Перейти к содержимому


Фото
- - - - -

Проблема с подключением клиентов к серверу

Автор VladimirN , апр 16 2025 13:38

  • Please log in to reply
13 ответов в этой теме

#1 VladimirN

VladimirN

    Member

  • Posters
  • 141 Сообщений:

Отправлено 16 Апрель 2025 - 13:38

Добрый день.
Возникла проблема у части рабочих станций с подключением к антивирусному серверу, сейчас они работают в мобильном режиме.
При этом с каких то станций при вводе команды telnet 10.0.0.69 2193 получается подключиться к серверу, а на каких-то станция подключение не происходит. На клиентах с проблемой в логах es-service.log следующие ошибки:
 
Компьютер1
...
2025-Apr-16 12:57:20.196547 [ 3384] [INF] [components] on_connected
2025-Apr-16 12:57:20.196576 [ 3384] [INF] [components] on_connected error: negotiation error
2025-Apr-16 12:57:26.939148 [ 3384] [INF] [event-processor] Accumulate event because of not connected to server (3 events pending)
2025-Apr-16 12:58:26.954899 [ 3384] [INF] [event-processor] Accumulate event because of not connected to server (3 events pending)
2025-Apr-16 12:59:26.962852 [ 3384] [INF] [event-processor] Accumulate event because of not connected to server (3 events pending)
2025-Apr-16 12:59:52.197664 [ 3392] [INF] [es-client] [TextProto/Client/A2S/Session] unconnected/dead: there is an error in previous connection, will try next server if it is
2025-Apr-16 12:59:52.198203 [ 3392] [TRC] [es-client] [Discovery] Parse endpoint <10.0.0.69:2193>
2025-Apr-16 13:00:13.238146 [ 3384] [ERR] [es-client] [Transport] unconnected: unable to connect to '10.0.0.69:2193' because of Попытка установить соединение была безуспешной, т.к. от другого компьютера за требуемое время не получен нужный отклик, или было разорвано уже установленное соединение из-за неверного отклика уже подключенного компьютера (code: 10060)
2025-Apr-16 13:00:13.238657 [ 3384] [ERR] [es-client] [TextProto/Client/A2S/Session] Unable to connect to "10.0.0.69:2193" because of negotiation error (error: 2)
2025-Apr-16 13:00:13.238721 [ 3384] [WRN] [reconnector] ES connection error 2 'negotiation error'
2025-Apr-16 13:00:13.239429 [ 3384] [INF] [reconnector] retry ... 123 seconds

 

и 

 

Компьютер2

...

2025-Apr-16 11:43:08.933646 [ 3700] [INF] [components] on_connected
2025-Apr-16 11:43:08.933655 [ 3700] [INF] [components] on_connected error: negotiation error
2025-Apr-16 11:43:52.248010 [ 3704] [INF] [event-processor] Accumulate event because of not connected to server (2 events pending)
2025-Apr-16 11:44:52.258110 [ 3704] [INF] [event-processor] Accumulate event because of not connected to server (2 events pending)
2025-Apr-16 11:45:25.942383 [ 3704] [INF] [es-client] [TextProto/Client/A2S/Session] unconnected/dead: there is an error in previous connection, will try next server if it is
2025-Apr-16 11:45:25.942613 [ 3704] [TRC] [es-client] [Discovery] Parse endpoint <10.0.0.69:2193>
2025-Apr-16 11:45:46.978772 [ 3704] [ERR] [es-client] [Transport] unconnected: unable to connect to '10.0.0.69:2193' because of Попытка установить соединение была безуспешной, т.к. от другого компьютера за требуемое время не получен нужный отклик, или было разорвано уже установленное соединение из-за неверного отклика уже подключенного компьютера (code: 10060)
2025-Apr-16 11:45:46.979154 [ 3704] [ERR] [es-client] [TextProto/Client/A2S/Session] Unable to connect to "10.0.0.69:2193" because of negotiation error (error: 2)
2025-Apr-16 11:45:46.979217 [ 3704] [WRN] [reconnector] ES connection error 2 'negotiation error'
2025-Apr-16 11:45:46.979609 [ 3704] [INF] [reconnector] retry ... 125 seconds
2025-Apr-16 11:45:46.979637 [ 3704] [INF] [components] on_connected
2025-Apr-16 11:45:46.979646 [ 3704] [INF] [components] on_connected error: negotiation error
2025-Apr-16 11:45:52.268323 [ 3700] [INF] [event-processor] Accumulate event because of not connected to server (2 events pending)
2025-Apr-16 11:46:44.373676 [ 3676] [INF] [Service] [StopAll] Stopping modules
2025-Apr-16 11:46:44.373939 [ 3676] [INF] [manager] stop subsystem netsvc ...
2025-Apr-16 11:46:44.373955 [ 3676] [INF] [manager] stop subsystem reconnector ...
2025-Apr-16 11:46:44.373962 [ 3676] [INF] [reconnector] disconnected with av-service. Disconnecting from es-server
2025-Apr-16 11:46:44.373990 [ 3676] [INF] [manager] stop subsystem es_server_communication ...
2025-Apr-16 11:46:44.374011 [ 3676] [INF] [manager] stop subsystem devices ...
2025-Apr-16 11:46:44.374075 [ 3676] [INF] [manager] stop subsystem MCastUpdates ...
2025-Apr-16 11:46:44.374087 [ 3676] [INF] [manager] stop subsystem quarantine ...
2025-Apr-16 11:46:45.608123 [ 3684] [ERR] [dws] protocol error = 1011; additional = ; syscode = 109; disconnect = 1
2025-Apr-16 11:46:45.608161 [ 3684] [WRN] [dws] Disconnected from Control Service Dr.Web
2025-Apr-16 11:46:47.507663 [ 5116] [INF] [quarantine] Event channel ended with status 4294967295
2025-Apr-16 11:46:47.507690 [ 5116] [INF] [quarantine] Event listener stopped
2025-Apr-16 11:46:47.508136 [ 3676] [INF] [manager] stop subsystem es_update ...
2025-Apr-16 11:46:47.508183 [ 3676] [INF] [manager] stop subsystem RepoCache ...
2025-Apr-16 11:46:47.508197 [ 3676] [INF] [manager] stop subsystem esloader ...
2025-Apr-16 11:46:47.508210 [ 3676] [INF] [manager] stop subsystem statistics ...
2025-Apr-16 11:46:47.508221 [ 3676] [INF] [manager] stop subsystem escanner ...
2025-Apr-16 11:46:47.508232 [ 3684] [INF] [manager] stop subsystem netsvc ...
2025-Apr-16 11:46:47.508291 [ 3684] [INF] [manager] stop subsystem netsvc skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508349 [ 3684] [INF] [manager] stop subsystem reconnector ...
2025-Apr-16 11:46:47.508356 [ 3676] [INF] [manager] stop subsystem task-runner ...
2025-Apr-16 11:46:47.508379 [ 3684] [INF] [manager] stop subsystem reconnector skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508391 [ 3684] [INF] [manager] stop subsystem es_server_communication ...
2025-Apr-16 11:46:47.508411 [ 3684] [INF] [manager] stop subsystem es_server_communication skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508419 [ 3684] [INF] [manager] stop subsystem devices ...
2025-Apr-16 11:46:47.508439 [ 3684] [INF] [manager] stop subsystem devices skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508456 [ 3684] [INF] [manager] stop subsystem MCastUpdates ...
2025-Apr-16 11:46:47.508467 [ 3676] [INF] [manager] stop subsystem Scheduler ...
2025-Apr-16 11:46:47.508471 [ 3684] [INF] [manager] stop subsystem MCastUpdates skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508497 [ 3676] [INF] [Scheduler] Enterprise scheduler stopped
2025-Apr-16 11:46:47.508500 [ 3684] [INF] [manager] stop subsystem quarantine ...
2025-Apr-16 11:46:47.508529 [ 3684] [INF] [manager] stop subsystem quarantine skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508536 [ 3684] [INF] [manager] stop subsystem es_update ...
2025-Apr-16 11:46:47.508547 [ 3684] [INF] [manager] stop subsystem es_update skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508553 [ 3684] [INF] [manager] stop subsystem RepoCache ...
2025-Apr-16 11:46:47.508565 [ 3684] [INF] [manager] stop subsystem RepoCache skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508571 [ 3684] [INF] [manager] stop subsystem esloader ...
2025-Apr-16 11:46:47.508510 [ 3676] [INF] [manager] stop subsystem NetScan ...
2025-Apr-16 11:46:47.508582 [ 3684] [INF] [manager] stop subsystem esloader skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508611 [ 3684] [INF] [manager] stop subsystem statistics ...
2025-Apr-16 11:46:47.508614 [ 3676] [INF] [manager] stop subsystem NAP ...
2025-Apr-16 11:46:47.508625 [ 3684] [INF] [manager] stop subsystem statistics skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508630 [ 3676] [INF] [manager] stop subsystem Mixed ...
2025-Apr-16 11:46:47.508633 [ 3684] [INF] [manager] stop subsystem escanner ...
2025-Apr-16 11:46:47.508649 [ 3676] [INF] [manager] stop subsystem VdbCache ...
2025-Apr-16 11:46:47.508660 [ 3684] [INF] [manager] stop subsystem escanner skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508667 [ 3684] [INF] [manager] stop subsystem task-runner ...
2025-Apr-16 11:46:47.508678 [ 3684] [INF] [manager] stop subsystem task-runner skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508684 [ 3684] [INF] [manager] stop subsystem Scheduler ...
2025-Apr-16 11:46:47.508695 [ 3684] [INF] [manager] stop subsystem Scheduler skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508701 [ 3684] [INF] [manager] stop subsystem NetScan ...
2025-Apr-16 11:46:47.508710 [ 4764] [INF] [VdbCache] End subscribing for engine events: breaking
2025-Apr-16 11:46:47.508712 [ 3684] [INF] [manager] stop subsystem NetScan skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508746 [ 3684] [INF] [manager] stop subsystem NAP ...
2025-Apr-16 11:46:47.508764 [ 3684] [INF] [manager] stop subsystem NAP skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508771 [ 3684] [INF] [manager] stop subsystem Mixed ...
2025-Apr-16 11:46:47.508791 [ 3684] [INF] [manager] stop subsystem Mixed skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508809 [ 3676] [INF] [manager] stop subsystem event-processor ...
2025-Apr-16 11:46:47.508810 [ 3684] [INF] [manager] stop subsystem VdbCache ...
2025-Apr-16 11:46:47.508824 [ 3676] [INF] [event-processor] stop
2025-Apr-16 11:46:47.508854 [ 3684] [INF] [manager] stop subsystem VdbCache skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508863 [ 3676] [INF] [manager] stop subsystem UserMon ...
2025-Apr-16 11:46:47.508865 [ 3684] [INF] [manager] stop subsystem event-processor ...
2025-Apr-16 11:46:47.508889 [ 3676] [INF] [manager] stop subsystem UserMon skipped: unexpected state stopped ( current state: signal_connected ) 
2025-Apr-16 11:46:47.508895 [ 3684] [INF] [manager] stop subsystem event-processor skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.508898 [ 3676] [INF] [manager] stop subsystem components ...
2025-Apr-16 11:46:47.508906 [ 3684] [INF] [manager] stop subsystem UserMon ...
2025-Apr-16 11:46:47.508943 [ 3676] [INF] [components] process paused state for all components
2025-Apr-16 11:46:47.508945 [ 3684] [INF] [manager] stop subsystem UserMon skipped: unexpected state stopped ( current state: signal_connected ) 
2025-Apr-16 11:46:47.508961 [ 3676] [INF] [event-processor] process_all_end
2025-Apr-16 11:46:47.508974 [ 3684] [INF] [manager] stop subsystem components ...
2025-Apr-16 11:46:47.514851 [ 3676] [INF] [event-processor] Accumulate event because of not connected to server (13 events pending)
2025-Apr-16 11:46:47.514889 [ 3676] [INF] [manager] stop subsystem plugins ...
2025-Apr-16 11:46:47.514905 [ 3684] [INF] [manager] stop subsystem components skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.514928 [ 3684] [INF] [manager] stop subsystem plugins ...
2025-Apr-16 11:46:47.514910 [ 3676] [INF] [manager] stop subsystem environment ...
2025-Apr-16 11:46:47.514945 [ 3684] [INF] [manager] stop subsystem plugins skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.514964 [ 3676] [INF] [manager] stop subsystem DbStorage ...
2025-Apr-16 11:46:47.514981 [ 3676] [INF] [manager] stop subsystem config ...
2025-Apr-16 11:46:47.514969 [ 3684] [INF] [manager] stop subsystem environment ...
2025-Apr-16 11:46:47.515014 [ 3676] [INF] [manager] stop subsystem ipc ...
2025-Apr-16 11:46:47.515016 [ 3684] [INF] [manager] stop subsystem environment skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.515035 [ 3684] [INF] [manager] stop subsystem DbStorage ...
2025-Apr-16 11:46:47.515048 [ 3676] [INF] [ipc] Pipe listener stopped
2025-Apr-16 11:46:47.515049 [ 3684] [INF] [manager] stop subsystem DbStorage skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.515063 [ 3676] [INF] [manager] stop subsystem dws9_clients ...
2025-Apr-16 11:46:47.515076 [ 3684] [INF] [manager] stop subsystem config ...
2025-Apr-16 11:46:47.515114 [ 3684] [INF] [manager] stop subsystem config skipped: unexpected state stopped ( current state: stopped ) 
2025-Apr-16 11:46:47.515236 [ 3676] [ERR] [dws] Error to cancel active calls: System error; (write_some: Идет закрытие канала)
2025-Apr-16 11:46:47.521348 [ 3676] [INF] [Service] [StopAll] modules stopped
2025-Apr-16 11:49:27.692322 [ 2664] [INF] [LOG] Starting service...
===============================================================================
 Dr.Web Es Service for Windows v12.12.28.07050
 Copyright © Doctor Web, Ltd., 1992-2025
 Current arch: x64
 Binary: x64
 Operating System: Windows Server 2022 x64 (Build 20348)
 Command line: C:\Program Files\DrWeb\es-service.exe --logfile=C:\ProgramData\Doctor Web\Logs\es-service.log 
===============================================================================
2025-Apr-16 11:49:27.694613 [ 3556] [INF] [subsysmanager] start with mode: es, business
2025-Apr-16 11:49:27.694632 [ 3556] [INF] [subsysmanager] Creating subsystems...
2025-Apr-16 11:49:27.695170 [ 3556] [INF] [dws] Create reconnector
2025-Apr-16 11:49:27.695590 [ 3556] [INF] [dws9_clients] create
2025-Apr-16 11:49:27.695637 [ 3556] [INF] [ipc] create
2025-Apr-16 11:49:27.695723 [ 3556] [INF] [config] create
2025-Apr-16 11:49:27.695747 [ 3556] [INF] [DbStorage] [db-storage] create
2025-Apr-16 11:49:27.695785 [ 3556] [INF] [environment] Environment monitor subsystem created
2025-Apr-16 11:49:27.695907 [ 3556] [INF] [plugins] create
2025-Apr-16 11:49:27.695985 [ 3556] [INF] [components] create
2025-Apr-16 11:49:27.696106 [ 3556] [INF] [event-processor] create
2025-Apr-16 11:49:27.698864 [ 3556] [INF] [mixed] Mixed subsystem created
2025-Apr-16 11:49:27.699233 [ 3556] [INF] [Scheduler] create
2025-Apr-16 11:49:27.699270 [ 3556] [INF] [task-runner] Create
2025-Apr-16 11:49:27.699634 [ 3556] [INF] [escanner] create
2025-Apr-16 11:49:27.699674 [ 3556] [INF] [statistics] create
2025-Apr-16 11:49:27.699711 [ 3556] [INF] [esloader] create
2025-Apr-16 11:49:27.699836 [ 3556] [INF] [esupdate] create
2025-Apr-16 11:49:27.699853 [ 3556] [INF] [quarantine] Create
2025-Apr-16 11:49:27.699891 [ 3556] [INF] [devices] create
2025-Apr-16 11:49:27.710863 [ 3556] [INF] [reconnector] create
2025-Apr-16 11:49:27.710879 [ 3556] [INF] [netsvc] create
2025-Apr-16 11:49:27.710911 [ 3556] [INF] [subsysmanager] Subsystems created
2025-Apr-16 11:49:27.711178 [ 3556] [INF] [manager] start subsystem dws9_clients ...
2025-Apr-16 11:49:27.711191 [ 3556] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 11:49:27.711742 [ 3556] [ERR] [dws] Connect to control dwservice [0] exception: System error; (Unable to open pipe.)
2025-Apr-16 11:49:27.711764 [ 3556] [INF] [manager] start subsystem ipc ...
2025-Apr-16 11:49:27.712462 [ 3556] [INF] [Service] [Modules] Start 8 threads for modules
2025-Apr-16 14:27:09.749776 [ 3600] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:10.752066 [ 3596] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:11.752041 [ 3600] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:12.752205 [ 3596] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:13.767768 [ 3600] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:14.783312 [ 3596] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:15.798931 [ 3600] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:16.799050 [ 3596] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:17.798966 [ 3600] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:18.814656 [ 3596] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:18.814865 [ 3596] [ERR] [dws] Connect to control dwservice [10] exception: System error; (Unable to open pipe.)
2025-Apr-16 14:27:19.830273 [ 3600] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:20.830339 [ 3596] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:21.845833 [ 3600] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:22.845868 [ 3596] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:23.846025 [ 3600] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:24.861697 [ 3596] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 14:27:25.861559 [ 3600] [INF] [dws] Try connect to Control Service Dr.Web ...
 
Прикрепить файл к сообщению не получается почему-то. Пожалуйста помогите решить проблему.

 


#2 Afalin

Afalin

    Guru

  • Dr.Web Staff
  • 6 028 Сообщений:

Отправлено 16 Апрель 2025 - 14:38

Подсеть с сервером оттуда вообще доступна? Маршруты на этих станциях правильно построены?


Семь раз отрежь – один раз проверь

#3 VladimirN

VladimirN

    Member

  • Posters
  • 141 Сообщений:

Отправлено 16 Апрель 2025 - 14:43

Подсеть с сервером оттуда вообще доступна? Маршруты на этих станциях правильно построены?

Пинги идут, маршрутизация не менялась, компьютеры находятся в одной подсети 10.0.0.0/24


#4 Dmitry_rus

Dmitry_rus

    Guru

  • Helpers
  • 3 675 Сообщений:

Отправлено 16 Апрель 2025 - 15:50

Обычно я решение подобных проблем всегда начинаю с перезагрузки. Иногда (особенно для машин со значительным аптаймом) это помогает сразу, и к дальнейшим шагам прибегать не приходится. А что касается данной ситуации - есть ряд вопросов.

1. Ранее станции работали нормально, проблема проявилась спустя какое-то время?

2. Данные "проблемные" станции возможно пропинговать (ICMP) с других хостов вашей ЛС?

3. Нет ли каких-то запрещающих правил, "черных списков" IP в настройках фаеров/коммутационного оборудования?

4. Пинги (ICMP) идут по направлению от станции к серверу, от сервера к станции?

5. Если на сервере есть еще какой-то сервис (и открыт соответствующий порт), то telnet с проблемной станции к этому сервису проходит?


#5 VladimirN

VladimirN

    Member

  • Posters
  • 141 Сообщений:

Отправлено 16 Апрель 2025 - 16:18

1. Да, вчера станции работали нормально. Вчера была миграция с 13 до 15 версии postgresql. Сегодня утром менялись самоподписанные сертификаты для доступа к web-интерфейсу.
2 и 4. Да, проблемные узлы пингуются с других узлов сети и сами могут пинговать другие узлы, в том числе антивирусный сервер
3. Насколько мне известно таких правил нет
5. С нормальной станции подключаюсь через telnet к порту 9081 на антивирусном сервере, с проблемной станции сделать этого не могу.
 
На одном из компьютеров пробовал переустановить агента - удалил его, убрал его с антивирусного сервера. Переустанавливаю на компьютер и он не может соединиться с антивирусным сервером.
 
Это лог с ещё одной станции
...
2025-Apr-15 14:29:50.371454 [ 3428] [INF] [Scheduler] starting scheduler, now: 2025-Apr-15 14:29:50
2025-Apr-16 07:15:20.833972 [ 3416] [INF] [esloader] start downloading products: 10-drwbases; 20-drwagent; 
2025-Apr-16 07:15:20.836911 [ 3428] [INF] [esloader] Product: 10-drwbases. Current revision = 130'20250415040930. New revision = 130'20250416035138.
2025-Apr-16 07:15:20.840616 [ 3400] [INF] [esloader] Product: 20-drwagent. Current revision = 130'20250403114722. New revision = 130'20250415102031.
2025-Apr-16 07:15:21.064915 [ 3404] [INF] [esloader] Will be loaded 8 file(s) ( 1501056 byte(s) ) for product 10-drwbases
2025-Apr-16 07:15:21.064960 [ 3404] [INF] [esloader] Sending ARQ_UPDATE to server ...
2025-Apr-16 07:15:21.151025 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/revision.xml downloaded!
2025-Apr-16 07:15:21.199698 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/vdb-revision.xml downloaded!
2025-Apr-16 07:15:21.419664 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/drwdaily.vdb.lzma downloaded!
2025-Apr-16 07:15:21.541140 [ 3400] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/drwtoday.vdb.lzma downloaded!
2025-Apr-16 07:15:21.602213 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/dwm11052.vdb.lzma downloaded!
2025-Apr-16 07:15:21.645108 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/dwmtoday.vdb.lzma downloaded!
2025-Apr-16 07:15:21.705059 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/dwntoday.vdb.lzma downloaded!
2025-Apr-16 07:15:21.756394 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/dwrtoday.vdb.lzma downloaded!
2025-Apr-16 07:15:21.756474 [ 3404] [INF] [esloader] Download complete for Product = 10-drwbases. Revision = 130'20250416035138. Downloaded Size = 1501056
2025-Apr-16 07:15:22.646099 [ 3400] [INF] [esloader] Will be loaded 46 file(s) ( 16214632 byte(s) ) for product 20-drwagent
2025-Apr-16 07:15:22.646146 [ 3400] [INF] [esloader] Sending ARQ_UPDATE to server ...
2025-Apr-16 07:15:22.687069 [ 3428] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/arkapi/9/revision.xml downloaded!
2025-Apr-16 07:15:22.927730 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/arkapi/9/x64/win/nt/common/dwarkapi.dll.lzma downloaded!
2025-Apr-16 07:15:22.966065 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/comps-revision.xml downloaded!
2025-Apr-16 07:15:23.006330 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/device-guard/9/revision.xml downloaded!
2025-Apr-16 07:15:23.040390 [ 3428] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/device-guard/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:23.092917 [ 3428] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/device-guard/9/x64/win/nt/common/dwdg.sys.lzma downloaded!
2025-Apr-16 07:15:23.139054 [ 3428] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/device-guard/revisions.xml downloaded!
2025-Apr-16 07:15:23.384546 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/exchange-plugin-setup/9/common/exchange-setup.exe.lzma downloaded!
2025-Apr-16 07:15:23.418612 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/exchange-plugin-setup/9/revision.xml downloaded!
2025-Apr-16 07:15:23.451620 [ 3420] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/exchange-plugin-setup/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:23.482285 [ 3420] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/exchange-plugin-setup/revisions.xml downloaded!
2025-Apr-16 07:15:23.517584 [ 3400] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/firewall/9/revision.xml downloaded!
2025-Apr-16 07:15:23.550565 [ 3428] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/firewall/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:23.710549 [ 3428] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/firewall/9/x64/win/nt/common/frwl_svc.exe.lzma downloaded!
2025-Apr-16 07:15:23.739820 [ 3428] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/firewall/revisions.xml downloaded!
2025-Apr-16 07:15:23.998126 [ 3416] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/lotus-plugin-setup/9/common/lotus-plugin-setup.exe.lzma downloaded!
2025-Apr-16 07:15:24.032154 [ 3416] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/lotus-plugin-setup/9/revision.xml downloaded!
2025-Apr-16 07:15:24.064908 [ 3420] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/lotus-plugin-setup/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:24.094990 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/lotus-plugin-setup/revisions.xml downloaded!
2025-Apr-16 07:15:24.129039 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter-http/9/revision.xml downloaded!
2025-Apr-16 07:15:24.160322 [ 3420] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter-http/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:24.189090 [ 3420] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter-http/revisions.xml downloaded!
2025-Apr-16 07:15:24.225493 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter-mail/9/revision.xml downloaded!
2025-Apr-16 07:15:24.262148 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter-mail/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:24.293581 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter-mail/revisions.xml downloaded!
2025-Apr-16 07:15:24.327787 [ 3420] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter/9/revision.xml downloaded!
2025-Apr-16 07:15:24.359856 [ 3416] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:24.571464 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter/9/x64/win/nt/common/dwnetfilter.exe.lzma downloaded!
2025-Apr-16 07:15:24.599399 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/net-filter/revisions.xml downloaded!
2025-Apr-16 07:15:24.634903 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/outlook-plugin/9/revision.xml downloaded!
2025-Apr-16 07:15:24.665162 [ 3428] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/outlook-plugin/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:24.880523 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/outlook-plugin/9/x64/win/nt/common/drwebforoutlook.dll.lzma downloaded!
2025-Apr-16 07:15:25.153250 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/outlook-plugin/9/x64/win/nt/common/drwebforoutlook64.dll.lzma downloaded!
2025-Apr-16 07:15:25.349390 [ 3400] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/outlook-plugin/9/x64/win/nt/common/drwebsettingprocess.exe.lzma downloaded!
2025-Apr-16 07:15:25.388512 [ 3416] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/outlook-plugin/9/x64/win/nt/common/drwmsg.dll.lzma downloaded!
2025-Apr-16 07:15:25.424443 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/outlook-plugin/9/x64/win/nt/common/drwmsg64.dll.lzma downloaded!
2025-Apr-16 07:15:25.452229 [ 3412] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/outlook-plugin/revisions.xml downloaded!
2025-Apr-16 07:15:25.484531 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/parental-control/9/revision.xml downloaded!
2025-Apr-16 07:15:25.514039 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/parental-control/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:25.544300 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/parental-control/revisions.xml downloaded!
2025-Apr-16 07:15:25.580819 [ 3420] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/products.xml downloaded!
2025-Apr-16 07:15:25.614102 [ 3420] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/traffic-hook/9/revision.xml downloaded!
2025-Apr-16 07:15:25.647138 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/traffic-hook/9/script.lua.lzma downloaded!
2025-Apr-16 07:15:25.701886 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/traffic-hook/9/x64/win/nt/common/drweblwf.sys.lzma downloaded!
2025-Apr-16 07:15:25.730838 [ 3404] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/traffic-hook/revisions.xml downloaded!
2025-Apr-16 07:15:25.766880 [ 3420] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/versions.xml downloaded!
2025-Apr-16 07:15:25.766946 [ 3420] [INF] [esloader] Download complete for Product = 20-drwagent. Revision = 130'20250415102031. Downloaded Size = 16214632
2025-Apr-16 07:15:25.766975 [ 3412] [INF] [esloader] All files downloaded
2025-Apr-16 07:15:25.879615 [ 3412] [INF] [updater] Updater started: stage 'Updating Products' (1/2)
2025-Apr-16 07:15:33.745957 [ 5944] [INF] [VdbCache] Dr.Web Engine virus bases has been reloaded
2025-Apr-16 07:15:33.947747 [ 3412] [INF] [updater] Updater stage 'Updating Products' completed successfully, ret = 0, err = 0
2025-Apr-16 07:15:38.184308 [ 3412] [INF] [updater] Updater stage 'Postupdating' completed successfully, ret = 0, err = 0
2025-Apr-16 07:15:38.185657 [ 3400] [INF] [esupdate] Reload updater configuration
2025-Apr-16 07:15:38.186089 [ 3400] [INF] [esupdate] Load products.xml from C:/ProgramData/Doctor Web/Updater/repo/90\products.xml
2025-Apr-16 07:15:38.188087 [ 3400] [INF] [esupdate] Products.xml contains 4 groups, 27 products, 42 components
2025-Apr-16 07:15:38.754877 [ 3400] [INF] [esloader] Update products-revisions map
2025-Apr-16 07:15:38.755038 [ 3400] [INF] [esloader]  ESproduct = 10-drwbases; revision = 130'20250416035138
2025-Apr-16 07:15:38.755046 [ 3400] [INF] [esloader]  ESproduct = 20-drwagent; revision = 130'20250415102031
2025-Apr-16 07:15:38.755115 [ 3428] [INF] [esupdate] Updating repo info ...
2025-Apr-16 07:15:38.755180 [ 3400] [INF] [esloader] Sending ANF_STATE to server ...
2025-Apr-16 07:15:38.755923 [ 3400] [INF] [esloader]  EsProduct = 10-drwbases ; revision = 13020250416035138; state = S; force_update = no
2025-Apr-16 07:15:38.755944 [ 3400] [INF] [esloader]  EsProduct = 20-drwagent ; revision = 13020250415102031; state = S; force_update = no
2025-Apr-16 07:15:38.788622 [ 3428] [INF] [esupdate] Repo info updated successfully: 13 add(update) files, 0 remove files.
2025-Apr-16 07:15:38.789908 [ 3400] [INF] [esupdate] Run delayed change policies.
2025-Apr-16 07:15:38.789952 [ 3412] [INF] [esupdate] Processing policies.
2025-Apr-16 07:15:38.790392 [ 3412] [INF] [esupdate] Run changing policies (change composition of components)
2025-Apr-16 07:15:38.790541 [ 3412] [INF] [esupdate] Product = Bases                     Revision = 20250416035138
2025-Apr-16 07:15:38.790563 [ 3412] [INF] [esupdate] Product = DrWebAgent                Revision = 20250415102031
2025-Apr-16 07:15:38.790576 [ 3412] [INF] [esupdate] Product = DrWebEsAgent              Revision = 20250415102031
2025-Apr-16 07:15:38.790581 [ 3412] [INF] [esupdate] Product = DrwBase                   Revision = 20250416035138
2025-Apr-16 07:15:38.790587 [ 3412] [INF] [esupdate] Product = ESAgentSetup              Revision = 20250415102031
2025-Apr-16 07:15:38.790592 [ 3412] [INF] [esupdate] Product = ScannerSE                 Revision = 20250415102031
2025-Apr-16 07:15:38.790597 [ 3412] [INF] [esupdate] Product = SpiderG3Srv               Revision = 20250415102031
2025-Apr-16 07:15:38.790602 [ 3412] [INF] [esupdate] Product = Updater                   Revision = 20250415102031
2025-Apr-16 07:15:38.790616 [ 3412] [INF] [esupdate] new product (es) policies
2025-Apr-16 07:15:38.790631 [ 3412] [INF] [esupdate]  Product = AVDAgentSetup             ( EsId =  503) CANNOT be installed! (0) (not suitable type)
2025-Apr-16 07:15:38.790643 [ 3412] [INF] [esupdate]  Product = Bases                     ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:38.790652 [ 3412] [INF] [esupdate]  Product = DrWebAgent                ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:38.790659 [ 3412] [INF] [esupdate]  Product = DrWebAvdAgent             ( EsId =   30) CANNOT be installed! (0) (not suitable type)
2025-Apr-16 07:15:38.790666 [ 3412] [INF] [esupdate]  Product = DrWebEsAgent              ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:38.790674 [ 3412] [INF] [esupdate]  Product = DrWebEsAgentIndustrial    ( EsId =   30) CANNOT be installed! (0) (not suitable for not industrial)
2025-Apr-16 07:15:38.790681 [ 3412] [INF] [esupdate]  Product = DrwBase                   ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:38.790688 [ 3412] [INF] [esupdate]  Product = DwsNetFilter              ( EsId =   38) CANNOT be installed! (0) 
2025-Apr-16 07:15:38.790695 [ 3412] [INF] [esupdate]  Product = DwsParentalControl        ( EsId =   54) CANNOT be installed! (0) 
2025-Apr-16 07:15:38.790703 [ 3412] [INF] [esupdate]  Product = ESAgentSetup              ( EsId =  502) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:38.790712 [ 3412] [INF] [esupdate]  Product = Firewall                  ( EsId =  105) CANNOT be installed! (0) 
2025-Apr-16 07:15:38.790720 [ 3412] [INF] [esupdate]  Product = NetFilterHttp             ( EsId =   38) CANNOT be installed! (0) 
2025-Apr-16 07:15:38.790727 [ 3412] [INF] [esupdate]  Product = NetFilterMail             ( EsId =   14) CANNOT be installed! (0) 
2025-Apr-16 07:15:38.790734 [ 3412] [INF] [esupdate]  Product = NetFilterParentalControl  ( EsId =   54) CANNOT be installed! (0) 
2025-Apr-16 07:15:38.790740 [ 3412] [INF] [esupdate]  Product = OutlookPlugin             ( EsId =  103) CANNOT be installed! (0) 
2025-Apr-16 07:15:38.790747 [ 3412] [INF] [esupdate]  Product = ScannerSE                 ( EsId =    4) MAY    be installed! (1) (installed)
2025-Apr-16 07:15:38.790754 [ 3412] [INF] [esupdate]  Product = SpamFilterOutlook         ( EsId =   55) CANNOT be installed! (0) 
2025-Apr-16 07:15:38.790761 [ 3412] [INF] [esupdate]  Product = SpamFilterSpiderMail      ( EsId =   55) CANNOT be installed! (0) 
2025-Apr-16 07:15:38.790768 [ 3412] [INF] [esupdate]  Product = SpiderG3Srv               ( EsId =   58) MAY    be installed! (1) (installed)
2025-Apr-16 07:15:38.790775 [ 3412] [INF] [esupdate]  Product = Updater                   ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:38.790785 [ 3412] [INF] [esupdate] nothing to change configuration
2025-Apr-16 07:15:39.280133 [ 3388] [ERR] [dws] protocol error = 1011; additional = ; syscode = 109; disconnect = 1
2025-Apr-16 07:15:39.280180 [ 3388] [WRN] [dws] Disconnected from Control Service Dr.Web
2025-Apr-16 07:15:39.280311 [ 3388] [INF] [manager] stop subsystem netsvc ...
2025-Apr-16 07:15:39.280322 [ 3388] [INF] [manager] stop subsystem reconnector ...
2025-Apr-16 07:15:39.280331 [ 3388] [INF] [reconnector] disconnected with av-service. Disconnecting from es-server
2025-Apr-16 07:15:39.280398 [ 3388] [INF] [manager] stop subsystem es_server_communication ...
2025-Apr-16 07:15:39.280428 [ 3388] [INF] [manager] stop subsystem devices ...
2025-Apr-16 07:15:39.280481 [ 3412] [TRC] [es-client] [TextProto/Client/C2S] Smart disconnect: process STOP command
2025-Apr-16 07:15:39.280512 [ 3388] [INF] [manager] stop subsystem MCastUpdates ...
2025-Apr-16 07:15:39.280524 [ 3388] [INF] [manager] stop subsystem quarantine ...
2025-Apr-16 07:15:39.281416 [ 3428] [INF] [es-client] [TextProto/Client/C2S] "ssl://10.0.0.69:2193/dead" disconnected
2025-Apr-16 07:15:39.281459 [ 3428] [INF] [es-client] [TextProto/Client/A2S/Session] "ssl://10.0.0.69:2193/dead" disconnected
2025-Apr-16 07:15:39.281568 [ 3428] [INF] [esloader] Disconnected from es server
2025-Apr-16 07:15:39.282777 [ 5984] [INF] [quarantine] Event channel ended with status 0
2025-Apr-16 07:15:39.282807 [ 5984] [INF] [quarantine] Event listener stopped
2025-Apr-16 07:15:39.283068 [ 3388] [INF] [manager] stop subsystem es_update ...
2025-Apr-16 07:15:39.283119 [ 3388] [INF] [manager] stop subsystem RepoCache ...
2025-Apr-16 07:15:39.283135 [ 3388] [INF] [manager] stop subsystem esloader ...
2025-Apr-16 07:15:39.283152 [ 3388] [INF] [manager] stop subsystem statistics ...
2025-Apr-16 07:15:39.283166 [ 3388] [INF] [manager] stop subsystem escanner ...
2025-Apr-16 07:15:39.283175 [ 3388] [INF] [manager] stop subsystem task-runner ...
2025-Apr-16 07:15:39.283326 [ 3388] [INF] [manager] stop subsystem Scheduler ...
2025-Apr-16 07:15:39.283362 [ 3388] [INF] [Scheduler] Enterprise scheduler stopped
2025-Apr-16 07:15:39.283370 [ 3388] [INF] [manager] stop subsystem NetScan ...
2025-Apr-16 07:15:39.283378 [ 3388] [INF] [manager] stop subsystem NAP ...
2025-Apr-16 07:15:39.283388 [ 3388] [INF] [manager] stop subsystem Mixed ...
2025-Apr-16 07:15:39.283404 [ 3388] [INF] [manager] stop subsystem VdbCache ...
2025-Apr-16 07:15:39.545371 [ 5944] [INF] [VdbCache] End subscribing for engine events: breaking
2025-Apr-16 07:15:39.545605 [ 3388] [INF] [manager] stop subsystem event-processor ...
2025-Apr-16 07:15:39.545641 [ 3388] [INF] [event-processor] stop
2025-Apr-16 07:15:39.545668 [ 3388] [INF] [manager] stop subsystem UserMon ...
2025-Apr-16 07:15:39.546011 [ 3388] [INF] [manager] stop subsystem components ...
2025-Apr-16 07:15:39.546041 [ 3388] [INF] [components] process paused state for all components
2025-Apr-16 07:15:39.546050 [ 3388] [INF] [event-processor] process_all_end
2025-Apr-16 07:15:39.552231 [ 3388] [INF] [event-processor] Accumulate event because of not connected to server (11 events pending)
2025-Apr-16 07:15:39.552258 [ 3388] [INF] [manager] stop subsystem plugins ...
2025-Apr-16 07:15:39.552266 [ 3388] [INF] [manager] stop subsystem environment ...
2025-Apr-16 07:15:39.552290 [ 3388] [INF] [manager] stop subsystem DbStorage ...
2025-Apr-16 07:15:39.552308 [ 3388] [INF] [manager] stop subsystem config ...
2025-Apr-16 07:15:40.545491 [ 3400] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:15:41.546327 [ 3400] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:15:42.546535 [ 3420] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:15:43.547029 [ 3424] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:15:43.547615 [ 3424] [INF] [dws] Connected to Control Service Dr.Web 12.12.34
2025-Apr-16 07:15:43.548743 [ 3424] [INF] [manager] start subsystem config ...
2025-Apr-16 07:15:43.550064 [ 3424] [ERR] [config] load parental config failed: System error; (device::open: The system cannot find the file specified. (2))
2025-Apr-16 07:15:43.550215 [ 3424] [INF] [config] Es default connection settings created
2025-Apr-16 07:15:43.550412 [ 3424] [INF] [manager] start subsystem DbStorage ...
2025-Apr-16 07:15:43.559283 [ 3424] [INF] [DbStorage] db path: C:\ProgramData\Doctor Web\Database
2025-Apr-16 07:15:43.559401 [ 3424] [INF] [DbStorage] Trying to initialize DB storage
2025-Apr-16 07:15:43.575682 [ 3424] [INF] [manager] start subsystem environment ...
2025-Apr-16 07:15:43.575691 [ 3420] [INF] [DbStorage] appctl_events_cleaner::clear_old_events async call unsuccessfull: Операция ввода/вывода была прервана из-за завершения потока команд или по запросу приложения
2025-Apr-16 07:15:43.575762 [ 3424] [INF] [manager] start subsystem plugins ...
2025-Apr-16 07:15:43.575821 [ 3424] [INF] [manager] start subsystem components ...
2025-Apr-16 07:15:43.577329 [ 3424] [INF] [manager] start subsystem UserMon ...
2025-Apr-16 07:15:43.577464 [ 3424] [ERR] [manager] start subsystem UserMon failed UserWatcher thread is already running
2025-Apr-16 07:15:43.577476 [ 3424] [INF] [manager] start subsystem event-processor ...
2025-Apr-16 07:15:43.577483 [ 3424] [INF] [event-processor] start
2025-Apr-16 07:15:43.578773 [ 3424] [INF] [event-processor] Starting event processor (11 events pending)
2025-Apr-16 07:15:43.578849 [ 3424] [INF] [event-processor] Accumulate events schedule is OFF('000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000')
2025-Apr-16 07:15:43.578870 [ 3424] [INF] [manager] start subsystem VdbCache ...
2025-Apr-16 07:15:43.578952 [ 3424] [INF] [manager] start subsystem Mixed ...
2025-Apr-16 07:15:43.578966 [ 3424] [INF] [manager] start subsystem NAP ...
2025-Apr-16 07:15:43.579002 [ 3424] [INF] [NAP] NAP set to 'yes'
2025-Apr-16 07:15:43.579041 [ 6156] [INF] [VdbCache] Subscribing for engine events...
2025-Apr-16 07:15:43.579051 [ 3424] [INF] [manager] start subsystem NetScan ...
2025-Apr-16 07:15:43.579098 [ 3424] [INF] [manager] start subsystem Scheduler ...
2025-Apr-16 07:15:43.579146 [ 3424] [INF] [manager] start subsystem task-runner ...
2025-Apr-16 07:15:43.579257 [ 3424] [INF] [manager] start subsystem escanner ...
2025-Apr-16 07:15:43.579413 [ 3424] [INF] [escanner] escanners table is empty
2025-Apr-16 07:15:43.579434 [ 3424] [INF] [manager] start subsystem statistics ...
2025-Apr-16 07:15:43.579989 [ 3424] [INF] [manager] start subsystem esloader ...
2025-Apr-16 07:15:43.580264 [ 3424] [INF] [manager] start subsystem RepoCache ...
2025-Apr-16 07:15:43.580282 [ 3424] [INF] [manager] start subsystem es_update ...
2025-Apr-16 07:15:43.580498 [ 1976] [INF] [NAP] nap_unregister: begins
2025-Apr-16 07:15:43.580853 [ 3424] [INF] [manager] start subsystem quarantine ...
2025-Apr-16 07:15:43.580905 [ 3400] [INF] [esupdate] Try load configuration...
2025-Apr-16 07:15:43.581168 [ 3424] [INF] [manager] start subsystem MCastUpdates ...
2025-Apr-16 07:15:43.581185 [ 2940] [INF] [quarantine] Event listener started
2025-Apr-16 07:15:43.581190 [ 3424] [INF] [manager] start subsystem devices ...
2025-Apr-16 07:15:43.581269 [ 3424] [INF] [manager] start subsystem es_server_communication ...
2025-Apr-16 07:15:43.581432 [ 3400] [INF] [esupdate] Configuration loaded successfully
2025-Apr-16 07:15:43.581531 [ 3424] [INF] [es_server_communication] switch off send geolocation
2025-Apr-16 07:15:43.581608 [ 3416] [INF] [esloader] Update products-revisions map
2025-Apr-16 07:15:43.581633 [ 3416] [INF] [esloader]  ESproduct = 10-drwbases; revision = 130'20250416035138
2025-Apr-16 07:15:43.581640 [ 3416] [INF] [esloader]  ESproduct = 20-drwagent; revision = 130'20250415102031
2025-Apr-16 07:15:43.581690 [ 3416] [INF] [esupdate] Load products.xml from C:/ProgramData/Doctor Web/Updater/repo/90\products.xml
2025-Apr-16 07:15:43.581826 [ 3424] [INF] [manager] start subsystem reconnector ...
2025-Apr-16 07:15:43.581886 [ 3424] [INF] [reconnector] Client bandwidth is unlimited
2025-Apr-16 07:15:43.584181 [ 3416] [INF] [esupdate] Products.xml contains 4 groups, 27 products, 42 components
2025-Apr-16 07:15:43.591383 [ 3424] [INF] [manager] start subsystem netsvc ...
2025-Apr-16 07:15:43.591403 [ 3416] [TRC] [es-client] [Discovery] Parse endpoints <10.0.0.69:2193>
2025-Apr-16 07:15:43.591434 [ 3416] [TRC] [es-client] [Discovery] Parse endpoint <10.0.0.69:2193>
2025-Apr-16 07:15:43.591888 [ 3400] [INF] [es-client] [TextProto/Client/A2S/Session] Connected to "tcp://10.0.0.69:2193"
2025-Apr-16 07:15:43.612510 [ 3416] [INF] [reconnector] server flavour is 'es'
2025-Apr-16 07:15:43.612544 [ 3416] [INF] [reconnector] ES connected to 10.0.0.69:2193 'connected successfully'
2025-Apr-16 07:15:43.613785 [ 3416] [INF] [reconnector] request settings for 4
2025-Apr-16 07:15:43.614050 [ 3416] [INF] [reconnector] request settings for 30
2025-Apr-16 07:15:43.614422 [ 3416] [INF] [reconnector] request settings for 57
2025-Apr-16 07:15:43.614586 [ 3416] [INF] [reconnector] request settings for 145
2025-Apr-16 07:15:43.614743 [ 3416] [INF] [reconnector] request settings for 154
2025-Apr-16 07:15:43.614826 [ 3416] [INF] [reconnector] request settings for 156
2025-Apr-16 07:15:43.614908 [ 3416] [INF] [reconnector] request settings for 159
2025-Apr-16 07:15:43.614989 [ 3416] [INF] [reconnector] request settings for 160
2025-Apr-16 07:15:43.615071 [ 3416] [INF] [reconnector] request settings for 161
2025-Apr-16 07:15:43.615088 [ 3416] [INF] [components] on_connected
2025-Apr-16 07:15:43.615111 [ 3416] [INF] [event-processor] Flush events on connect (11 events pending)
2025-Apr-16 07:15:43.615179 [ 3416] [INF] [reboot-manager] notify es of no restart required
2025-Apr-16 07:15:43.615694 [ 3416] [INF] [Scheduler] Need schedule cause connect
2025-Apr-16 07:15:43.615706 [ 3416] [INF] [Scheduler] Get schedule request
2025-Apr-16 07:15:43.616120 [ 3400] [INF] [components] Scanner (4) changed state to unknown
2025-Apr-16 07:15:43.616142 [ 3400] [INF] [components] AvService (30) changed state to started
2025-Apr-16 07:15:43.616147 [ 6644] [INF] [quarantine] Quarantine digest calculation started
2025-Apr-16 07:15:43.616271 [ 3416] [INF] [esloader] Connected to es server
2025-Apr-16 07:15:43.616383 [ 3416] [INF] [esloader] Update products-revisions map
2025-Apr-16 07:15:43.616396 [ 3416] [INF] [esloader]  ESproduct = 10-drwbases; revision = 130'20250416035138
2025-Apr-16 07:15:43.616403 [ 3416] [INF] [esloader]  ESproduct = 20-drwagent; revision = 130'20250415102031
2025-Apr-16 07:15:43.616478 [ 3416] [INF] [esloader] Sending ANF_STATE to server ...
2025-Apr-16 07:15:43.617081 [ 3416] [INF] [esloader]  EsProduct = 10-drwbases ; revision = 13020250416035138; state = S; force_update = no
2025-Apr-16 07:15:43.617102 [ 3416] [INF] [esloader]  EsProduct = 20-drwagent ; revision = 13020250415102031; state = S; force_update = no
2025-Apr-16 07:15:43.619023 [ 6644] [INF] [quarantine] Quarantine digest sent
2025-Apr-16 07:15:43.619041 [ 6644] [INF] [quarantine] Quarantine digest calculation finished
2025-Apr-16 07:15:43.619965 [ 3408] [INF] [reconnector] New Rights
2025-Apr-16 07:15:43.626716 [ 3428] [INF] [config] Rewrite es default connection settings
2025-Apr-16 07:15:43.628224 [ 3408] [WRN] [es-config] ignore unknown setting WithoutPubkey with value 0;
2025-Apr-16 07:15:43.628250 [ 3408] [WRN] [es-config] ignore unknown setting WrongPubkey with value 0;
2025-Apr-16 07:15:43.629063 [ 3408] [INF] [config] Rewrite es default connection settings
2025-Apr-16 07:15:43.630752 [ 3408] [TRC] [es-client] [TextProto/Client/A2S] Parameter "UsersEnable" for component #30 not found
2025-Apr-16 07:15:43.630781 [ 3408] [TRC] [es-client] [TextProto/Client/A2S] Parameter "UsersPeriod" for component #30 not found
2025-Apr-16 07:15:43.636243 [ 3408] [INF] [esupdate] Recieve new policies.
2025-Apr-16 07:15:43.636291 [ 3424] [INF] [esupdate] Processing policies.
2025-Apr-16 07:15:43.636609 [ 3424] [INF] [esupdate] Run changing policies (change composition of components)
2025-Apr-16 07:15:43.636844 [ 3424] [INF] [esupdate] Product = Bases                     Revision = 20250416035138
2025-Apr-16 07:15:43.636859 [ 3424] [INF] [esupdate] Product = DrWebAgent                Revision = 20250415102031
2025-Apr-16 07:15:43.636865 [ 3424] [INF] [esupdate] Product = DrWebEsAgent              Revision = 20250415102031
2025-Apr-16 07:15:43.636871 [ 3424] [INF] [esupdate] Product = DrwBase                   Revision = 20250416035138
2025-Apr-16 07:15:43.636876 [ 3424] [INF] [esupdate] Product = ESAgentSetup              Revision = 20250415102031
2025-Apr-16 07:15:43.636882 [ 3424] [INF] [esupdate] Product = ScannerSE                 Revision = 20250415102031
2025-Apr-16 07:15:43.636888 [ 3424] [INF] [esupdate] Product = SpiderG3Srv               Revision = 20250415102031
2025-Apr-16 07:15:43.636893 [ 3424] [INF] [esupdate] Product = Updater                   Revision = 20250415102031
2025-Apr-16 07:15:43.637113 [ 3424] [INF] [esupdate] mesh mode is disable
2025-Apr-16 07:15:43.637144 [ 3424] [INF] [esupdate] new product (es) policies
2025-Apr-16 07:15:43.637159 [ 3424] [INF] [esupdate]  Product = AVDAgentSetup             ( EsId =  503) CANNOT be installed! (0) (not suitable type)
2025-Apr-16 07:15:43.637176 [ 3424] [INF] [esupdate]  Product = Bases                     ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:43.637190 [ 3424] [INF] [esupdate]  Product = DrWebAgent                ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:43.637204 [ 3424] [INF] [esupdate]  Product = DrWebAvdAgent             ( EsId =   30) CANNOT be installed! (0) (not suitable type)
2025-Apr-16 07:15:43.637218 [ 3424] [INF] [esupdate]  Product = DrWebEsAgent              ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:43.637236 [ 3424] [INF] [esupdate]  Product = DrWebEsAgentIndustrial    ( EsId =   30) CANNOT be installed! (0) (not suitable for not industrial)
2025-Apr-16 07:15:43.637252 [ 3424] [INF] [esupdate]  Product = DrwBase                   ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:43.637267 [ 3424] [INF] [esupdate]  Product = DwsNetFilter              ( EsId =   38) CANNOT be installed! (0) 
2025-Apr-16 07:15:43.637278 [ 3424] [INF] [esupdate]  Product = DwsParentalControl        ( EsId =   54) CANNOT be installed! (0) 
2025-Apr-16 07:15:43.637289 [ 3424] [INF] [esupdate]  Product = ESAgentSetup              ( EsId =  502) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:43.637301 [ 3424] [INF] [esupdate]  Product = Firewall                  ( EsId =  105) CANNOT be installed! (0) 
2025-Apr-16 07:15:43.637313 [ 3424] [INF] [esupdate]  Product = NetFilterHttp             ( EsId =   38) CANNOT be installed! (0) 
2025-Apr-16 07:15:43.637323 [ 3424] [INF] [esupdate]  Product = NetFilterMail             ( EsId =   14) CANNOT be installed! (0) 
2025-Apr-16 07:15:43.637333 [ 3424] [INF] [esupdate]  Product = NetFilterParentalControl  ( EsId =   54) CANNOT be installed! (0) 
2025-Apr-16 07:15:43.637342 [ 3424] [INF] [esupdate]  Product = OutlookPlugin             ( EsId =  103) CANNOT be installed! (0) 
2025-Apr-16 07:15:43.637352 [ 3424] [INF] [esupdate]  Product = ScannerSE                 ( EsId =    4) MAY    be installed! (1) (installed)
2025-Apr-16 07:15:43.637362 [ 3424] [INF] [esupdate]  Product = SpamFilterOutlook         ( EsId =   55) CANNOT be installed! (0) 
2025-Apr-16 07:15:43.637372 [ 3424] [INF] [esupdate]  Product = SpamFilterSpiderMail      ( EsId =   55) CANNOT be installed! (0) 
2025-Apr-16 07:15:43.637382 [ 3424] [INF] [esupdate]  Product = SpiderG3Srv               ( EsId =   58) MAY    be installed! (1) (installed)
2025-Apr-16 07:15:43.637393 [ 3424] [INF] [esupdate]  Product = Updater                   ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:15:43.637406 [ 3424] [INF] [esupdate] nothing to change configuration
2025-Apr-16 07:15:43.637448 [ 3424] [INF] [esupdate] Run changing policies for proxy
2025-Apr-16 07:15:43.642067 [ 3416] [INF] [config] Rewrite es default connection settings
2025-Apr-16 07:15:43.646962 [ 3420] [TRC] [es-client] [TextProto/Client/A2S] Parameter "UsersEnable" for component #30 not found
2025-Apr-16 07:15:43.647147 [ 3420] [TRC] [es-client] [TextProto/Client/A2S] Parameter "UsersPeriod" for component #30 not found
2025-Apr-16 07:15:43.656940 [ 3428] [WRN] [es-config] ignore unknown setting WithoutPubkey with value 0;
2025-Apr-16 07:15:43.656971 [ 3428] [WRN] [es-config] ignore unknown setting WrongPubkey with value 0;
2025-Apr-16 07:15:43.657812 [ 3428] [INF] [config] Rewrite es default connection settings
2025-Apr-16 07:15:43.689801 [ 3424] [INF] [Scheduler] SCHEDULE: 14 Action Class 22060576-e20a-477a-adee-12b3e6e28ef2 0 escan_job_t 0 Action Name 22060576-e20a-477a-adee-12b3e6e28ef2 0 Daily%Sscan 0 Action ScanMode 22060576-e20a-477a-adee-12b3e6e28ef2 0 ScanStartups%S1%SActionJokes%S2%SActionInfectedMail%S2%SMaxSizeToExtract%S524288%SRatioCheckThreshold%S1024%SScanNonet%S0%SScanIdle%S2%SActionDialers%S2%SActionInfectedBoot%S0%SScanHeuristic%S1%SActionHacktools%S2%SScanRootkit%S1%SActionAdware%S2%SActionInfectedContainer%S2%SScanRemovable%S0%SActionRiskware%S2%SIncurableFiles%S2%SActionInfectedArchive%S2%SMaxArchSize%S0%SScanShutdown%S0%SScanInteractive%S0%SScanMemory%S1%SInfectedFiles%S1%SCheckContainer%S1%SAutoAction%S0%SFollowSymbolicLinks%S0%SRebootMode%S0%SPauseOnBattery%S0%SCheckArchives%S1%SMaxArchLevel%S16%SMaxTimeMills%S0%SCheckEMailFiles%S1%SScanBoot%S1%SMaxCompressionRatio%S1000%SScanPriority%S50%SScanFixed%S1%SSuspiciousFiles%S2 0 Action ScanType 22060576-e20a-477a-adee-12b3e6e28ef2 0 full 0 Job State 22060576-e20a-477a-adee-12b3e6e28ef2 1 %Z 0 Time Class 22060576-e20a-477a-adee-12b3e6e28ef2 0 daily_job_t 0 Time Hour 22060576-e20a-477a-adee-12b3e6e28ef2 1 %Z 16 Time Minute 22060576-e20a-477a-adee-12b3e6e28ef2 1 %Z 0 Action Class bafcf604-40de-44c0-b7a5-858e1c947c2e 0 escan_job_t 0 Action Name bafcf604-40de-44c0-b7a5-858e1c947c2e 0 StartupScan 0 Action ScanMode bafcf604-40de-44c0-b7a5-858e1c947c2e 0 ScanStartups%S1%SActionJokes%S4%SActionInfectedMail%S2%SMaxSizeToExtract%S524288%SRatioCheckThreshold%S1024%SScanNonet%S0%SScanIdle%S2%SActionDialers%S4%SActionInfectedBoot%S1%SScanHeuristic%S1%SActionHacktools%S4%SScanRootkit%S1%SActionAdware%S4%SActionInfectedContainer%S4%SScanRemovable%S0%SActionRiskware%S4%SMaxTimeMills%S0%SActionInfectedArchive%S4%SMaxArchSize%S0%SScanShutdown%S0%SScanInteractive%S0%SScanMemory%S1%SMaxCompressionRatio%S1000%SCheckContainer%S1%SScanPriority%S50%SAutoAction%S0%SRebootMode%S0%SFollowSymbolicLinks%S0%SCheckArchives%S0%SMaxArchLevel%S16%SIncurableFiles%S4%SCheckEMailFiles%S0%SInfectedFiles%S1%SScanBoot%S1%SPauseOnBattery%S0%SScanFixed%S0%SSuspiciousFiles%S4 0 Action ScanType bafcf604-40de-44c0-b7a5-858e1c947c2e 0 fast 0 Job State bafcf604-40de-44c0-b7a5-858e1c947c2e 1 %Z 0 Time Class bafcf604-40de-44c0-b7a5-858e1c947c2e 0 at_start_job_t 0
2025-Apr-16 07:15:44.087698 [ 3400] [INF] [components] EScanner (37) changed state to unknown
2025-Apr-16 07:15:44.087822 [ 3400] [INF] [components] SpIDerGuardG3 (58) changed state to started
2025-Apr-16 07:15:44.088475 [ 3400] [INF] [components] DwProt (124) changed state to started
2025-Apr-16 07:15:44.089231 [ 3400] [INF] [components] PreventiveProtection (144) changed state to started
2025-Apr-16 07:15:44.089433 [ 3400] [INF] [components] Appcontrol (154) changed state to started
2025-Apr-16 07:15:44.090096 [ 3400] [INF] [components] MeshClient (156) changed state to paused
2025-Apr-16 07:15:44.090705 [ 3400] [INF] [components] RansomwareProtection (159) changed state to started
2025-Apr-16 07:15:44.092689 [ 3400] [INF] [components] BehaviorAnalysis (160) changed state to started
2025-Apr-16 07:15:44.093543 [ 3400] [INF] [components] ExploitPrevention (161) changed state to started
2025-Apr-16 07:15:44.094339 [ 3400] [INF] [components] process installed components
2025-Apr-16 07:15:44.095030 [ 3400] [INF] [components] comp: Scanner, date: 20250313173357000(1741887237)
2025-Apr-16 07:15:44.095895 [ 3400] [INF] [components] comp: AvService, date: 20250313172906000(1741886946)
2025-Apr-16 07:15:44.096295 [ 3400] [INF] [components] comp: EScanner, date: 20250313172906000
2025-Apr-16 07:15:44.096661 [ 3400] [INF] [components] comp: Appcontrol, date: 20250313172906000
2025-Apr-16 07:15:44.097038 [ 3400] [INF] [components] comp: MeshClient, date: 20250313172906000
2025-Apr-16 07:15:44.101809 [ 3400] [INF] [components] comp: SpIDerGuardG3, date: 20250313173358000(1741887238)
2025-Apr-16 07:15:44.105891 [ 3400] [INF] [components] comp: DwProt, date: 20250313172908000(1741886948)
2025-Apr-16 07:15:44.106370 [ 3400] [INF] [components] comp: PreventiveProtection, date: 20250313172906000(1741886946). Skip sending to unsupported server.
2025-Apr-16 07:15:44.106386 [ 3400] [INF] [components] comp: PreventiveProtection, date: 20250313172906000(1741886946)
2025-Apr-16 07:15:44.107029 [ 3400] [INF] [components] comp: PreventiveProtection, date: 20250313172906000(1741886946)
2025-Apr-16 07:15:44.107401 [ 3400] [INF] [components] comp: PreventiveProtection, date: 20250313172906000(1741886946)
2025-Apr-16 07:15:52.558301 [ 3424] [INF] [components] process installed components
2025-Apr-16 07:15:52.559145 [ 3424] [INF] [components] comp: Scanner, date: 20250313173357000(1741887237)
2025-Apr-16 07:15:52.559664 [ 3424] [INF] [components] comp: AvService, date: 20250313172906000(1741886946)
2025-Apr-16 07:15:52.560059 [ 3424] [INF] [components] comp: EScanner, date: 20250313172906000
2025-Apr-16 07:15:52.560429 [ 3424] [INF] [components] comp: Appcontrol, date: 20250313172906000
2025-Apr-16 07:15:52.560781 [ 3424] [INF] [components] comp: MeshClient, date: 20250313172906000
2025-Apr-16 07:15:52.565941 [ 3424] [INF] [components] comp: SpIDerGuardG3, date: 20250313173358000(1741887238)
2025-Apr-16 07:15:52.570699 [ 3424] [INF] [components] comp: DwProt, date: 20250313172908000(1741886948)
2025-Apr-16 07:15:52.571316 [ 3424] [INF] [components] comp: PreventiveProtection, date: 20250313172906000(1741886946). Skip sending to unsupported server.
2025-Apr-16 07:15:52.571335 [ 3424] [INF] [components] comp: PreventiveProtection, date: 20250313172906000(1741886946)
2025-Apr-16 07:15:52.571718 [ 3424] [INF] [components] comp: PreventiveProtection, date: 20250313172906000(1741886946)
2025-Apr-16 07:15:52.572080 [ 3424] [INF] [components] comp: PreventiveProtection, date: 20250313172906000(1741886946)
2025-Apr-16 07:16:43.598051 [ 3416] [INF] [Scheduler] Restart enterprise scheduler
2025-Apr-16 07:16:43.599282 [ 3416] [INF] [Scheduler] Skipping disabled job with id 22060576-e20a-477a-adee-12b3e6e28ef2
2025-Apr-16 07:16:43.599477 [ 3416] [INF] [Scheduler] Skipping disabled job with id bafcf604-40de-44c0-b7a5-858e1c947c2e
2025-Apr-16 07:16:43.599751 [ 3416] [INF] [Scheduler] starting scheduler, now: 2025-Apr-16 07:16:43
2025-Apr-16 09:42:11.041363 [ 3424] [TRC] [es-client] [TextProto/Client/C2S] Smart disconnect: process STOP command
2025-Apr-16 09:42:11.053066 [ 3424] [INF] [es-client] [TextProto/Client/C2S] "ssl://10.0.0.69:2193/dead" disconnected
2025-Apr-16 09:42:11.053126 [ 3424] [INF] [es-client] [TextProto/Client/A2S/Session] "ssl://10.0.0.69:2193/dead" disconnected
2025-Apr-16 09:42:11.053278 [ 3424] [INF] [esloader] Disconnected from es server
2025-Apr-16 09:42:11.053292 [ 3424] [INF] [reconnector] ES disconnected
2025-Apr-16 09:42:11.053848 [ 3424] [INF] [reconnector] retry ... 147 seconds
2025-Apr-16 09:42:45.068827 [ 3412] [INF] [event-processor] Accumulate event because of not connected to server (0 events pending)
2025-Apr-16 09:43:45.081562 [ 3424] [INF] [event-processor] Accumulate event because of not connected to server (0 events pending)
2025-Apr-16 09:44:38.073215 [ 3424] [TRC] [es-client] [TextProto/Client/A2S/Session] ssl://10.0.0.69:2193/dead: resurrect previous connection
2025-Apr-16 09:44:45.094252 [ 3424] [INF] [event-processor] Accumulate event because of not connected to server (0 events pending)
2025-Apr-16 09:44:59.112211 [ 3412] [ERR] [es-client] [Transport] unconnected: unable to connect to '10.0.0.69:2193' because of 
 

#6 Afalin

Afalin

    Guru

  • Dr.Web Staff
  • 6 028 Сообщений:

Отправлено 16 Апрель 2025 - 17:24

Это лог с ещё одной станции

А вот интересно. Это одна такая станция, которая сразу после апдейта перестала подключаться, или остальные тоже после апдейта?


Семь раз отрежь – один раз проверь

#7 Afalin

Afalin

    Guru

  • Dr.Web Staff
  • 6 028 Сообщений:

Отправлено 16 Апрель 2025 - 17:27

На одном из компьютеров пробовал переустановить агента - удалил его, убрал его с антивирусного сервера. Переустанавливаю на компьютер и он не может соединиться с антивирусным сервером.

Ну и тут интересно тоже. Между удалением и установкой соединение устанавливалось, а после установки перестало?

Если да – я б предложил поэкспериментировать с неустановкой компонентов: оф.контроль+гейт+мейл (прям все сразу) и/или фаер.


Семь раз отрежь – один раз проверь

#8 Dmitry_rus

Dmitry_rus

    Guru

  • Helpers
  • 3 675 Сообщений:

Отправлено 16 Апрель 2025 - 17:51

Переустанавливаю на компьютер и он не может соединиться
Переустанавливали каким образом - с помощью сетевого (drwinst) или полного инсталлятора? Сетевой предполагает поиск (или явное указание) ES-сервера в сети и подкачку необходимых компонентов с него (значит, на этапе установки с соединением все было ок), полный же может обойтись без коннекта к ES-серверу.

#9 VVS

VVS

    The Master

  • Moderators
  • 19 801 Сообщений:

Отправлено 16 Апрель 2025 - 17:55

IMHO дискуссия пошла куда-то не в том направлении.

Существенно следующее: "с каких то станций при вводе команды telnet 10.0.0.69 2193 получается подключиться к серверу, а на каких-то станция подключение не происходит"...

 

PS

Не помню, отключается ли виндовый фаер при установке доктора, но его настройки я бы проверил.


Сообщение было изменено VVS: 16 Апрель 2025 - 18:42

меня вот что возмутило.  что даже не начинают толком диалог сразу дампы...... © alehas777
--------------------------------
Антивирус это как ремень безопасности - всего лишь увеличивает шансы выжить или получить менее тяжкую травму при аварии.
Есть, однако, категория людей, которые рассматривают средства безопасности как ауру неуязвимости. © basid

#10 VladimirN

VladimirN

    Member

  • Posters
  • 141 Сообщений:

Отправлено 17 Апрель 2025 - 09:42

 

 

А вот интересно. Это одна такая станция, которая сразу после апдейта перестала подключаться, или остальные тоже после апдейта?

 

 
Если я правильно понял из логов остальных станций, то это единичный случай. 
 

Ну и тут интересно тоже. Между удалением и установкой соединение устанавливалось, а после установки перестало?

 

 

На эту станция ставился только Guard и более ничего. Через какое-то время станция смогла подключиться к серверу, какие-то дополнительные действия на ней не делал.
 
 

Переустанавливали каким образом - с помощью сетевого (drwinst) или полного инсталлятора? Сетевой предполагает поиск (или явное указание) ES-сервера в сети и подкачку необходимых компонентов с него (значит, на этапе установки с соединением все было ок), полный же может обойтись без коннекта к ES-серверу.

 
С помощью сетевого инсталлятора через cmd файл с содержимым: 
 
drwinst.exe /regagent yes /includeFeatures scanner,spider-g3 /excludeFeatures spider-mail,outlook-plugin,firewall,spider-gate,parental-control,antispam-outlook,antispam-spidermail /server 10.0.0.69:2193
 
На моменте загрузки файлов проблемы не было, а затем уже появилась ошибка подключения к серверу
 
 
 
На данный момент бОльшая часть станции после перезагрузки смогли подключиться к антивирусному серверу, логи одной из тех что не могут:
 
...
2025-Apr-16 07:15:29.178023 [ 2728] [INF] [esloader] start downloading products: 10-drwbases; 20-drwagent; 
2025-Apr-16 07:15:29.179601 [ 2744] [INF] [esloader] Product: 10-drwbases. Current revision = 130'20250415040930. New revision = 130'20250416035138.
2025-Apr-16 07:15:29.182043 [ 2744] [INF] [esloader] Product: 20-drwagent. Current revision = 130'20250403114722. New revision = 130'20250415102031.
2025-Apr-16 07:15:29.310948 [ 2728] [INF] [esloader] Will be loaded 8 file(s) ( 1501056 byte(s) ) for product 10-drwbases
2025-Apr-16 07:15:29.310975 [ 2728] [INF] [esloader] Sending ARQ_UPDATE to server ...
2025-Apr-16 07:15:29.378635 [ 2728] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/revision.xml downloaded!
2025-Apr-16 07:15:29.411924 [ 2728] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/vdb-revision.xml downloaded!
2025-Apr-16 07:15:29.554772 [ 2740] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/drwdaily.vdb.lzma downloaded!
2025-Apr-16 07:15:29.652933 [ 2740] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/drwtoday.vdb.lzma downloaded!
2025-Apr-16 07:15:29.704215 [ 2716] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/dwm11052.vdb.lzma downloaded!
2025-Apr-16 07:15:29.737291 [ 2720] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/dwmtoday.vdb.lzma downloaded!
2025-Apr-16 07:15:29.825040 [ 2744] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/dwntoday.vdb.lzma downloaded!
2025-Apr-16 07:15:29.874414 [ 2728] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/av-engine/9/common/dwrtoday.vdb.lzma downloaded!
2025-Apr-16 07:15:29.874478 [ 2728] [INF] [esloader] Download complete for Product = 10-drwbases. Revision = 130'20250416035138. Downloaded Size = 1501056
2025-Apr-16 07:15:35.282334 [ 2744] [INF] [esloader] Will be loaded 4 file(s) ( 1992959 byte(s) ) for product 20-drwagent
2025-Apr-16 07:15:35.296276 [ 2744] [INF] [esloader] Sending ARQ_UPDATE to server ...
2025-Apr-16 07:15:35.334786 [ 2740] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/arkapi/9/revision.xml downloaded!
2025-Apr-16 07:15:35.584941 [ 2744] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/arkapi/9/x64/win/nt/common/dwarkapi.dll.lzma downloaded!
2025-Apr-16 07:15:35.634356 [ 2736] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/90/comps-revision.xml downloaded!
2025-Apr-16 07:15:35.669205 [ 2736] [INF] [esloader] [writer] File C:/ProgramData/Doctor Web/Updater/TempES/versions.xml downloaded!
2025-Apr-16 07:15:35.669264 [ 2736] [INF] [esloader] Download complete for Product = 20-drwagent. Revision = 130'20250415102031. Downloaded Size = 1992959
2025-Apr-16 07:15:35.669291 [ 2716] [INF] [esloader] All files downloaded
2025-Apr-16 07:15:37.468520 [ 2716] [INF] [updater] Updater started: stage 'Updating Products' (1/2)
2025-Apr-16 07:16:50.574727 [ 3632] [INF] [VdbCache] Dr.Web Engine virus bases has been reloaded
2025-Apr-16 07:17:00.154487 [ 2728] [INF] [updater] Updater stage 'Updating Products' completed successfully, ret = 0, err = 0
2025-Apr-16 07:17:46.135326 [ 2728] [INF] [updater] Updater stage 'Postupdating' completed successfully, ret = 0, err = 0
2025-Apr-16 07:17:46.136794 [ 2724] [INF] [esupdate] Reload updater configuration
2025-Apr-16 07:17:46.137146 [ 2724] [INF] [esupdate] Load products.xml from C:/ProgramData/Doctor Web/Updater/repo/90\products.xml
2025-Apr-16 07:17:46.180604 [ 2724] [INF] [esupdate] Products.xml contains 4 groups, 27 products, 42 components
2025-Apr-16 07:17:46.784174 [ 2724] [INF] [esloader] Update products-revisions map
2025-Apr-16 07:17:46.784210 [ 2724] [INF] [esloader]  ESproduct = 10-drwbases; revision = 130'20250416035138
2025-Apr-16 07:17:46.784222 [ 2724] [INF] [esloader]  ESproduct = 20-drwagent; revision = 130'20250415102031
2025-Apr-16 07:17:46.784394 [ 2724] [INF] [esloader] Sending ANF_STATE to server ...
2025-Apr-16 07:17:46.784614 [ 2740] [INF] [esupdate] Updating repo info ...
2025-Apr-16 07:17:46.785424 [ 2724] [INF] [esloader]  EsProduct = 10-drwbases ; revision = 13020250416035138; state = S; force_update = no
2025-Apr-16 07:17:46.785450 [ 2724] [INF] [esloader]  EsProduct = 20-drwagent ; revision = 13020250415102031; state = S; force_update = no
2025-Apr-16 07:17:46.822543 [ 2724] [INF] [esupdate] Run delayed change policies.
2025-Apr-16 07:17:46.822603 [ 2744] [INF] [esupdate] Processing policies.
2025-Apr-16 07:17:46.822962 [ 2744] [INF] [esupdate] Run changing policies (change composition of components)
2025-Apr-16 07:17:46.823131 [ 2744] [INF] [esupdate] Product = Bases                     Revision = 20250416035138
2025-Apr-16 07:17:46.823142 [ 2744] [INF] [esupdate] Product = DrWebAgent                Revision = 20250415102031
2025-Apr-16 07:17:46.823149 [ 2744] [INF] [esupdate] Product = DrWebEsAgent              Revision = 20250415102031
2025-Apr-16 07:17:46.823160 [ 2744] [INF] [esupdate] Product = DrwBase                   Revision = 20250416035138
2025-Apr-16 07:17:46.823168 [ 2744] [INF] [esupdate] Product = ESAgentSetup              Revision = 20250415102031
2025-Apr-16 07:17:46.823174 [ 2744] [INF] [esupdate] Product = ScannerSE                 Revision = 20250415102031
2025-Apr-16 07:17:46.823182 [ 2744] [INF] [esupdate] Product = SpiderG3Srv               Revision = 20250415102031
2025-Apr-16 07:17:46.823189 [ 2744] [INF] [esupdate] Product = Updater                   Revision = 20250415102031
2025-Apr-16 07:17:46.823200 [ 2744] [INF] [esupdate] new product (es) policies
2025-Apr-16 07:17:46.823213 [ 2744] [INF] [esupdate]  Product = AVDAgentSetup             ( EsId =  503) CANNOT be installed! (0) (not suitable type)
2025-Apr-16 07:17:46.823229 [ 2744] [INF] [esupdate]  Product = Bases                     ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:17:46.823240 [ 2744] [INF] [esupdate]  Product = DrWebAgent                ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:17:46.823249 [ 2744] [INF] [esupdate]  Product = DrWebAvdAgent             ( EsId =   30) CANNOT be installed! (0) (not suitable type)
2025-Apr-16 07:17:46.823265 [ 2744] [INF] [esupdate]  Product = DrWebEsAgent              ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:17:46.823276 [ 2744] [INF] [esupdate]  Product = DrWebEsAgentIndustrial    ( EsId =   30) CANNOT be installed! (0) (not suitable for not industrial)
2025-Apr-16 07:17:46.823286 [ 2744] [INF] [esupdate]  Product = DrwBase                   ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:17:46.823298 [ 2744] [INF] [esupdate]  Product = DwsNetFilter              ( EsId =   38) CANNOT be installed! (0) 
2025-Apr-16 07:17:46.823306 [ 2744] [INF] [esupdate]  Product = DwsParentalControl        ( EsId =   54) CANNOT be installed! (0) 
2025-Apr-16 07:17:46.823318 [ 2744] [INF] [esupdate]  Product = ESAgentSetup              ( EsId =  502) MUST   be installed! (2) (installed)
2025-Apr-16 07:17:46.823330 [ 2744] [INF] [esupdate]  Product = Firewall                  ( EsId =  105) CANNOT be installed! (0) 
2025-Apr-16 07:17:46.823341 [ 2744] [INF] [esupdate]  Product = NetFilterHttp             ( EsId =   38) CANNOT be installed! (0) 
2025-Apr-16 07:17:46.823352 [ 2744] [INF] [esupdate]  Product = NetFilterMail             ( EsId =   14) CANNOT be installed! (0) 
2025-Apr-16 07:17:46.823362 [ 2744] [INF] [esupdate]  Product = NetFilterParentalControl  ( EsId =   54) CANNOT be installed! (0) 
2025-Apr-16 07:17:46.823374 [ 2744] [INF] [esupdate]  Product = OutlookPlugin             ( EsId =  103) CANNOT be installed! (0) 
2025-Apr-16 07:17:46.823383 [ 2744] [INF] [esupdate]  Product = ScannerSE                 ( EsId =    4) MAY    be installed! (1) (installed)
2025-Apr-16 07:17:46.823391 [ 2744] [INF] [esupdate]  Product = SpamFilterOutlook         ( EsId =   55) CANNOT be installed! (0) 
2025-Apr-16 07:17:46.823402 [ 2744] [INF] [esupdate]  Product = SpamFilterSpiderMail      ( EsId =   55) CANNOT be installed! (0) 
2025-Apr-16 07:17:46.823414 [ 2744] [INF] [esupdate]  Product = SpiderG3Srv               ( EsId =   58) MAY    be installed! (1) (installed)
2025-Apr-16 07:17:46.823424 [ 2744] [INF] [esupdate]  Product = Updater                   ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:17:46.823438 [ 2744] [INF] [esupdate] nothing to change configuration
2025-Apr-16 07:17:47.300376 [ 2712] [ERR] [dws] protocol error = 1011; additional = ; syscode = 109; disconnect = 1
2025-Apr-16 07:17:47.300404 [ 2712] [WRN] [dws] Disconnected from Control Service Dr.Web
2025-Apr-16 07:17:47.300495 [ 2712] [INF] [manager] stop subsystem netsvc ...
2025-Apr-16 07:17:47.300506 [ 2712] [INF] [manager] stop subsystem reconnector ...
2025-Apr-16 07:17:47.300513 [ 2712] [INF] [reconnector] disconnected with av-service. Disconnecting from es-server
2025-Apr-16 07:17:47.300555 [ 2712] [INF] [manager] stop subsystem es_server_communication ...
2025-Apr-16 07:17:47.300578 [ 2712] [INF] [manager] stop subsystem devices ...
2025-Apr-16 07:17:47.300595 [ 2744] [TRC] [es-client] [TextProto/Client/C2S] Smart disconnect: process STOP command
2025-Apr-16 07:17:47.300625 [ 2712] [INF] [manager] stop subsystem MCastUpdates ...
2025-Apr-16 07:17:47.300635 [ 2712] [INF] [manager] stop subsystem quarantine ...
2025-Apr-16 07:17:47.301422 [ 2724] [INF] [es-client] [TextProto/Client/C2S] "ssl://10.0.0.69:2193/dead" disconnected
2025-Apr-16 07:17:47.301459 [ 2724] [INF] [es-client] [TextProto/Client/A2S/Session] "ssl://10.0.0.69:2193/dead" disconnected
2025-Apr-16 07:17:47.301647 [ 2724] [INF] [esloader] Disconnected from es server
2025-Apr-16 07:17:47.302285 [ 3504] [INF] [quarantine] Event channel ended with status 0
2025-Apr-16 07:17:47.302305 [ 3504] [INF] [quarantine] Event listener stopped
2025-Apr-16 07:17:47.302498 [ 2712] [INF] [manager] stop subsystem es_update ...
2025-Apr-16 07:17:47.302544 [ 2712] [INF] [manager] stop subsystem RepoCache ...
2025-Apr-16 07:17:47.302560 [ 2712] [INF] [manager] stop subsystem esloader ...
2025-Apr-16 07:17:47.302577 [ 2712] [INF] [manager] stop subsystem statistics ...
2025-Apr-16 07:17:47.302596 [ 2712] [INF] [manager] stop subsystem escanner ...
2025-Apr-16 07:17:47.302612 [ 2712] [INF] [manager] stop subsystem task-runner ...
2025-Apr-16 07:17:47.302688 [ 2712] [INF] [manager] stop subsystem Scheduler ...
2025-Apr-16 07:17:47.302709 [ 2712] [INF] [Scheduler] Enterprise scheduler stopped
2025-Apr-16 07:17:47.302717 [ 2712] [INF] [manager] stop subsystem NetScan ...
2025-Apr-16 07:17:47.302726 [ 2712] [INF] [manager] stop subsystem NAP ...
2025-Apr-16 07:17:47.302735 [ 2712] [INF] [manager] stop subsystem Mixed ...
2025-Apr-16 07:17:47.302750 [ 2712] [INF] [manager] stop subsystem VdbCache ...
2025-Apr-16 07:17:47.328727 [ 2740] [INF] [esupdate] Repo info updated successfully: 13 add(update) files, 0 remove files.
2025-Apr-16 07:17:49.931624 [ 3632] [INF] [VdbCache] End subscribing for engine events: breaking
2025-Apr-16 07:17:49.931810 [ 2712] [INF] [manager] stop subsystem event-processor ...
2025-Apr-16 07:17:49.931831 [ 2712] [INF] [event-processor] stop
2025-Apr-16 07:17:49.931855 [ 2712] [INF] [manager] stop subsystem UserMon ...
2025-Apr-16 07:17:49.948421 [ 2712] [INF] [manager] stop subsystem components ...
2025-Apr-16 07:17:49.948495 [ 2712] [INF] [components] process paused state for all components
2025-Apr-16 07:17:49.948517 [ 2712] [INF] [event-processor] process_all_end
2025-Apr-16 07:17:49.955650 [ 2712] [INF] [event-processor] Accumulate event because of not connected to server (11 events pending)
2025-Apr-16 07:17:49.955674 [ 2712] [INF] [manager] stop subsystem plugins ...
2025-Apr-16 07:17:49.955682 [ 2712] [INF] [manager] stop subsystem environment ...
2025-Apr-16 07:17:49.955698 [ 2712] [INF] [manager] stop subsystem DbStorage ...
2025-Apr-16 07:17:49.955705 [ 2712] [INF] [manager] stop subsystem config ...
2025-Apr-16 07:17:50.950626 [ 2740] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:17:51.954321 [ 2744] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:17:52.954591 [ 2740] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:17:53.959646 [ 2744] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:17:54.963885 [ 2740] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:17:55.967693 [ 2744] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:17:56.975628 [ 2740] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:17:57.977687 [ 2744] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:17:58.991943 [ 2740] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:18:00.001968 [ 2744] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:18:00.002106 [ 2744] [ERR] [dws] Connect to control dwservice [10] exception: System error; (Unable to open pipe.)
2025-Apr-16 07:18:01.004954 [ 2740] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-16 07:18:01.005763 [ 2740] [INF] [dws] Connected to Control Service Dr.Web 12.12.34
2025-Apr-16 07:18:01.006883 [ 2740] [INF] [manager] start subsystem config ...
2025-Apr-16 07:18:01.008223 [ 2740] [ERR] [config] load parental config failed: System error; (device::open: The system cannot find the file specified. (2))
2025-Apr-16 07:18:01.008373 [ 2740] [INF] [config] Es default connection settings created
2025-Apr-16 07:18:01.008551 [ 2740] [INF] [manager] start subsystem DbStorage ...
2025-Apr-16 07:18:01.011766 [ 2740] [INF] [DbStorage] db path: C:\ProgramData\Doctor Web\Database
2025-Apr-16 07:18:01.011880 [ 2740] [INF] [DbStorage] Trying to initialize DB storage
2025-Apr-16 07:18:01.092998 [ 2740] [INF] [manager] start subsystem environment ...
2025-Apr-16 07:18:01.093012 [ 2744] [INF] [DbStorage] appctl_events_cleaner::clear_old_events async call unsuccessfull: Операция ввода/вывода была прервана из-за завершения потока команд или по запросу приложения
2025-Apr-16 07:18:01.093072 [ 2740] [INF] [manager] start subsystem plugins ...
2025-Apr-16 07:18:01.093120 [ 2740] [INF] [manager] start subsystem components ...
2025-Apr-16 07:18:01.095254 [ 2740] [INF] [manager] start subsystem UserMon ...
2025-Apr-16 07:18:01.095372 [ 2740] [ERR] [manager] start subsystem UserMon failed UserWatcher thread is already running
2025-Apr-16 07:18:01.095383 [ 2740] [INF] [manager] start subsystem event-processor ...
2025-Apr-16 07:18:01.095389 [ 2740] [INF] [event-processor] start
2025-Apr-16 07:18:01.546087 [ 2740] [INF] [event-processor] Starting event processor (11 events pending)
2025-Apr-16 07:18:01.546180 [ 2740] [INF] [event-processor] Accumulate events schedule is OFF('111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111')
2025-Apr-16 07:18:01.546208 [ 2740] [INF] [manager] start subsystem VdbCache ...
2025-Apr-16 07:18:01.546297 [ 2740] [INF] [manager] start subsystem Mixed ...
2025-Apr-16 07:18:01.546310 [ 2740] [INF] [manager] start subsystem NAP ...
2025-Apr-16 07:18:01.546348 [ 2740] [INF] [NAP] NAP set to 'yes'
2025-Apr-16 07:18:01.546383 [ 1404] [INF] [VdbCache] Subscribing for engine events...
2025-Apr-16 07:18:01.546395 [ 2740] [INF] [manager] start subsystem NetScan ...
2025-Apr-16 07:18:01.546429 [ 2740] [INF] [manager] start subsystem Scheduler ...
2025-Apr-16 07:18:01.546465 [ 2740] [INF] [manager] start subsystem task-runner ...
2025-Apr-16 07:18:01.546534 [ 2740] [INF] [manager] start subsystem escanner ...
2025-Apr-16 07:18:01.546590 [ 2740] [INF] [escanner] escanners table is empty
2025-Apr-16 07:18:01.546599 [ 2740] [INF] [manager] start subsystem statistics ...
2025-Apr-16 07:18:01.547061 [ 2740] [INF] [manager] start subsystem esloader ...
2025-Apr-16 07:18:01.547540 [ 2740] [INF] [manager] start subsystem RepoCache ...
2025-Apr-16 07:18:01.547561 [ 2740] [INF] [manager] start subsystem es_update ...
2025-Apr-16 07:18:01.547999 [ 4508] [INF] [NAP] nap_unregister: begins
2025-Apr-16 07:18:01.548301 [ 2740] [INF] [manager] start subsystem quarantine ...
2025-Apr-16 07:18:01.548343 [ 2728] [INF] [esupdate] Try load configuration...
2025-Apr-16 07:18:01.548767 [ 2740] [INF] [manager] start subsystem MCastUpdates ...
2025-Apr-16 07:18:01.548768 [ 3916] [INF] [quarantine] Event listener started
2025-Apr-16 07:18:01.548794 [ 2740] [INF] [manager] start subsystem devices ...
2025-Apr-16 07:18:01.548852 [ 2740] [INF] [manager] start subsystem es_server_communication ...
2025-Apr-16 07:18:01.549073 [ 2728] [INF] [esupdate] Configuration loaded successfully
2025-Apr-16 07:18:01.549164 [ 2740] [INF] [es_server_communication] switch off send geolocation
2025-Apr-16 07:18:01.549228 [ 2724] [INF] [esloader] Update products-revisions map
2025-Apr-16 07:18:01.549244 [ 2724] [INF] [esloader]  ESproduct = 10-drwbases; revision = 130'20250416035138
2025-Apr-16 07:18:01.549251 [ 2724] [INF] [esloader]  ESproduct = 20-drwagent; revision = 130'20250415102031
2025-Apr-16 07:18:01.549284 [ 2724] [INF] [esupdate] Load products.xml from C:/ProgramData/Doctor Web/Updater/repo/90\products.xml
2025-Apr-16 07:18:01.549407 [ 2740] [INF] [manager] start subsystem reconnector ...
2025-Apr-16 07:18:01.549451 [ 2740] [INF] [reconnector] Client bandwidth is unlimited
2025-Apr-16 07:18:01.551736 [ 2724] [INF] [esupdate] Products.xml contains 4 groups, 27 products, 42 components
2025-Apr-16 07:18:01.559023 [ 2740] [INF] [manager] start subsystem netsvc ...
2025-Apr-16 07:18:01.559040 [ 2724] [TRC] [es-client] [Discovery] Parse endpoints <10.0.0.69:2193>
2025-Apr-16 07:18:01.559073 [ 2724] [TRC] [es-client] [Discovery] Parse endpoint <10.0.0.69:2193>
2025-Apr-16 07:18:01.559570 [ 2728] [INF] [es-client] [TextProto/Client/A2S/Session] Connected to "tcp://10.0.0.69:2193"
2025-Apr-16 07:18:01.581143 [ 2724] [INF] [reconnector] server flavour is 'es'
2025-Apr-16 07:18:01.581173 [ 2724] [INF] [reconnector] ES connected to 10.0.0.69:2193 'connected successfully'
2025-Apr-16 07:18:01.582368 [ 2724] [INF] [reconnector] request settings for 4
2025-Apr-16 07:18:01.582568 [ 2724] [INF] [reconnector] request settings for 30
2025-Apr-16 07:18:01.582837 [ 2724] [INF] [reconnector] request settings for 57
2025-Apr-16 07:18:01.582948 [ 2724] [INF] [reconnector] request settings for 145
2025-Apr-16 07:18:01.583057 [ 2724] [INF] [reconnector] request settings for 154
2025-Apr-16 07:18:01.583115 [ 2724] [INF] [reconnector] request settings for 156
2025-Apr-16 07:18:01.583174 [ 2724] [INF] [reconnector] request settings for 159
2025-Apr-16 07:18:01.583233 [ 2724] [INF] [reconnector] request settings for 160
2025-Apr-16 07:18:01.583291 [ 2724] [INF] [reconnector] request settings for 161
2025-Apr-16 07:18:01.583306 [ 2724] [INF] [components] on_connected
2025-Apr-16 07:18:01.583327 [ 2724] [INF] [event-processor] Flush events on connect (11 events pending)
2025-Apr-16 07:18:01.583385 [ 2724] [INF] [reboot-manager] notify es of no restart required
2025-Apr-16 07:18:01.583834 [ 2724] [INF] [Scheduler] Need schedule cause connect
2025-Apr-16 07:18:01.583845 [ 2724] [INF] [Scheduler] Get schedule request
2025-Apr-16 07:18:01.584195 [ 2720] [INF] [components] Scanner (4) changed state to unknown
2025-Apr-16 07:18:01.584212 [ 2720] [INF] [components] AvService (30) changed state to started
2025-Apr-16 07:18:01.584307 [ 4896] [INF] [quarantine] Quarantine digest calculation started
2025-Apr-16 07:18:01.584412 [ 2724] [INF] [esloader] Connected to es server
2025-Apr-16 07:18:01.584531 [ 2724] [INF] [esloader] Update products-revisions map
2025-Apr-16 07:18:01.584545 [ 2724] [INF] [esloader]  ESproduct = 10-drwbases; revision = 130'20250416035138
2025-Apr-16 07:18:01.584553 [ 2724] [INF] [esloader]  ESproduct = 20-drwagent; revision = 130'20250415102031
2025-Apr-16 07:18:01.584617 [ 2724] [INF] [esloader] Sending ANF_STATE to server ...
2025-Apr-16 07:18:01.585032 [ 2724] [INF] [esloader]  EsProduct = 10-drwbases ; revision = 13020250416035138; state = S; force_update = no
2025-Apr-16 07:18:01.585051 [ 2724] [INF] [esloader]  EsProduct = 20-drwagent ; revision = 13020250415102031; state = S; force_update = no
2025-Apr-16 07:18:01.586023 [ 4896] [INF] [quarantine] Quarantine digest sent
2025-Apr-16 07:18:01.586045 [ 4896] [INF] [quarantine] Quarantine digest calculation finished
2025-Apr-16 07:18:01.588570 [ 2736] [INF] [reconnector] New Rights
2025-Apr-16 07:18:01.597300 [ 2716] [INF] [config] Rewrite es default connection settings
2025-Apr-16 07:18:01.599080 [ 2716] [WRN] [es-config] ignore unknown setting WithoutPubkey with value 0;
2025-Apr-16 07:18:01.599105 [ 2716] [WRN] [es-config] ignore unknown setting WrongPubkey with value 0;
2025-Apr-16 07:18:01.599954 [ 2716] [INF] [config] Rewrite es default connection settings
2025-Apr-16 07:18:01.601790 [ 2724] [TRC] [es-client] [TextProto/Client/A2S] Parameter "UsersEnable" for component #30 not found
2025-Apr-16 07:18:01.601815 [ 2724] [TRC] [es-client] [TextProto/Client/A2S] Parameter "UsersPeriod" for component #30 not found
2025-Apr-16 07:18:01.606827 [ 2724] [INF] [esupdate] Recieve new policies.
2025-Apr-16 07:18:01.606872 [ 2732] [INF] [esupdate] Processing policies.
2025-Apr-16 07:18:01.607159 [ 2732] [INF] [esupdate] Run changing policies (change composition of components)
2025-Apr-16 07:18:01.607292 [ 2732] [INF] [esupdate] Product = Bases                     Revision = 20250416035138
2025-Apr-16 07:18:01.607303 [ 2732] [INF] [esupdate] Product = DrWebAgent                Revision = 20250415102031
2025-Apr-16 07:18:01.607310 [ 2732] [INF] [esupdate] Product = DrWebEsAgent              Revision = 20250415102031
2025-Apr-16 07:18:01.607543 [ 2732] [INF] [esupdate] Product = DrwBase                   Revision = 20250416035138
2025-Apr-16 07:18:01.607556 [ 2732] [INF] [esupdate] Product = ESAgentSetup              Revision = 20250415102031
2025-Apr-16 07:18:01.607563 [ 2732] [INF] [esupdate] Product = ScannerSE                 Revision = 20250415102031
2025-Apr-16 07:18:01.607569 [ 2732] [INF] [esupdate] Product = SpiderG3Srv               Revision = 20250415102031
2025-Apr-16 07:18:01.607576 [ 2732] [INF] [esupdate] Product = Updater                   Revision = 20250415102031
2025-Apr-16 07:18:01.607792 [ 2732] [INF] [esupdate] mesh mode is disable
2025-Apr-16 07:18:01.607808 [ 2732] [INF] [esupdate] new product (es) policies
2025-Apr-16 07:18:01.607820 [ 2732] [INF] [esupdate]  Product = AVDAgentSetup             ( EsId =  503) CANNOT be installed! (0) (not suitable type)
2025-Apr-16 07:18:01.607835 [ 2732] [INF] [esupdate]  Product = Bases                     ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:18:01.607847 [ 2732] [INF] [esupdate]  Product = DrWebAgent                ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:18:01.607856 [ 2732] [INF] [esupdate]  Product = DrWebAvdAgent             ( EsId =   30) CANNOT be installed! (0) (not suitable type)
2025-Apr-16 07:18:01.607865 [ 2732] [INF] [esupdate]  Product = DrWebEsAgent              ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:18:01.607893 [ 2732] [INF] [esupdate]  Product = DrWebEsAgentIndustrial    ( EsId =   30) CANNOT be installed! (0) (not suitable for not industrial)
2025-Apr-16 07:18:01.607903 [ 2732] [INF] [esupdate]  Product = DrwBase                   ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:18:01.607913 [ 2732] [INF] [esupdate]  Product = DwsNetFilter              ( EsId =   38) CANNOT be installed! (0) 
2025-Apr-16 07:18:01.607922 [ 2732] [INF] [esupdate]  Product = DwsParentalControl        ( EsId =   54) CANNOT be installed! (0) 
2025-Apr-16 07:18:01.607931 [ 2732] [INF] [esupdate]  Product = ESAgentSetup              ( EsId =  502) MUST   be installed! (2) (installed)
2025-Apr-16 07:18:01.607941 [ 2732] [INF] [esupdate]  Product = Firewall                  ( EsId =  105) CANNOT be installed! (0) 
2025-Apr-16 07:18:01.607952 [ 2732] [INF] [esupdate]  Product = NetFilterHttp             ( EsId =   38) CANNOT be installed! (0) 
2025-Apr-16 07:18:01.607960 [ 2732] [INF] [esupdate]  Product = NetFilterMail             ( EsId =   14) CANNOT be installed! (0) 
2025-Apr-16 07:18:01.607971 [ 2732] [INF] [esupdate]  Product = NetFilterParentalControl  ( EsId =   54) CANNOT be installed! (0) 
2025-Apr-16 07:18:01.607979 [ 2732] [INF] [esupdate]  Product = OutlookPlugin             ( EsId =  103) CANNOT be installed! (0) 
2025-Apr-16 07:18:01.607988 [ 2732] [INF] [esupdate]  Product = ScannerSE                 ( EsId =    4) MAY    be installed! (1) (installed)
2025-Apr-16 07:18:01.607997 [ 2732] [INF] [esupdate]  Product = SpamFilterOutlook         ( EsId =   55) CANNOT be installed! (0) 
2025-Apr-16 07:18:01.608005 [ 2732] [INF] [esupdate]  Product = SpamFilterSpiderMail      ( EsId =   55) CANNOT be installed! (0) 
2025-Apr-16 07:18:01.608014 [ 2732] [INF] [esupdate]  Product = SpiderG3Srv               ( EsId =   58) MAY    be installed! (1) (installed)
2025-Apr-16 07:18:01.608024 [ 2732] [INF] [esupdate]  Product = Updater                   ( EsId =   30) MUST   be installed! (2) (installed)
2025-Apr-16 07:18:01.608035 [ 2732] [INF] [esupdate] nothing to change configuration
2025-Apr-16 07:18:01.608081 [ 2732] [INF] [esupdate] Run changing policies for proxy
2025-Apr-16 07:18:01.613541 [ 2740] [INF] [config] Rewrite es default connection settings
2025-Apr-16 07:18:01.618040 [ 2740] [TRC] [es-client] [TextProto/Client/A2S] Parameter "UsersEnable" for component #30 not found
2025-Apr-16 07:18:01.618068 [ 2740] [TRC] [es-client] [TextProto/Client/A2S] Parameter "UsersPeriod" for component #30 not found
2025-Apr-16 07:18:01.627231 [ 2732] [WRN] [es-config] ignore unknown setting WithoutPubkey with value 0;
2025-Apr-16 07:18:01.627276 [ 2732] [WRN] [es-config] ignore unknown setting WrongPubkey with value 0;
2025-Apr-16 07:18:01.628152 [ 2732] [INF] [config] Rewrite es default connection settings
2025-Apr-16 07:18:01.907432 [ 2724] [INF] [Scheduler] SCHEDULE: 14 Action Class 22060576-e20a-477a-adee-12b3e6e28ef2 0 escan_job_t 0 Action Name 22060576-e20a-477a-adee-12b3e6e28ef2 0 Daily%Sscan 0 Action ScanMode 22060576-e20a-477a-adee-12b3e6e28ef2 0 ScanStartups%S1%SActionJokes%S2%SActionInfectedMail%S2%SMaxSizeToExtract%S524288%SRatioCheckThreshold%S1024%SScanNonet%S0%SScanIdle%S2%SActionDialers%S2%SActionInfectedBoot%S0%SScanHeuristic%S1%SActionHacktools%S2%SScanRootkit%S1%SActionAdware%S2%SActionInfectedContainer%S2%SScanRemovable%S0%SActionRiskware%S2%SIncurableFiles%S2%SActionInfectedArchive%S2%SMaxArchSize%S0%SScanShutdown%S0%SScanInteractive%S0%SScanMemory%S1%SInfectedFiles%S1%SCheckContainer%S1%SAutoAction%S0%SFollowSymbolicLinks%S0%SRebootMode%S0%SPauseOnBattery%S0%SCheckArchives%S1%SMaxArchLevel%S16%SMaxTimeMills%S0%SCheckEMailFiles%S1%SScanBoot%S1%SMaxCompressionRatio%S1000%SScanPriority%S50%SScanFixed%S1%SSuspiciousFiles%S2 0 Action ScanType 22060576-e20a-477a-adee-12b3e6e28ef2 0 full 0 Job State 22060576-e20a-477a-adee-12b3e6e28ef2 1 %Z 0 Time Class 22060576-e20a-477a-adee-12b3e6e28ef2 0 daily_job_t 0 Time Hour 22060576-e20a-477a-adee-12b3e6e28ef2 1 %Z 16 Time Minute 22060576-e20a-477a-adee-12b3e6e28ef2 1 %Z 0 Action Class bafcf604-40de-44c0-b7a5-858e1c947c2e 0 escan_job_t 0 Action Name bafcf604-40de-44c0-b7a5-858e1c947c2e 0 StartupScan 0 Action ScanMode bafcf604-40de-44c0-b7a5-858e1c947c2e 0 ScanStartups%S1%SActionJokes%S4%SActionInfectedMail%S2%SMaxSizeToExtract%S524288%SRatioCheckThreshold%S1024%SScanNonet%S0%SScanIdle%S2%SActionDialers%S4%SActionInfectedBoot%S1%SScanHeuristic%S1%SActionHacktools%S4%SScanRootkit%S1%SActionAdware%S4%SActionInfectedContainer%S4%SScanRemovable%S0%SActionRiskware%S4%SMaxTimeMills%S0%SActionInfectedArchive%S4%SMaxArchSize%S0%SScanShutdown%S0%SScanInteractive%S0%SScanMemory%S1%SMaxCompressionRatio%S1000%SCheckContainer%S1%SScanPriority%S50%SAutoAction%S0%SRebootMode%S0%SFollowSymbolicLinks%S0%SCheckArchives%S0%SMaxArchLevel%S16%SIncurableFiles%S4%SCheckEMailFiles%S0%SInfectedFiles%S1%SScanBoot%S1%SPauseOnBattery%S0%SScanFixed%S0%SSuspiciousFiles%S4 0 Action ScanType bafcf604-40de-44c0-b7a5-858e1c947c2e 0 fast 0 Job State bafcf604-40de-44c0-b7a5-858e1c947c2e 1 %Z 0 Time Class bafcf604-40de-44c0-b7a5-858e1c947c2e 0 at_start_job_t 0
2025-Apr-16 07:18:02.105797 [ 2720] [INF] [components] EScanner (37) changed state to unknown
2025-Apr-16 07:18:02.123502 [ 2720] [INF] [components] SpIDerGuardG3 (58) changed state to started
2025-Apr-16 07:18:02.124484 [ 2720] [INF] [components] DwProt (124) changed state to started
2025-Apr-16 07:18:02.125372 [ 2720] [INF] [components] PreventiveProtection (144) changed state to started
2025-Apr-16 07:18:02.125584 [ 2720] [INF] [components] Appcontrol (154) changed state to started
2025-Apr-16 07:18:02.126455 [ 2720] [INF] [components] MeshClient (156) changed state to paused
2025-Apr-16 07:18:02.127625 [ 2720] [INF] [components] RansomwareProtection (159) changed state to started
2025-Apr-16 07:18:02.128765 [ 2720] [INF] [components] BehaviorAnalysis (160) changed state to started
2025-Apr-16 07:18:02.129706 [ 2720] [INF] [components] ExploitPrevention (161) changed state to started
2025-Apr-16 07:18:02.130853 [ 2720] [INF] [components] process installed components
2025-Apr-16 07:18:02.131603 [ 2720] [INF] [components] comp: Scanner, date: 20221112054224000(1668231744)
2025-Apr-16 07:18:02.132024 [ 2720] [INF] [components] comp: AvService, date: 20221112053828000(1668231508)
2025-Apr-16 07:18:02.132489 [ 2720] [INF] [components] comp: EScanner, date: 20221112053828000
2025-Apr-16 07:18:02.132864 [ 2720] [INF] [components] comp: Appcontrol, date: 20221112053828000
2025-Apr-16 07:18:02.133281 [ 2720] [INF] [components] comp: MeshClient, date: 20221112053828000
2025-Apr-16 07:18:02.139772 [ 2720] [INF] [components] comp: SpIDerGuardG3, date: 20221112054226000(1668231746)
2025-Apr-16 07:18:02.143403 [ 2720] [INF] [components] comp: DwProt, date: 20221112053830000(1668231510)
2025-Apr-16 07:18:02.168046 [ 2720] [INF] [components] comp: PreventiveProtection, date: 20221112053828000(1668231508). Skip sending to unsupported server.
2025-Apr-16 07:18:02.168061 [ 2720] [INF] [components] comp: PreventiveProtection, date: 20221112053828000(1668231508)
2025-Apr-16 07:18:02.168433 [ 2720] [INF] [components] comp: PreventiveProtection, date: 20221112053828000(1668231508)
2025-Apr-16 07:18:02.168816 [ 2720] [INF] [components] comp: PreventiveProtection, date: 20221112053828000(1668231508)
2025-Apr-16 07:18:10.350594 [ 2716] [INF] [components] process installed components
2025-Apr-16 07:18:10.364660 [ 2716] [INF] [components] comp: Scanner, date: 20221112054224000(1668231744)
2025-Apr-16 07:18:10.365123 [ 2716] [INF] [components] comp: AvService, date: 20221112053828000(1668231508)
2025-Apr-16 07:18:10.365517 [ 2716] [INF] [components] comp: EScanner, date: 20221112053828000
2025-Apr-16 07:18:10.365863 [ 2716] [INF] [components] comp: Appcontrol, date: 20221112053828000
2025-Apr-16 07:18:10.366184 [ 2716] [INF] [components] comp: MeshClient, date: 20221112053828000
2025-Apr-16 07:18:10.369517 [ 2716] [INF] [components] comp: SpIDerGuardG3, date: 20221112054226000(1668231746)
2025-Apr-16 07:18:10.372559 [ 2716] [INF] [components] comp: DwProt, date: 20221112053830000(1668231510)
2025-Apr-16 07:18:10.373054 [ 2716] [INF] [components] comp: PreventiveProtection, date: 20221112053828000(1668231508). Skip sending to unsupported server.
2025-Apr-16 07:18:10.373070 [ 2716] [INF] [components] comp: PreventiveProtection, date: 20221112053828000(1668231508)
2025-Apr-16 07:18:10.373432 [ 2716] [INF] [components] comp: PreventiveProtection, date: 20221112053828000(1668231508)
2025-Apr-16 07:18:10.373769 [ 2716] [INF] [components] comp: PreventiveProtection, date: 20221112053828000(1668231508)
2025-Apr-16 07:19:01.546906 [ 2724] [INF] [Scheduler] Restart enterprise scheduler
2025-Apr-16 07:19:01.563129 [ 2724] [INF] [Scheduler] Skipping disabled job with id 22060576-e20a-477a-adee-12b3e6e28ef2
2025-Apr-16 07:19:01.563217 [ 2724] [INF] [Scheduler] Skipping disabled job with id bafcf604-40de-44c0-b7a5-858e1c947c2e
2025-Apr-16 07:19:01.563327 [ 2724] [INF] [Scheduler] starting scheduler, now: 2025-Apr-16 07:19:01
2025-Apr-16 09:42:11.047001 [ 2740] [TRC] [es-client] [TextProto/Client/C2S] Smart disconnect: process STOP command
2025-Apr-16 09:42:11.058544 [ 2724] [INF] [es-client] [TextProto/Client/C2S] "ssl://10.0.0.69:2193/dead" disconnected
2025-Apr-16 09:42:11.058594 [ 2724] [INF] [es-client] [TextProto/Client/A2S/Session] "ssl://10.0.0.69:2193/dead" disconnected
2025-Apr-16 09:42:11.058686 [ 2724] [INF] [esloader] Disconnected from es server
2025-Apr-16 09:42:11.058697 [ 2724] [INF] [reconnector] ES disconnected
2025-Apr-16 09:42:11.059261 [ 2724] [INF] [reconnector] retry ... 178 seconds
2025-Apr-16 09:43:02.608405 [ 2740] [INF] [event-processor] Accumulate event because of not connected to server (0 events pending)
2025-Apr-16 09:44:02.636869 [ 2716] [INF] [event-processor] Accumulate event because of not connected to server (0 events pending)
2025-Apr-16 09:45:02.655153 [ 2740] [INF] [event-processor] Accumulate event because of not connected to server (0 events pending)
2025-Apr-16 09:45:09.058433 [ 2716] [TRC] [es-client] [TextProto/Client/A2S/Session] ssl://10.0.0.69:2193/dead: resurrect previous connection
2025-Apr-16 09:45:30.102224 [ 2740] [ERR] [es-client] [Transport] unconnected: unable to connect to '10.0.0.69:2193' because of Попытка установить соединение была безуспешной, т.к. от другого компьютера за требуемое время не получен нужный отклик, или было разорвано уже установленное соединение из-за неверного отклика уже подключенного компьютера (code: 10060)
2025-Apr-16 09:45:30.115846 [ 2740] [ERR] [es-client] [TextProto/Client/A2S/Session] Unable to connect to "10.0.0.69:2193" because of negotiation error (error: 2)
2025-Apr-16 09:45:30.115904 [ 2740] [WRN] [reconnector] ES connection error 2 'negotiation error'
2025-Apr-16 09:45:30.116269 [ 2740] [INF] [reconnector] retry ... 160 seconds
2025-Apr-16 09:45:30.116299 [ 2740] [INF] [components] on_connected
2025-Apr-16 09:45:30.116306 [ 2740] [INF] [components] on_connected error: negotiation error
 
===============================================================================
 Dr.Web Es Service for Windows v12.12.28.07050
 Copyright © Doctor Web, Ltd., 1992-2025
 Current arch: x64
 Binary: x64
 Operating System: Windows Server 2016 x64 (Build 14393)
 Command line: C:\Program Files\DrWeb\es-service.exe --logfile=C:\ProgramData\Doctor Web\Logs\es-service.log 
===============================================================================
2025-Apr-17 08:40:58.899874 [ 2560] [INF] [subsysmanager] start with mode: es, business
2025-Apr-17 08:40:58.899898 [ 2560] [INF] [subsysmanager] Creating subsystems...
2025-Apr-17 08:40:58.900291 [ 2560] [INF] [dws] Create reconnector
2025-Apr-17 08:40:58.900629 [ 2560] [INF] [dws9_clients] create
2025-Apr-17 08:40:58.900663 [ 2560] [INF] [ipc] create
2025-Apr-17 08:40:58.900737 [ 2560] [INF] [config] create
2025-Apr-17 08:40:58.900757 [ 2560] [INF] [DbStorage] [db-storage] create
2025-Apr-17 08:40:58.900779 [ 2560] [INF] [environment] Environment monitor subsystem created
2025-Apr-17 08:40:58.900807 [ 2560] [INF] [plugins] create
2025-Apr-17 08:40:58.900843 [ 2560] [INF] [components] create
2025-Apr-17 08:40:58.900949 [ 2560] [INF] [event-processor] create
2025-Apr-17 08:40:58.903158 [ 2560] [INF] [mixed] Mixed subsystem created
2025-Apr-17 08:40:58.903489 [ 2560] [INF] [Scheduler] create
2025-Apr-17 08:40:58.903525 [ 2560] [INF] [task-runner] Create
2025-Apr-17 08:40:58.903861 [ 2560] [INF] [escanner] create
2025-Apr-17 08:40:58.903908 [ 2560] [INF] [statistics] create
2025-Apr-17 08:40:58.903946 [ 2560] [INF] [esloader] create
2025-Apr-17 08:40:58.904083 [ 2560] [INF] [esupdate] create
2025-Apr-17 08:40:58.904096 [ 2560] [INF] [quarantine] Create
2025-Apr-17 08:40:58.904136 [ 2560] [INF] [devices] create
2025-Apr-17 08:40:58.915177 [ 2560] [INF] [reconnector] create
2025-Apr-17 08:40:58.915197 [ 2560] [INF] [netsvc] create
2025-Apr-17 08:40:58.915230 [ 2560] [INF] [subsysmanager] Subsystems created
2025-Apr-17 08:40:58.915532 [ 2560] [INF] [manager] start subsystem dws9_clients ...
2025-Apr-17 08:40:58.915542 [ 2560] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 08:40:58.916084 [ 2560] [ERR] [dws] Connect to control dwservice [0] exception: System error; (Unable to open pipe.)
2025-Apr-17 08:40:58.916109 [ 2560] [INF] [manager] start subsystem ipc ...
2025-Apr-17 08:40:58.917080 [ 2560] [INF] [Service] [Modules] Start 8 threads for modules
2025-Apr-17 08:40:59.923687 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 08:41:00.923789 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 08:41:01.923653 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:14.811503 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:15.811434 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:16.827099 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:17.842724 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:18.842758 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:19.842830 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:20.858402 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:20.858539 [ 2612] [ERR] [dws] Connect to control dwservice [10] exception: System error; (Unable to open pipe.)
2025-Apr-17 10:20:21.858360 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:22.874031 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:23.889602 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:24.905228 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:25.920883 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:26.936477 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:27.936646 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:28.936524 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:29.952149 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:30.967743 [ 2612] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 10:20:30.967877 [ 2612] [ERR] [dws] Connect to control dwservice [20] exception: System error; (Unable to open pipe.)
2025-Apr-17 10:20:31.983378 [ 2608] [INF] [dws] Try connect to Control Service Dr.Web ...
 

#11 Kirill Polubelov

Kirill Polubelov

    Hr. Schreibikus

  • Dr.Web Staff
  • 4 454 Сообщений:

Отправлено 17 Апрель 2025 - 11:43

Возможно, после успешного подключения к серверу, агенту прилетают некорректные параметры подключения с сервера.

Проверьте их.


Сообщение было изменено Kirill Polubelov: 17 Апрель 2025 - 11:45

(exit 0)

#12 Afalin

Afalin

    Guru

  • Dr.Web Staff
  • 6 028 Сообщений:

Отправлено 17 Апрель 2025 - 12:13

Как эти некорректные параметры могут влиять на работу telnet?


Семь раз отрежь – один раз проверь

#13 VladimirN

VladimirN

    Member

  • Posters
  • 141 Сообщений:

Отправлено 17 Апрель 2025 - 13:24

На данный момент остался 1 компьютер (WindowsSRV2008) который не получается подключить в антивирусному серверу:

Пинги, tracert и телнет на антивирусный сервер с него проходят (при подключении к порту это видно на антивирусном сервере через netstat и через tcpview на клиенте)

Удаление записи об этом объекте на антивирусном сервере и переустановка клиента не помогла

После переустановки агента, на сервере не видно попыток подключить по порту 2193 или каких-то запросов на порт 2193 с клиента

 

...

===============================================================================
 Dr.Web Es Service for Windows v12.12.28.07050
 Copyright © Doctor Web, Ltd., 1992-2025
 Current arch: x64
 Binary: x64
 Operating System: Windows Server 2008 R2 x64 (Build 7601), Service Pack 1
 Command line: C:\Program Files\DrWeb\es-service.exe --logfile=C:\ProgramData\Doctor Web\Logs\es-service.log 
===============================================================================
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [subsysmanager] start with mode: es, business
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [subsysmanager] Creating subsystems...
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [dws] Create reconnector
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [dws9_clients] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [ipc] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [config] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [DbStorage] [db-storage] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [environment] Environment monitor subsystem created
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [plugins] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [components] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [event-processor] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [mixed] Mixed subsystem created
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [Scheduler] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [task-runner] Create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [escanner] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [statistics] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [esloader] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [esupdate] create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [quarantine] Create
2025-Apr-17 11:53:09.698839 [ 1488] [INF] [devices] create
2025-Apr-17 11:53:09.714439 [ 1488] [INF] [reconnector] create
2025-Apr-17 11:53:09.714439 [ 1488] [INF] [netsvc] create
2025-Apr-17 11:53:09.714439 [ 1488] [INF] [subsysmanager] Subsystems created
2025-Apr-17 11:53:09.714439 [ 1488] [INF] [manager] start subsystem dws9_clients ...
2025-Apr-17 11:53:09.714439 [ 1488] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 11:53:09.714439 [ 1488] [ERR] [dws] Connect to control dwservice [0] exception: System error; (Unable to open pipe.)
2025-Apr-17 11:53:09.714439 [ 1488] [INF] [manager] start subsystem ipc ...
2025-Apr-17 11:53:09.714439 [ 1488] [INF] [Service] [Modules] Start 8 threads for modules
2025-Apr-17 11:53:09.714439 [ 1532] [INF] [ipc] Pipe listener started. Endpoint: pipe://\\.\PIPE\DrWeb-EsService-FF46E948-FBFB-42C2-8346-DF3A5D6E14EB
2025-Apr-17 11:53:10.728440 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:51.628201 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:52.642202 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:53.656204 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:54.670206 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:55.684208 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:56.698209 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:57.712211 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:58.726213 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:59.740215 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:30:59.740215 [ 1532] [ERR] [dws] Connect to control dwservice [10] exception: System error; (Unable to open pipe.)
2025-Apr-17 14:31:00.754217 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:01.768218 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:02.782220 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:03.796222 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:04.810224 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:05.824225 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:06.838227 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:07.852229 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:08.866231 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:09.880233 [ 1532] [INF] [dws] Try connect to Control Service Dr.Web ...
2025-Apr-17 14:31:09.880233 [ 1532] [ERR] [dws] Connect to control dwservice [20] exception: System error; (Unable to open pipe.)
2025-Apr-17 14:31:10.894234 [ 1528] [INF] [dws] Try connect to Control Service Dr.Web ...

#14 Kirill Polubelov

Kirill Polubelov

    Hr. Schreibikus

  • Dr.Web Staff
  • 4 454 Сообщений:

Отправлено 17 Апрель 2025 - 15:16

В процитированном кусочке es-service не может достучаться до управляющего сервиса (drwservice), который, по опыту прошлых лет, скорей всего не может достучаться до core engine.


(exit 0)
Назад к Dr.Web Enterprise Suite
  1. Dr.Web forum
  2. Русские форумы
  3. Dr.Web Enterprise Suite
  4. Privacy Policy
  5. Terms & Rules ·