Important Update for Metadefender Endpoint (Gears) Devices Running on Windows

We would like to inform our customers that there is a possibility that some Windows OS computers connected to your MetaDefender Endpoint Management cloud account (formerly called Gears) might have a defective MetaDefender Endpoint agent that needs to be updated. Symptoms of a defective MetaDefender Endpoint agent might include abnormally high CPU usage or disk I/O on the computer, which will result is users experiencing slow response when using the computer (Note that on more powerful computers the performance might be unnoticeable to the enduser). OPSWAT strongly recommends that you review the endpoints on your cloud environment and update any problematic agents as soon as possible.

How to know if a computer's MetaDefender Endpoint is defective:

Only Windows-OS based computers that up-took last Thursday's release of MetaDefender Endpoint's software detection signature update (also referred to as OESIS) will be affected by this issue. Computers with a MetaDefender Endpoint agent that were online between April 1 12:01 AM US Pacific Time and 5:00 PM US Pacific Time could have been affected by this issue.

Any MetaDefender Endpoint agent that is using and OESIS release of 4.2.366.0 and 4.2.368.0 should be considered defective and updated using the instructions outlined in the next section. You can find out the release of OESIS on the Windows OS endpoint by:

  1. Opening the folder: C:\Program Files (x86)\OPSWAT\OnDemand\ondemands\oesis
  2. Right clicking on the columns and selecting Product Version. If Product Version is not there, then click more and find/enable Product Version, as shown in the screenshot:

How to fix the problem:

OPSWAT is offering three ways to fix this issue to accommodate environment-specific constraints you might have in your organization.

  1. Uninstall and reinstall the MetaDefender Endpoint agent on the Windows machine
  2. Run an OPSWAT provided batch script to fix the defective folder in Windows
  3. Manually run a set of commands to fix the defective folder in Windows


Details of each solution approach:

  1. Uninstall and reinstall the MetaDefender Endpoint agent on the Windows machine
    a. Make sure you are logged in with administrator access on each endpoint
    b. On the endpoint (the computer), uninstall the MetaDefender Endpoint agent following the instructions in the Knowledge Base
    c. From the "+Devices" button in the MetaDefender Endpoint Management cloud console, download the latest agent tied to your account and install it on the endpoint
  2. Run an OPSWAT provided batch script to fix the defective folder in Windows
    a. Make sure you are logged in with administrator access on each endpoint
    b. Request the "MEM_OESIS_fix.bat" batch script from OPSWAT by logging a ticket with us on Portal or by sending the request via email to us at help@opswat.com
    c. Right click on the batch file and choose to run the "MEM_OESIS_fix.bat" batch file as an administrator

    d. Wait up to two hours for the latest software detection signatures to be automatically downloaded and applied to the endpoint
  3. Manually run a set of commands to fix the defective folder in Windows (this assumes you have experience running commands via the command line interface in Windows)
    a. Make sure you are logged in with administrator access on each endpoint
    b. Request the list of commands that will be required to fix the defective folder by logging a ticket with us on Portal or by sending the request via email to us at help@opswat.com
    c. Open a command line prompt (CLI) in administrator mode and run each of the commands in the order provided


    d. Wait up to two hours for the latest software detection signatures to be automatically downloaded and applied to the endpoint

For Users of the Standalone Application Only: If you are unable to follow any of the directions above or are otherwise unsure whether you application is defective, you can choose to follow the instructions below. These instructions will work regardless of the state of your current application.

  1. If you have validated that you have the defective release of MetaDefender Endpoint or Gears, OPSWAT strongly recommends that you uninstall it and then download our latest release from our Free Tools page
  2. To uninstall the defective version of the MetaDefender Endpoint agent on the Windows machine, make sure you are logged in with administrator access, then follow the instructions in the Knowledge Base


How did this issue occur and what is OPSWAT doing to prevent this in the future?

OPSWAT is aggressively working to update our release processes to prevent these kinds of situations in the future. Early next week, OPSWAT will publish a root cause analysis and corrective actions taken.

If you have any questions about this, please email us at help@opswat.com or call us at 415.590.7300 extension 2.

Sign up for Blog updates

Get information and insight from the leaders in advanced threat prevention.