Jump to content

token problem


Recommended Posts

1) myEmsisoft shows that none of my comps ist updated. Why so?

2) installation file downloaded 30sec earlier; firewall in learning mode. After installation (4 installation files later and 10 activation attempts ) received info that have installed offline version and couldn't updated it. Finally, after restart, had to login to adm profile and activated again. Is it normal?

updateemsisoft.png

offlineScreenshot 2021-03-20 113004.png

reinstallScreenshot 2021-03-20 111736.png

Link to comment
Share on other sites

Did you rename the installer you downloaded from MyEmsisoft?

If you download a fresh copy of the installer, and try to run it, does it connect Emsisoft Anti-Malware to your workspace?

Link to comment
Share on other sites

6 hours ago, GT500 said:

Did you rename the installer you downloaded from MyEmsisoft?

 

no

 

6 hours ago, GT500 said:

If you download a fresh copy of the installer, and try to run it, does it connect Emsisoft Anti-Malware to your workspace?

not sure, right now is connected and shown as "not managed" which is true (all set at local); with last update before 54 min

Link to comment
Share on other sites

@GT500- usually I rename every file I download that I'm going to keep, prefacing its name by the date and time, and adding some text to describe the file's purpose, and (at least when I had both 32- and 64-bit machines) indicating which bitness it was for.  Digitally-signed files do not lose their signature by having this done; their content is not changed.  So how might that be a problem?

There's clearly a minor problem in the way that error message (shown in the box in the screensot) is worded, in the "has expired or invalid" part.

Link to comment
Share on other sites

13 hours ago, JeremyNicoll said:

So how might that be a problem?

The token to connect Emsisoft Anti-Malware to a workspace automatically is in the file name.

BTW: Never post that file name publicly. ;)

 

1 hour ago, dkds said:

update: one never updated, another two long time ago; i have found one more detail on last screenshot. Malware? how can I check it?

Let's try getting a log from FRST, and see if it shows the cause of the issue. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

 

BTW: You can manually connect Emsisoft Anti-Malware to your workspace (under the section "How to re-authenticate")
https://help.emsisoft.com/en/3403/connecting-existing-endpoint-protection-to-the-management-console/

Link to comment
Share on other sites

4 hours ago, GT500 said:

Let's try getting a log from FRST, and see if it shows the cause of the issue. You can find instructions for downloading and running FRST at the following link:

https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

should I posted here as copied txt or zip file? btw, ran it few times in std and adm profile, results are different

Link to comment
Share on other sites

@dkds - you said "forgot something, eav didn't quarantine fstr.exe;"

If you mean frst.exe, the last few times I've run the 64-bit version - fstr64.exe - EAM hasn't asked me about allowing access to firewall rules.  I think sometimes the current version of frst/frst64 is known to EAM so one does not get asked.  New versions of Frst/frst64 are released every few days.

 

You also said: " i have found one more detail on last screenshot. Malware? how can I check it? "

What precisely is it in your screenshot that you think is odd?

Link to comment
Share on other sites

2 hours ago, JeremyNicoll said:

@dkds - you said "forgot something, eav didn't quarantine fstr.exe;"

If you mean frst.exe, the last few times I've run the 64-bit version - fstr64.exe - EAM hasn't asked me about allowing access to firewall rules.  I think sometimes the current version of frst/frst64 is known to EAM so one does not get asked.  New versions of Frst/frst64 are released every few days.

 

You also said: " i have found one more detail on last screenshot. Malware? how can I check it? "

just trying to avoid preview updates from installing in my computer, and because have found this

https://answers.microsoft.com/en-us/windows/forum/all/remote-procedure-call-rpc-how-do-i-determine-if/23fcf681-8110-46c7-9939-f0e7561585e9

and because my email was hacked, and have a lot of problems with different applications that behave as never before, and finally, my winadmin password stopped working as well as local emsisoft one, just wanted be sure that info that I shouldn't be able to switch this service off, is true.  And I found this forum perfect for this ;) if you don't mind, of course :)

 

 

Link to comment
Share on other sites

You appear to have TinyWall installed. Have you checked to make sure that the Emsisoft Anti-Malware program CommService.exe is allowed in your firewall?

I'm also seeing Killer Networking in your FRST log. Make sure it's configured to prioritize CommService.exe as well (or at least that it's not configured to reduce its priority).

As for infections, at first glance I don't see any signs of infections in the logs.

Link to comment
Share on other sites

Posted (edited)
13 hours ago, GT500 said:

What about Killer Networking? Is it throttling CommService.exe's network traffic?

Also, I assume that TinyWall disabled the Windows firewall?

BTW: If you haven't already, you may need to follow our firewall configuration guide at the link below:
https://help.emsisoft.com/en/2323/emsisoft-management-console-user-guide/#firewallconfiguration

Usually don't use the cable, killer doesn't appear in the tray, to check its settings, had to reinstall “killer command center”  (?) - results attached. Since then sits bravely in tray.

Uninstalled eav, previously removing my computer from myemsisoft, during the installation the token issue appeared again. Just in case,  reinstalled the wifi, graphics and sound drivers.

After a reboot, eav installed itself with a unknown local password.  Couldn’t  change it via myemsisoft account with mixed management settings (local and remote) enabled; had to disable the default administrator (SYSTEM) and reboot.

In emsisoft folder found files with older installation dates (screens attached) - honestly, I didn't remove it manually, assuming the installer did or at least important/sensitive data.

two emsisoft exe's were blocked (printscreens) now they free, but it didn't change anything on myemisoft.

Maybe this is somehow connected to local management and password.

 

Screenshot 2021-03-24 191613.jpg

Edited by dkds
can't add zip file? error code -200
Link to comment
Share on other sites

11 hours ago, dkds said:

can't add zip file? error code -200

That's probably your ad blocker. Try disabling it, refreshing the page, and then attaching the file again.

 

11 hours ago, dkds said:

Uninstalled eav, previously removing my computer from myemsisoft, during the installation the token issue appeared again. Just in case,  reinstalled the wifi, graphics and sound drivers.

After a reboot, eav installed itself with a unknown local password.  Couldn’t  change it via myemsisoft account with mixed management settings (local and remote) enabled; had to disable the default administrator (SYSTEM) and reboot.

In emsisoft folder found files with older installation dates (screens attached) - honestly, I didn't remove it manually, assuming the installer did or at least important/sensitive data.

two emsisoft exe's were blocked (printscreens) now they free, but it didn't change anything on myemisoft.

Maybe this is somehow connected to local management and password.

Delete all existing Emsisoft Anti-Malware downloads from your Downloads folder, and try downloading a fresh copy of the installer.

Also, be sure to follow the firewall configuration guide.

Link to comment
Share on other sites

13 hours ago, GT500 said:

That's probably your ad blocker. Try disabling it, refreshing the page, and then attaching the file again.

all off: eff - privacy bagger, vpn with own cybersec system - still can't add the zip file.

13 hours ago, GT500 said:

Delete all existing Emsisoft Anti-Malware downloads from your Downloads folder, and try downloading a fresh copy of the installer.

did it before, found out that eav doesn't react when i'm plugging external disks. this time check old eav folder - was clean, only quarantine files feft, like before - just in case, previous drives listed. becouse realtek driver attempted install himself again direct after reboot after new installation - cleaned up with cccleaner, purge temps in users, and installed again.

before eav installation noticed problem with backup disk - system couldn't write files down; need to reconnect it and then installed antyvirus, which now seems operating normally.

13 hours ago, GT500 said:

Also, be sure to follow the firewall configuration guide.

i did, all Eav services are free to communicate.

 

 

 

Link to comment
Share on other sites

18 hours ago, dkds said:

all off: eff - privacy bagger, vpn with own cybersec system - still can't add the zip file.

What about Adblock, Adblock Plus, uBlock Origin, Adguard, etc? Some filter lists for those can cause problems with attachments on our forums.

 

18 hours ago, dkds said:

i did, all Eav services are free to communicate.

Have you added the ports specified in the guide to your firewall and your router's port forwarding settings?

Copied from the firewall setup guide:

Devices running Emsisoft Anti-Malware with default Windows Firewall configurations should work automatically. If non-default firewall settings exist, it is best to add a whitelist entry for *.emsisoft.com. Precise server names if your firewall doesn’t allow wildcards like ‘ * ‘ are detailed in our Firewall Configuration Guide, with additional servers and ports listed below.

  • Emsisoft Anti-Malware protected devices using Emsisoft Management Console without utilizing the Proxy Relay feature Add cloudbroker.emsisoft.com, TCP port 61614 out.
  • Relay proxy configuration To utilize the relay proxy feature of Emsisoft Management Console on a specific device, the firewall must be adjusted on each device as follows:
    • Emsisoft Anti-Malware protected devices using Emsisoft Management Console’s Proxy Relay feature, but not serving as the Proxy Relay Add ports 33500-33699 out to the chosen relay proxy device.
    • Emsisoft Anti-Malware protected devices serving as an Emsisoft Management Console Proxy Relay Add ports 33500-33899 in for proxied device connections, and port 33700 in and out. Note that the Emsisoft Anti-Malware installation on the proxy relay can use itself to further reduce update traffic. In that case also allow ports 33500-33699 to the same machine address if needed, as above.
Link to comment
Share on other sites

4 hours ago, GT500 said:

What about Adblock, Adblock Plus, uBlock Origin, Adguard, etc? Some filter lists for those can cause problems with attachments on our forums.

don't have it, there is no need to keep them in your browser if you have privacy badger and cybersec, in adition "http everywhere" also from eff

 

4 hours ago, GT500 said:

Have you added the ports specified in the guide to your firewall and your router's port forwarding settings?

Copied from the firewall setup guide:

Devices running Emsisoft Anti-Malware with default Windows Firewall configurations should work automatically. If non-default firewall settings exist, it is best to add a whitelist entry for *.emsisoft.com. Precise server names if your firewall doesn’t allow wildcards like ‘ * ‘ are detailed in our Firewall Configuration Guide, with additional servers and ports listed below.

  • Emsisoft Anti-Malware protected devices using Emsisoft Management Console without utilizing the Proxy Relay feature Add cloudbroker.emsisoft.com, TCP port 61614 out.
  • Relay proxy configuration To utilize the relay proxy feature of Emsisoft Management Console on a specific device, the firewall must be adjusted on each device as follows:
    • Emsisoft Anti-Malware protected devices using Emsisoft Management Console’s Proxy Relay feature, but not serving as the Proxy Relay Add ports 33500-33699 out to the chosen relay proxy device.
    • Emsisoft Anti-Malware protected devices serving as an Emsisoft Management Console Proxy Relay Add ports 33500-33899 in for proxied device connections, and port 33700 in and out. Note that the Emsisoft Anti-Malware installation on the proxy relay can use itself to further reduce update traffic. In that case also allow ports 33500-33699 to the same machine address if needed, as above.

Tiny Firewall is a simple software, I don't have - or can't find them - possibilities to open listed ports, as far I can see - this firewall in learning mode analyzes and allows every connections attempts (that's why two listening eav processes were blocked).  Like I said before, now they can communicate freely as long as they will not change location on disk, I suppose. Anyway, on the other two computers Tiny is not installed, so I should see their update time.

Which is why I asked: maybe myEmsisoft profile does not show update time for computers managed locally?

 

 

 

btw: can't add files. ;(

Link to comment
Share on other sites

19 hours ago, dkds said:

in adition "http everywhere" also from eff

That extension can break a lot of websites, and I do not recommend using it. On websites that do support HTTPS connections the extension is usually not required, and for websites and content loading from servers that don't have HTTPS configured the extension will essentially cause the connection to error out by trying to force it to use HTTPS. As far as I know it shouldn't be causing an issue with attachments on our forums though.

 

19 hours ago, dkds said:

Which is why I asked: maybe myEmsisoft profile does not show update time for computers managed locally?

I don't think EAM sends any information to Emsisoft Management Console when it's configured to only be managed locally, beyond the application rules and license info.

Link to comment
Share on other sites

5 hours ago, GT500 said:

That extension can break a lot of websites, and I do not recommend using it. On websites that do support HTTPS connections the extension is usually not required, and for websites and content loading from servers that don't have HTTPS configured the extension will essentially cause the connection to error out by trying to force it to use HTTPS. As far as I know it shouldn't be causing an issue with attachments on our forums though.

ok, what with this, should I download and install in my comp update file after this screen (wuc02) if no: should trust downloaded files, having problem with unwanted previews loaded by original installer?

5 hours ago, GT500 said:

I don't think EAM sends any information to Emsisoft Management Console when it's configured to only be managed locally, beyond the application rules and license info.

I need to know for sure, what kind of information are visible in myemsisoft profile for computers managed locally. Haven't seen them in online manual - or - couldn't find them. As producer you had to tested this scenario also I believe.

WUC02.jpg

Link to comment
Share on other sites

18 hours ago, dkds said:

what kind of information are visible in myemsisoft profile for computers managed locally

I don't think anything is supposed to be visible. EAM sends the same data to our systems when configured to be locally managed that it does when it's not even connected to the Emsisoft Management Console.

I'll ask QA to be certain.

 

18 hours ago, dkds said:

ok, what with this, should I download and install in my comp update file after this screen (wuc02) if no: should trust downloaded files, having problem with unwanted previews loaded by original installer?

Is this what you're trying to use? Those Windows Update files don't download via HTTPS, and HTTPS may not be configured for the domain "download.windowsupdate.com". You need to disable or uninstall HTTPS Everywhere to be able to download those files.

This is an excellent example of HTTPS Everywhere breaking things because you should not try to force HTTPS on websites that are not configured for it.

Link to comment
Share on other sites

 

6 hours ago, GT500 said:

Is this what you're trying to use? Those Windows Update files don't download via HTTPS, and HTTPS may not be configured for the domain "download.windowsupdate.com". You need to disable or uninstall HTTPS Everywhere to be able to download those files.

This is an excellent example of HTTPS Everywhere breaking things because you should not try to force HTTPS on websites that are not configured for it.

Ok, in fact it wasn't plugin but FFox feature and honestly, I don't understand why expecting highest possible safety level from WUC site is so strange?!

https://support.mozilla.org/en-US/kb/https-only-prefs?as=u&utm_source=inproduct
https://support.mozilla.org/en-US/kb/secure-connection-failed-firefox-did-not-connect?as=u&utm_source=inproduct

thank you and one more thing, I wouldn't bother you if I can find information what kind of behavior of my browser I can expect while downloading updates - in this case -  provided by Microsoft.

6 hours ago, GT500 said:

I don't think anything is supposed to be visible. EAM sends the same data to our systems when configured to be locally managed that it does when it's not even connected to the Emsisoft Management Console.

I'll ask QA to be certain.

Thanks :)

mozilla https.jpg

Link to comment
Share on other sites

17 hours ago, dkds said:

Ok, in fact it wasn't plugin but FFox feature and honestly, I don't understand why expecting highest possible safety level from WUC site is so strange?!

The downloads don't need to be encrypted.

 

17 hours ago, dkds said:

thank you and one more thing, I wouldn't bother you if I can find information what kind of behavior of my browser I can expect while downloading updates - in this case -  provided by Microsoft.

I don't normally use Firefox, so I don't know what to expect in that browser. In a Chromium based browser (or at least the one I use) it works just fine without error messages.

Link to comment
Share on other sites

On 3/28/2021 at 6:33 AM, GT500 said:

I'll ask QA to be certain.

have you maybe? because  I've noticed another strange behavior, details attached.

By the way (success!), Im again able to add zip files - had to reinstall intel graphics and browser.

Desktop.zip

Link to comment
Share on other sites

On 4/1/2021 at 5:05 AM, dkds said:

have you maybe? because  I've noticed another strange behavior, details attached.

I didn't ask after remembering that EAM doesn't send any data to our online management console when set to be locally managed.

As for the error in your screenshot, what did you click on before seeing the error?

Edited by GT500
Fixed typos.
Link to comment
Share on other sites

9 hours ago, GT500 said:

I didn.t ask after remembering that EAM doesn't send any data to our online management console when set to be locally managed.

pity; anyway this is a bit strange, software installed and admin has no clue if every comp received update.

 

9 hours ago, GT500 said:

As for the error in your screenshot, what did you click on before seeing the error?

protection status button, this one looking like gearwheel.

Link to comment
Share on other sites

On 4/2/2021 at 10:20 AM, dkds said:

protection status button, this one looking like gearwheel.

The gear icon is for the settings.

Was this for the workstation that's set to only be locally managed, or for another workstation?

Link to comment
Share on other sites

11 hours ago, GT500 said:

Was this for the workstation that's set to only be locally managed, or for another workstation?

all of them are managed locally for some time now; never seen it before

Link to comment
Share on other sites

On 4/4/2021 at 4:34 AM, dkds said:

all of them are managed locally for some time now; never seen it before

I'm being told that the last update time should always update, regardless of whether or not your device is set to be locally managed or remotely managed. The last update time is based on information from the update servers, and not on information sent to the management console by Emsisoft Anti-Malware. I'm also being told that the only reason why the last update time wouldn't be updating is if Emsisoft Anti-Malware was activated with a different license key than the one associated with your workspace.

Would you like to schedule a time for me to remotely connect to your computer and take a closer look at this? I'm usually available after from 12:00 AM to around 6:00 AM EDT. Note that I will need to schedule it at least 24 hours in advance to ensure I see your message in time.
https://www.timeanddate.com/worldclock/usa/indianapolis

Link to comment
Share on other sites

On 4/6/2021 at 12:50 AM, GT500 said:

I'm being told that the last update time should always update, regardless of whether or not your device is set to be locally managed or remotely managed. The last update time is based on information from the update servers, and not on information sent to the management console by Emsisoft Anti-Malware. I'm also being told that the only reason why the last update time wouldn't be updating is if Emsisoft Anti-Malware was activated with a different license key than the one associated with your workspace.

Would you like to schedule a time for me to remotely connect to your computer and take a closer look at this? I'm usually available after from 12:00 AM to around 6:00 AM EDT. Note that I will need to schedule it at least 24 hours in advance to ensure I see your message in time.
https://www.timeanddate.com/worldclock/usa/indianapolis

I'm sorry for delayed answer. Of course. I'm in the middle of Europe. when im writing this in Indiana is 13.20 and in my neighborhood 19.20, math isn't my strong side (sorry) Im available from 5pm CET - and because it may be funny you can pick time you think is the best.

Link to comment
Share on other sites

11 hours ago, dkds said:

I'm sorry for delayed answer. Of course. I'm in the middle of Europe. when im writing this in Indiana is 13.20 and in my neighborhood 19.20, math isn't my strong side (sorry) Im available from 5pm CET - and because it may be funny you can pick time you think is the best.

Berlin is on the same time you are, right? If I add Berlin and Indianapolis to a meeting planner, it looks like midnight for me is 6:00 AM for you, and 5:00 PM for you is 11:00 AM for me:
https://www.timeanddate.com/worldclock/meetingtime.html?month=4&day=10&year=2021&p1=105&p2=37&iv=0

Unfortunately it doesn't look like I can be available when you are, unless you can find time before 2:00 PM. Weekends work for me, if that makes things easier. The only days I don't have available for certain are the 12th and the 13th of April, but any other day should work.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...