Wednesday, 12 February 2020

Add ESET + persistence to E2B+agFM

Recent versions of the ESET antivirus ISO have changed the way they use a persistent ext partition.




ESET will now only store the virus definition update files on an ext3 partition with a specific volume name of ESR-USB-DAT and it must be located as Primary Partition 2 (2nd partition) on the USB drive.

This change means that it won't work as a normal xxxx.imgPTN+xxxxx image pair in E2B because the persistent partition is mapped to partition 3 by Easy2Boot.

This means we need to modify the \menu.lst file inside the .imgPTN file.

If you have made an E2B multiboot USB drive with the a1ive grub2 File System on the 2nd FAT32 partition, then you can add a UEFI64-bootable (and MBR-bootable) version of ESET with persistence by using a special .cfg file.

Instructions

1. Download the ISO file  (do NOT use the .img file download for USB drives).

2. Convert the ISO file to a FAT32 .imgPTN23 file using the MPI Tool Kit and the MPI_FAT32 desktop shortcut in the usual way (using default options).

3. Download the pre-made 500MB persistent image from here.

The ext3 persistence file has been copied from an ESET bootable flash drive partition as detailed in the previous blog.

It must have the same filename as the .imgPTN23 file but with no file extension.

4. Copy the ext3 persistence image file to the same folder as the .imgPTN23 file: e.g.
  • "\_ISO\ANTIVIRUS\eset_sysrescue_live_enu.imgPTN23"
  • "\_ISO\ANTIVIRUS\eset_sysrescue_live_enu"
5. Make an agFM .cfg file and place it anywhere convenient on the first E2B NTFS partition of the E2B USB drive. See ESET Download (link below).
  • ESET with persistent updates (agFM).cfg
6. Edit the agFM ESET with persistent updates.cfg file. Make sure the paths for the two files (shown in blue below) are correct...

#Use this .cfg file to switch in and boot to Eset image (FAT32 .imgptn file) + persistence file
#WARNING: The agFM partition MUST be Partition 2
#Must use .imgPTN23 file extension

#Change next two lines as required
set "gfile=(${grubfm_device})/_ISO/ANTIVIRUS/eset_sysrescue_live_enu.imgPTN23"

set "grubfm_per=(${grubfm_device})/_ISO/ANTIVIRUS/eset_sysrescue_live_enu"

You can place the .cfg file in the root or in a \agFM folder or in the \_ISO\ANTIVIRUS folder. It might be a good idea to also add '(agFM)' into the filename to remind you not to select the .imgPTN23 file when in agFM!

This .cfg file will move the agFM partition 2 to partition 3. After running the .cfg file, the new partition structure will look like this:
Ptn1: FAT32 Type 0C      -  Eset AV + MPI files
Ptn2: ext3    Type 0         -  persistent volume (not recognised by Windows or UEFI BIOS)
Ptn3: FAT32 Type B\C\E -  agFM partition (moved from partition 2)
Ptn4: (not used)


7. It will be more convenient if you create a menu entry in the Eset grub2 menu system to boot to agFM. From the agFM menu system, you can run \RESTORE_E2B.cfg to restore the original E2B partitions.

Switch in the ESET .imgPTN23 file and add these lines to the end of the \boot\grub\grub.cfg file:

menuentry "Boot to agFM (UEFI64)" {
    set root=(hd0,msdos3)
    chainloader /grubfmx64.efi
#failsafe...
    set root=(hd0,msdos2)

    chainloader /grubfmx64.efi
}

8. We must modify the \menu.lst file for MBR E2B menu booting.

Add these lines near the beginning of the \menu.lst file (shown in blue)...

Make sure you edit the \menu.lst file in the image (easiest to switch in the image and then edit the \menu.lst file using Notepad).

set * && set DONE=%DONE% && set NOF9R=%NOF9R% && set GFX=%GFX% && set NOF7HD=%NOF7HD% && set NOF10H=%NOF10H% && set CMD2T=%CMD2T% && set pwd=%pwd% && set USBOPT=%USBOPT% && set DEFMENU=%DEFMENU%
set VER=0.97

# ESET mods - ptn3 will be persistent ptn - it must be ptn2
#Ptn2 = agFM
#Ptn3 = persist
#Change to
#Ptn2 = persist
#Ptn3 = agFM
set SWAP=
ls  (hd0,2)/lib && set SWAP=1
ls  (hd0,1)/grubfmx64.efi && set SWAP=2
if exist SWAP dd if=(hd0)0+1 of=(hd0)0+1 skip=0x1ce seek=0x1ee bs=1 count=16 > nul
if exist SWAP dd if=(hd0)0+1 of=(hd0)0+1 skip=0x1de seek=0x1ce bs=1 count=16 > nul
if exist SWAP dd if=(hd0)0+1 of=(hd0)0+1 skip=0x1ee seek=0x1de bs=1 count=16 > nul
if exist SWAP partnew (hd0,3) 0x00 0 0 0 > nul
#must set persistent ptn type to 0 for UEFI booting
parttype (hd0,1) 0 > nul
#display ptns
parttype (hd0,0)
parttype (hd0,1)
parttype (hd0,2)
parttype (hd0,3)
if not exist (hd0,2)/grubfmx64.efi pause SWAP=%SWAP% (did something go wrong?)

The modified files can be found here.
  • Eset with persistent updates.cfg - agFM .cfg file - place anywhere on E2B NTFS partition
  • grub.cfg - replace \boot\grub\grub.cfg
  • menu.lst - replace \menu.lst which is in the .imgPTN23 file
  • eset_sysrescue_live_enu.zip - unzip to get the ready-made ext3 partition image file
When switching in the .imgPTN23 file from the E2B menu, you can ignore any warning about it not being UEFI-bootable.

However, for UEFI-booting the .imgPTN file must be located on the disk before the ext persistence file. If E2B warns you that the order is incorrect (white text below), use SWITCH_E2B.exe to switch in the .imgPTN23 file and it will try to re-order the files for you. Once the files have been re-ordered, you can use agFM to switch in the files or the E2B menu system or SWITCH_E2B.exe.

You must re-order the files if you see this white error text message or it won't UEFI-boot on some systems.

agFM menus






Note: Using SWITCH_E2B.exe and then immediately UEFI-booting will not work correctly (updated will not be persistent).
  • Either UEFI-boot  to agFM using the .cfg file 
- OR -
  • MBR-boot to the CSM Menu before UEFI booting.

Troubleshooting

The scanner utility should auto-run on boot - if it does not or it fails to fully boot, you may need to re-download the persistence file again and replace the old one.

You must accept the licence agreement (two fields).


If you cancel the GUI, you can use the small 'e' icon in the task bar (extreme right) to re-launch it. Clicking the Desktop icon will not work if the 'e' taskbar icon is present and the task is still running.

Check Updates are persistent

Run Accessories - Root Terminal
type
df
Check for /dev/sda2 mounted on /mnt/eset-live-rw

Restart SysRescue

Run Accessories - Root Terminal
start a root terminal (must be Root !!!)
and type
killall esets_gui
Then click on the Eset SysRescue Desktop icon to run it.
https://help.eset.com/sysrescue_live/en-US/troubleshooting.html



14 comments:

  1. HI
    When booting e2b usd flash on ESET with persistent updates (agFM).cfg I have the error /ESET not found. What I do wrong?
    THANKS

    ReplyDelete
    Replies
    1. Hi
      Thanks for the fast reply. I boot with "ESET with persistent updates (agFM).cfg" and the exact words are : WARNING: /ESET file not found!
      I cannot know how to make the :
      #NOTE:
      #For the 2019/20 versions of ESET, the persistence partition must be labelled ESR-USB-DAT
      #and must be ext3 and must be in Ptn2 (see casper-bottom/12fstab).
      #Create a 600MB ext3 file with a volume label of ESR-USB-DAT"
      text that i found in the ESET with persistent updates (agFM).cfg file.

      However I managed to boot from eset_sysrescue_live_enu.imgPTN23 and everythig is ok, the updates are permanent

      Thanks

      Delete
    2. Are you sure you are booting using that file? Those words are not in that file.
      So you are booting to the E2B menu, then booting to agFM and then selecting that file from the agFM menu system?

      Those words may be in the E2B .mnu file however, which you run from the E2B menu system?

      Delete
    3. I use the file provided in onedrive
      but i win check again

      Delete
    4. In the file : is a text saying :
      #NOTE:
      #For the 2019/20 versions of ESET, the persistence partition must be labelled ESR-USB-DAT
      #and must be ext3 and must be in Ptn2 (see casper-bottom/12fstab).
      #Create a 600MB ext3 file with a volume label of ESR-USB-DAT

      I dont know what means an how to do it

      Can you provide me the files : grub.cfg , ESET with persistent updates (agFM).cfg and menu.lst here or in my mail : alexandru.vonica@gmail.com

      thanks

      By the way I managed to make Doctor web drweb-livedisk-900-cd.iso with the .isopersist method

      Delete
    5. The comments tell you how to create the persistence file (see other blog for details). But the persistence file and the other files are already available and are in the link I give for the download in the blog
      https://1drv.ms/u/s!AqlrQcdsFA-K02ekGaeoVffPoZrl?e=AZj4wq

      Delete
    6. From there i find and downloaded all the files
      Thanks

      Delete
    7. sorry, my mistake. I have a mnu file left from my previous try.
      But How cand I boot from e3b usb stick normaly.? I can boot only with eset_sysrescue_live_enu.imgPTN23. Also I canot see the last 4 pictures from your post

      thanks

      Delete
    8. What do you mean 'How can I boot from E2B usb stick normally' ?
      What does 'normally' mean?

      Legacy Boot or UEFI Boot?
      If Legacy then use the E2B .mnu file (change filenames to use new files).
      If UEFI then boot to agFM and choose the .cfg file
      re. last 4 pictures - I have no problem and no one else has reported a problem. Works OK for me in Chrome incognito mode and Edge.

      Delete
    9. Legacy . How to boot from main menu to boot into eset, because I can only boot with eset_sysrescue_live_enu.imgPTN23 . I dont know how to use or boot into agFM

      Delete
    10. If you are only Legacy booting, there is no need for agFM!
      Just boot to E2B menu and select the .imgPTN23 file.

      If you also want to test the agFM Legacy menu system, then add the grub_filemanager.mnu file to \_ISO\MAINMENU folder as in the instructions on the E2B agFM page https://www.easy2boot.com/uefi-mbr-a1ive-grub2-file-manager/

      Delete
    11. This blog is for people who want to use agFM for UEFI booting.
      That is why it says 'If you have made an E2B multiboot USB drive with the a1ive grub2 File System on the 2nd FAT32 partition, then you can add a UEFI64-bootable (and MBR-bootable) version of ESET with persistence by using a special .cfg file.'

      Delete