Jump to content

Emsisoft Enterprise Security causes server to be not responding


grzegorz
 Share

Recommended Posts

I have purchased several licences to servers (Windows Servers 2012 & Windows Servers 2012 R2) along with desktop licences. I have installed EEC and EES on the Win2012 server, other computers are connecting to this EEC correcly.

The problem is users cannot upload files to network share, they can download at the beggigning but, after some time the share and other services like RDP became unavailable. I have restarted the server, and after some time, got same situtaion (but wit EEC opened on RDP, so I was able to make a screenshot).

I've made a screenshot, but regarding to file share unavailability, we decided to completly uninstall the EES (EAM in control panel).

Image attached. What else can I send? Important settings in my opinion: File guard - THOROUGH, scanner setting LOW PRIORITY, Memory Optimization ON, Scan all files (no ext. filter).

 

 

 

Emsisoft EEC error.jpg

Link to comment
Share on other sites

There are two temporary workaround for this:

  • Disable Surf Protection.
  • Switch to the Delayed update feed in the update settings, and then check for updates to downgrade to an older version of Emsisoft Anti-Malware.


That being said, it would be great if we could get debug logs so that our developers can resolve the issue for you. Here's how to get us debug logs (don't worry, it's faster and easier than the instructions make it look):

  1. Open Emsisoft Anti-Malware.
  2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
  3. Click Advanced in the menu at the top.
  4. Scroll to the bottom of the Advanced section, and change the option for Debug logging to Enabled for 1 day.
  5. After that, close the Emsisoft Anti-Malware window.
  6. Reproduce the issue you are having (wait for the file sharing issue to start happening).
  7. Once you have reproduced the issue, open Emsisoft Anti-Malware again.
  8. Click on the little icon in the lower-left (right above the question mark) that looks like little chat bubbles.
  9. Click on the button that says Send an email.
  10. Select the logs in the left that show today's dates (if you try to send too many logs, then we may not receive them).
  11. Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message).
  12. If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time).
  13. Click on Send now at the bottom once you are ready to send the logs.

Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.

Link to comment
Share on other sites

the problem is, that the issue affects also RDP access to server, so the only way to get it back to life is to physically restart it - I dont want to do it again...
 

standard log from EEC:

11/19/2018 09:37:58: Error - database is locked
                             database is locked
11/19/2018 09:38:31: Error - database is locked
                             database is locked
11/19/2018 09:39:01: Error - database is locked
                             database is locked
11/19/2018 09:40:31: Error - database is locked
                             database is locked
11/19/2018 09:40:34: Error - database is locked
                             database is locked
11/19/2018 09:41:01: Error - database is locked
                             database is locked
11/19/2018 09:42:31: Error - database is locked
                             database is locked
11/19/2018 09:43:01: Error - database is locked
                             database is locked
11/19/2018 09:44:31: Error - database is locked
                             database is locked
11/19/2018 09:45:01: Error - database is locked
                             database is locked
11/19/2018 09:46:31: Error - database is locked
                             database is locked
11/19/2018 09:47:01: Error - database is locked
                             database is locked
11/19/2018 09:48:31: Error - database is locked
                             database is locked
11/19/2018 09:49:01: Error - database is locked
                             database is locked
11/19/2018 09:50:31: Error - database is locked
                             database is locked
11/19/2018 09:51:01: Error - database is locked
                             database is locked

 

RDP not responding, REBOOTED

Link to comment
Share on other sites

We did receive the logs you sent. I take it you were able to reproduce the issue on the server with debug logging turned on? If so, then go ahead and try the Delayed update feed, and let me know if that is a viable workaround for you right now. Here's what to do:

  1. Open Emsisoft Anti-Malware.
  2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
  3. Click on Updates in the menu at the top.
  4. On the left, in the Updates section, look for Update feed.
  5. Click on the box to the right of where it says Update feed, and select Delayed from the list.
  6. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock).
  7. Select Update now from the list.

Link to comment
Share on other sites

Our developers would like me to confirm that this issue is only a network connectivity issue, and that the entire server isn't freezing.

Also, If the server is still operational, does right-clicking on the Emsisoft Anti-Malware icon in the System Tray and selecting Shut down protection resolve the issue?

Link to comment
Share on other sites

I have few errors in application log, also from error reporting service, but the reported dumps are not available

Faulting application name: a2service.exe, version: 2018.10.1.9026, time stamp: 0x5be1ac13
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x0000000000360fd8
Faulting process id: 0x324
Faulting application start time: 0x01d481fb6bf984b2
Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
Faulting module path: unknown
Report Id: 8af6c4b4-edef-11e8-94b1-a0b3cce61f81
Faulting package full name: 
Faulting package-relative application ID: 

Link to comment
Share on other sites

a2service.exe crashing could certainly be causing freezes on the server. Let's try getting a crash dump from a2service.exe. Here's a link to instructions on how to enable automatic crash dumps:
https://helpdesk.emsisoft.com/en-us/article/204-how-do-i-configure-automatic-crash-dumps-in-case-of-application-failures

Also note that there's a known issue where a corrupt file in the Quarantine can cause a2service.exe crashes, so if you have anything in the Quarantine then feel free to delete it to see if that helps.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...