All Activity

This stream auto-updates   

  1. Yesterday
  2. Hi Folks, We are in the end of our testing phase. We do have era installed on a local windows machine. Now once we will go live, era will be hosted as a Hyper-V VM on one of our HA Servers. Whats better for performance and easy of administration. Windows Server or CENT OS Linux Server ? thanks for your tips
  3. Does this rely on firewall zones?
  4. Thanks for the link. I completed a clean install with the offline installer. Regards
  5. Matt, I had a similar issue. I went to Eset's main site, downloaded their installer again and re-installed the software. It worked for me and the errors disappeared.
  6. @kingoftheworld If you check client details of the affected computers, what are the functionality problems reported there? Where you see the "not updated" ? In the not updated column? Or you have enabled the "worst functionality problem" column, which provides the issue with the highiest severity, but not always the "root cause" of the problem. If the "not activated" status is no reported even in the client details, we will need details about your setup (exact version of ERA agent, Endpoint product / version). I take that you are having ERA 6.5, but ERA should not be the problem this time. Also, in the main "computers with problems" and "top computers problems", do you have any entries about "product not being activated", or license being expired? In case of V5 installations, it could happen, that license is removed, but as there was no activation in V5, it would just report failed update attempts (after 7 days, since the updates started to fail). But in case of V6 applications, it should be reported correctly, so I would recommend to ship us with additional info, so we could troubleshoot and identify the root cause.
  7. You can easily deploy ERA, using any of the provided options (as you have Domain, I would recommend a Windows installation, using the all-in-one installer). You can alternatively deploy ERA in Azure, if you prefer this option (so multiple sites, could easily connect to it over the internet). Then, if you have all of the computers in the domain, the best option would be to install the ERA agent using the GPO / SCCM method, as described in our documentation here: http://help.eset.com/era_admin/65/en-US/index.html?fs_agent_deploy_gpo_sccm.htm If you use Endpoint V5, or V6 (it should work even for V4.2), agent will automatically overtake the control of the Endpoint, and connect it to the server. If your endpoints are already configured as they should be, just make sure, that when installing ERA Server, you do not select the option to install "apache http proxy", as that would force all endpoints to communicate with ESET using proxy server installed on the machine where the ERA server is, which does not work in multi-site environment (usually). Ideally, you can always consult with your local ESET support, which should be able to recommend you the best possible approach, taking into account your network environment, and products used.
  8. We are evaluating the option, that ERA would be also able to export "configuration" not only "policy" in the proprietary ERA format. Basically, when exporting the policy, you will have an option to "export as policy" (to import into another ERA) and export as configuration. This is not yet confirmed, but it is tracked in the backlog.
  9. Do you try the following in 1 client at least: * Send a de-activation license task * Rebbot * Send activation task again. * Wait and send an update task.
  10. @hungtt You can pre-configure the agent, to enforce a policy in case of a membership in the dynamic group (internal network) on top of the master policy, which would be applied when the computer is not in the dynamic group. When dynamic group conditions are not met, the standard settings will be applied (features disabled, internet allowed). You need to define all the things in advance, as it is true, when computer is outside the network, ERA won´t have access to it (if you for example won´t have an alternative ERA proxy, that will be "internet facing", located somewhere in the DMZ. @sanjay We are planning to change the behavior, that when ERA agent is removed, Endpoint will "unlock" its settings. This is evaluate for the next major release of ERA / ENdpoints in Q4 (I can´t confirm that it will happen for sure, but it is in the backlog for this version). However, if the computer is not permanently removed from the management, this is not the way it should be done. Rather you should use various policy profiles, for different locations, as suggested in the point above.
  11. The behavior of a laptop or computer who travels inside/outside of the company is managed by the Agent who is in charge of apply the policy's. You have to previously setup that behavior in ERA as a Policy for the PC or group. In the ERAv6 all is about Policy and Tasks, no more xml import or tool as @MichalJ mention.
  12. The ERA Proxy gives us the following error (attached). The databases are on another virtual server. The database server has 8 sockets @2.00 GHz and 14gb of RAM. We have 12000 clients in ESET version 6. The servers are in the same vlan, do not go through the firewall, Era proxy, Era Server and Database Server. Thaks!
  13. Good afternoon, we have a problem with the agents. Agents do not replicate to the web console. The ERA Proxy has IP 10.100.8.67 The ERA Server has IP 10.100.8.65 The Agent endpoint pc has IP 10.0.4.166 If I point the agent to 10.100.8.65 (it was server) they replicate correctly and they appear to me perfect on the web console, but those who replicate against 10.100.8.67 (were proxy) lose the connection for some reason. In the case of the equipment that attaches the captures (10.0.4.166), the agent must connect to the proxy era, 10.100.8.67, in the tracelog of the proxy era we see that it was connected today: 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Socket accepted. Remote ip address: 10.0.4.166 remote port: 39530 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Resolving ip address: 10.0.4.166 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Receiving ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Successfully received ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread 1c0c]: Socket connection (isClientConnection: 0) established for id 7395636 -------------------------------------------------- ----------------------------- Here I leave a part of the tracelog of the team 10.0.4.166 that has drawbacks to appear in the console: 2017-04-25 17:03:38 Error: CReplicationModule [Thread 1bd8]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:04:38 Error: CReplicationModule [Thread b68]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:05:38 Error: CReplicationModule [Thread 12ec]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:06:16 Warning: NetworkModule [Thread a78]: The connection will be closed due to timeout. SessionId: 116 Ip address: 10.100.8.67 Port: 2222 Resolved name: 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Stopping replication scenario due to network connection close (scenario type: Regular, scenario status: Running) 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Failure of scenario (type = Regular, task_id = '00000000-0000-0000-7005-000000000001', link = 'Automatic replication (REGULAR) '(00000000-0000-0000-0000-0000-0000-0000-0000-000000000001), current_step = Transmitting [DataLogsImportant], current_step_phase = Transmitting, remote_peer = host: "10.100.8.67" port: 2222, remote_peer_type = 2, remote_peer_id = 0c53eb7c-016b-483a-8964 -be9853cb2052, remote_realm_id = 6f00364c-91d8-4993-bbac-354fa1d455f2) 2017-04-25 17:06:16 Error: NetworkModule [Thread 13cc]: User context does not exist for id 116
  14. Please check in what state is PROXY itself. IS it connecting to ERA? See status.html log of PROXY (not AGENT on the same machine) whether it is connecting. Seems AGENT connecting to PROXY are timeouting, i.e. they do successfully connect, but they are not handled in time - this could be caused by broken or extremely slow database. Is there enough resources for PROXY and it's database. Is PROXY'ss databse on local machine or remote - if remove, is network connection between them sufficiently fast in terms of response times?
  15. I use two factor authentication for a few things but I do have an issue with it. Back when lot's of people's icloud's got hacked, apple started rolling it out, but Apple never actually stated they were hacked which makes me believe a lot of the incidents where forms of phishing. I've read about phishing using two factor authentication which generally involves a hacker pretending to be from the site/company etc. Basically they inform the user that there's an issue but can't access the account until it's been disabled or they send them the code. Also if I remember correctly one phone network had issues with it's voicemails being hacked a while back. Don't get me wrong two factor authentication is great but it should never fully replace teaching people how to be secure.
  16. Thanks for the reply, we currently have another error, agents do not replicate to the web console. The ERA Proxy has IP 10.100.8.67 The ERA Server has IP 10.100.8.65 The Agent endpoint pc has IP 10.0.4.166 If I point the agent to 10.100.8.65 (it was server) they replicate correctly and they appear to me perfect on the web console, but those who replicate against 10.100.8.67 (were proxy) lose the connection for some reason. In the case of the equipment that attaches the captures (10.0.4.166), the agent must connect to the proxy era, 10.100.8.67, in the tracelog of the proxy era we see that it was connected today: 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Socket accepted. Remote ip address: 10.0.4.166 remote port: 39530 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Resolving ip address: 10.0.4.166 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Receiving ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Successfully received ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread 1c0c]: Socket connection (isClientConnection: 0) established for id 7395636 -------------------------------------------------- ----------------------------- Here I leave a part of the tracelog of the team 10.0.4.166 that has drawbacks to appear in the console: 2017-04-25 17:03:38 Error: CReplicationModule [Thread 1bd8]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:04:38 Error: CReplicationModule [Thread b68]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:05:38 Error: CReplicationModule [Thread 12ec]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:06:16 Warning: NetworkModule [Thread a78]: The connection will be closed due to timeout. SessionId: 116 Ip address: 10.100.8.67 Port: 2222 Resolved name: 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Stopping replication scenario due to network connection close (scenario type: Regular, scenario status: Running) 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Failure of scenario (type = Regular, task_id = '00000000-0000-0000-7005-000000000001', link = 'Automatic replication (REGULAR) '(00000000-0000-0000-0000-0000-0000-0000-0000-000000000001), current_step = Transmitting [DataLogsImportant], current_step_phase = Transmitting, remote_peer = host: "10.100.8.67" port: 2222, remote_peer_type = 2, remote_peer_id = 0c53eb7c-016b-483a-8964 -be9853cb2052, remote_realm_id = 6f00364c-91d8-4993-bbac-354fa1d455f2) 2017-04-25 17:06:16 Error: NetworkModule [Thread 13cc]: User context does not exist for id 116
  17. I've fixed issue by renaming `/Applications/ESET Remote Administrator Agent.app` into something like `/Applications/ESET Remote Administrator Agent.app_bad` and then running `EraAgentInstaller.sh` twice. Running with -x is useless, as it clearly visible, that error comes from the `echo "Installing package '$local_mount/$local_pkg':" && sudo -S installer -pkg "$local_mount/$local_pkg" -target /` line in the `EraAgentInstaller.sh`
  18. Could you please re-run installation with sudo bash -x EraAgentInstaller.sh so that all commands performed during installation are visible? Errors does not make sens, for example file /tmp/postflight.plist should have been created even before installation itself. Agent is also not starting because of missing files...
  19. If you have already Endpoint v6 installed, install or deploy ERA and then use it to deploy ERA agent remotely on those machines.
  20. Check out this thread at bleepingcomputer.com : https://www.bleepingcomputer.com/forums/t/636865/nemesis-ransomware-support-help-topic/page-3?hl= onion Looks like a new version of Nemesis ransomware. Bleepingcomputer folks might be able to come up with a decrypter for it soon. If the ransomware encrypted .exe files is the system useable at all? -EDIT- You can also try to use the existing decryptor which might or might not work on the variant that nailed you. You can get instructions on use and download it from here: https://decrypter.emsisoft.com/cry9
  21. In our testlab, we would like to see if it is possible to implement ERA into an existing environment with local ESET installations. We have a couple of sites where ESET is installed locally in domain-joined desktops and laptops. But there is NO control about the status of the local installations. Is it possible to implement an ERA server and migratie all local installations of ESET into ERA? We do not want to physically access the desktops, all has to be remotely. Anyone done this before? What are the pitfalls? Is it possible? Regards, Bart
  22. Understood and heard. However, it is easier said than done in 7,500 client environment having to go through our Engineering teams and Change Management. That part is in progress. The clients are in fact no longer activated. It is possible they were left offline for an extended period of time and ELA deactivated them after 180 days, which is what I have it set to. However, the status showing in ERA is that the definitions are out of date, which is true because the clients are not activated. However, the status of the machine not being activated is not being reported, but is apparent when directly accessing the machine.
  23. by standalone, i mean a PC not connected to eras, but has internet. we often save sets of such settings files for import into user's computers as per requirement who are outside the office, and may never connect to office eras. in v5 we could create and modify such settings files using the config editor.
  24. have a win 7 SP1 system infected with following ransomware : file extensions appended with labels like .id_1662011887_2irbar3mjvbap6gt.onion.to._ exe files, documents, txt files are all affected. attached is a sample files compressed folder, containing few affected files, sysinspector report, and log collector data. password - infected. looking for help. sample files.zip
  25. Hi everyone, I tried to install "eset_sysrescue_live_creator_enu". 1) When I try to burn it on CD a message pops up telling me to insert an empty CD (although one is in the drive). Only "Cancel" works and that ends it. 2) When I try to burn it on a USB-stick (32 GB, freshly formatted) the process starts, the data are downloaded - and then the installation ends with the message: "ESET SysRescue failed to create". Only "Close" is left and that ends it. What do I have to do, to use "SysRescue"? Thanks in advance Alf
  26. I'm not sure that the notification behavior has changed, I would have to ask. The typical behavior is that the notifications begin at 14 days. See http://support.eset.com/kb2248/#Yellow "License is expiring in 14 days: Your Protection status icon will turn yellow when your license has 14 days remaining or fewer before it expires." Either wait a couple of days to check, or maybe the user disabled the notifications for license expiration, under Advanced setup > User interface > Statuses > Application statuses > General > License expired...
  1. Load more activity