Marcos
-
Posts
36,320 -
Joined
-
Last visited
-
Days Won
1,444
Posts posted by Marcos
-
-
Did the issue manifest when copying files between two Windows 10 workstations? What exact version of Endpoint was installed on the machines? The latest one is 7.1.2045. Did you use default Endpoint settings? What type of files did you copy? Was it mainly binaries (executables, dlls, ...) or documents, multimedia files, etc?
Endpoint v7.1 is based on the latest v12 so there should be basically no difference in terms of performance. Could you reproduce the issue and provide the following stuff from both ones?
- ELC logs
- aligned Procmon logs from the time of issue reproduction (should be generated on both machines at the same time when the issue occurs)Also try pausing real-time protection on either machine and let us know when the issue disappears.
-
I'd suggest repeating the test again, ie. uninstall EIS and try to reproduce the error.
If the error goes away and returns after installing EIS from scratch, try the following, one at a time and then check if the issue is gone:
- disable webcam protection integration in the advanced setup
- start Windows in safe mode, rename C:\Program Files\ESET\ESET Security\Drivers to C:\Program Files\ESET\ESET Security\Drivers_bak
- rename the following drivers in safe mode, one at a time:
1, C:\Windows\System32\drivers\eamonm.sys
2, C:\Windows\System32\drivers\ehdrv.sysAt the very end of the test, remember to rename C:\Program Files\ESET\ESET Security\Drivers_bak back to C:\Program Files\ESET\ESET Security\Drivers in safe mode.
-
Then try renaming "C:\Program Files\ESET\ESET Security\ekrnEpfw.dll" in safe mode.
Did the problem manifest with ESET NOD32 Antivirus too?
-
Do you have the "DigiCert High Assurance EV Root CA" certificate in the Trusted root CA certificate store?
It appears that ESET didn't perform SSL interception in that case. Can you confirm that temporarily disabling protocol filtering in the advanced setup doesn't make any difference?
-
In case of problems with purchase, please find contact information at https://www.eset.com/me/about/contact/.
-
Is access to the website blocked only in Chrome? Also if you run it without extensions? Or when you visit a specific website?
-
Please contact ESET ME that sells ESET in your region through https://www.eset.com/me/.
-
I don't think that prices have changed since last year.
Did you compare the price for the same product and period? How many devices do you have? Do you need a license for various operating systems or just for Windows or Mac?
E.g. a multi-device license for 3 devices and for 2 years costs $109,99:
A license for ESET Internet Security for 1 device and for 1 years costs $49,90:
-
The problem seems to be that two versions of agent were detected:
PROPERTY CHANGE: Modifying WIX_UPGRADE_DETECTED property. Its current value is '{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}'. Its new value: '{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4};{94FB5797-B020-44BC-BCAB-DBB35366B9B0}'.
{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4} is a GUID of 6.5.522.0
{94FB5797-B020-44BC-BCAB-DBB35366B9B0} is a GUID of 6.4.283.0Did you deploy both via GPO or how? Is either one currently installed?
-
You can accomplish this by enabling advanced security in the ESMC server setup and re-regenerating CA and peer certificates.
-
Did you order the license through your local ESET distributor at https://www.eset.com/ph/ ? If so, please contact him. At least I was unable to find any license registered to your forum's registration email address but that can be obviously different that the registration email of your license.
-
Please log in to my.eset.com, open the License manager and remove seats that are no longer used.
Did you buy the license through https://www.eset.com/bg/ ?
-
Agent upgrade ended because a newer version was detected:
A newer version of ESET Remote Administrator Agent is already installed. The installation will be aborted.When installing the latest agent manually, run the msi with the "/lvx* install.log" parameter and provide install.log.
-
Please post the whole re-upgrade-agent.log since the log above is truncated and contains only last records from the log that are not helpful for troubleshooting the issue.
-
Could you please post C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\trace.log after upgrade? Also I recall there should be an install log created in the temp folder which might shed more light. Other mods should be able to provide the exact name.
-
A recommended way of upgrading agent is by sending a SMC component upgrade task to clients. Did you try that?
-
Try disabling the firewall in the advanced setup.
-
Quote
When the game loading an online session, the game crashing with code 0xc0000005, and exit. It occurs also when I disabled the firewall, and other modules. But if only NOD32 is installed, I can play online without any problem.
There's basically no difference between EIS and EAV than firewall that could affect the game somehow. By disabling the firewall you mean disabling it in the advanced setup or pausing it in gui?
-
Then enable advanced operating system logging in the advanced setup -> tools -> diagnostics, reproduce the problem, disable logging and then provide C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl.
What else could help us:
- ELC logs
- A Procmon log from time when the issue is manifesting (we recommend temporarily disabling protected service in the HIPS setup and rebooting the machine first) -
Does pausing real-time protection make a difference? Is Windows Defender not running when ESET's real-time protection is active?
-
Please refer to https://forum.eset.com/topic/19223-cve-2017-5638struts2-being-reported-on-server-without-apache2-or-java/. Detected means that it was also blocked. What you can do is block remote IP addresses from which the attack attempt was performed on a firewall.
-
5 minutes ago, xMRi said:
Is there a way to define the default log creation without creating my own task?
I don't think so. ELC logs are intended for customer care and it is important to get logs for a longer period. 30 days is the default value used by ELC.
-
There's nothing special in the log, it's obviously a connection issue:
Property(C): P_BAD_USER_INPUT = It is not possible to connect to the ESET Remote Administrator Server.
Property(C): P_SERVER_CONNECTION_STATUS = CONNECTION_ERRORPlease provide Procmon pcap logs, one from the client and one from the server, created during installation of the ERA Agent on the client.
Also I would highly recommend upgrading ERA to ESMC as soon as possible. If you don't use ERA Proxy and agent connects to the ERA Server directly, just back up the db, ERA configuration and certificates and then send an ERA component upgrade task to the server and clients. For detailed instructions, please read https://support.eset.com/kb6819/.
-
11 minutes ago, MorrisGR said:
No, please don't follow the instructions there. SSL filtering should never be disabled unless advised by customer care as a last resort.
Web Control
in ESET Endpoint Products
Posted
You can accomplish it as follows:
1, Define a time slot under Tools:
2, Create a Web Control permissive rule for "www.facebook.com" and select the time slot that you've previously created:
3, In the SSL/TLS filtering setup disable the option to exclude communication with trusted domains so that the Facebook communication is filtered as well: