, REBOOTED

Share this post


Link to post
Share on other sites

well, server's UI is not responsible even using iLO...

anyway, the probelm is caused by EAM, there is EEC on the same server, one disk is mounted twice - as a drive and in a folder on another drive (ntfs feature)

logs sent from EAM (EAM and EEC logs)

 

Share this post


Link to post
Share on other sites

Are there any Event Log entries around the time that it happens related to Emsisoft drivers (epp.sys, eppdisk.sys, and eppwfp.sys) or the Emsisoft Protection Service (a2service.exe)?

Share this post


Link to post
Share on other sites

We did receive the logs you sent. I take it you were able to reproduce the issue on the server with debug logging turned on? If so, then go ahead and try the Delayed update feed, and let me know if that is a viable workaround for you right now. Here's what to do:

  1. Open Emsisoft Anti-Malware.
  2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
  3. Click on Updates in the menu at the top.
  4. On the left, in the Updates section, look for Update feed.
  5. Click on the box to the right of where it says Update feed, and select Delayed from the list.
  6. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock).
  7. Select Update now from the list.

Share this post


Link to post
Share on other sites

Our developers would like me to confirm that this issue is only a network connectivity issue, and that the entire server isn't freezing.

Also, If the server is still operational, does right-clicking on the Emsisoft Anti-Malware icon in the System Tray and selecting Shut down protection resolve the issue?

Share this post


Link to post
Share on other sites

I have no physical access to the server right now, I was able to access it using HP - iLO, 

I was not able to login to the system, it was not responding to any input: keyboard neither mouse

Share this post


Link to post
Share on other sites

I have few errors in application log, also from error reporting service, but the reported dumps are not available

Faulting application name: a2service.exe, version: 2018.10.1.9026, time stamp: 0x5be1ac13
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x0000000000360fd8
Faulting process id: 0x324
Faulting application start time: 0x01d481fb6bf984b2
Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
Faulting module path: unknown
Report Id: 8af6c4b4-edef-11e8-94b1-a0b3cce61f81
Faulting package full name: 
Faulting package-relative application ID: 

Share this post


Link to post
Share on other sites

a2service.exe crashing could certainly be causing freezes on the server. Let's try getting a crash dump from a2service.exe. Here's a link to instructions on how to enable automatic crash dumps:
https://helpdesk.emsisoft.com/en-us/article/204-how-do-i-configure-automatic-crash-dumps-in-case-of-application-failures

Also note that there's a known issue where a corrupt file in the Quarantine can cause a2service.exe crashes, so if you have anything in the Quarantine then feel free to delete it to see if that helps.

Share this post


Link to post
Share on other sites

FYI: If you ZIP the crash dump, it should be possible to attach it to a reply here (the attachment size limit should be 100 MB). Only authorized personnel will have access to it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.