-
Posts
36,872 -
Joined
-
Last visited
-
Days Won
1,464
Posts posted by Marcos
-
-
-
Just to make sure, are you deploying the latest version of Endpoint 7.1.2045 ?
Do you have the proxy server enabled and configured properly here?
Note that if connection through the proxy fails for whatever reason, the product attempts to connect directly by default. You can try disabling direct connection in case of proxy connection failures and see if the product connects even then directly.
-
Quote
it seems to happen only when ekrn.exe starts sending data
Please clarify what you mean by "ekrn starts sending data". What kind of data? Do you have any logs or screen shots for clarification? Do you use a high speed (1/10 GB) connection?
Does switching to pre-release update channel in the advanced update setup make a difference? If possible, could you temporarily uninstall ESET Internet Security and install ESET NOD32 Antivirus and check if you can reproduce the issue with it?
-
The log must be from time when ESET was supposed to update but it didn't. So leave logging on and only after reproducing the issue disable it and gather logs with ESET Log Collector.
-
5 minutes ago, slarkins said:
i enabled the update engine logging...how do i gather logs with ESET Log Collector? i never used that tool
Check the FAQ section at the right-hand side of this forum or the link in my signature.
-
Please generate an advanced update engine log and gather logs with ELC as advised above. The log should shed more light into it.
-
ESMC doesn't create a mirror. Do you mean than HTTP Proxy is installed on the same machine as the ESMC server and workstations connect through it to ESET's update server ?
-
10 minutes ago, JustWantingBasicHelp said:
Followup question, if a device doesn't check in with ESMC after a certain time period will it un-license itself or anything? E.g. if it was away from site 1 for 3 months would it no longer update itself?
If so, can this time limit be defined in ESMC?
This could happen only if you have a server task "Delete not connecting computers" created:
-
Does EFSW v7 update from ESET's servers or from a mirror? If from ESET's servers, does it connect through an http proxy or directly?
Please enable advanced update engine logging in the advanced setup -> Tools -> Diagnostics, reproduce the issue, disable logging and gather logs with ESET Log Collector. When done, upload the generated archive here.
-
Please raise a ticket for your local customer care.
-
8 hours ago, Camilo Diaz said:
We had the same issue and have downgraded EFS to 6.5.12010.0. Will stay in that version until the problem is fixed.
It's not a problem. The only reason why it occurs with v7 is that older version didn't support protected service, a security feature of Windows. In v7 it's possible to disable protected service at the cost of worsening protection, however, it wouldn't be worse than with v6.5 which didn't support it yet. With v7 you get also ransomware shield which can proactively protect the server from encryption by ransomware.
-
13 minutes ago, jetspeedz said:
but those numbers are close if not better than v4.
Well, not really close to v4
-
-
V12 uses less memory than v7 because it uses dll modules as opposed to binary dat modules. Also it uses an egui proxy to save additional memory otherwise used by gui which is not needed most of the time.
As it's been said, v7 reached end of life in 2017 and technical support is no longer provided for it. What's more, it can stop updating modules at any time which would cause new threats to be not recognized. We strongly recommend upgrading to the latest version.
-
13 hours ago, cmit said:
Does the Scan function (In-Depth) scan more areas when EDTD is enabled vs no EDTD?
EDTD is not meant to scan more areas. With EDTD, suspicious files are actually run in a sandbox environment and the similarity with malware is also evaluated by Augur, the machine learning system. That said, EDTD improves detection capabilities in case when new malware would not be normally detected on clients.
QuoteI have also noticed that after the EDTD is enabled for our workstations, it takes 1.5 or double of time to complete the scheduled periodic in-depth scan.
EDTD has no effect on scan speed. EDTD analysis is performed independently of scans and the scanner doesn't wait for EDTD to respond either. I would say there's something else than EDTD that is causing the difference which would need to be investigated further.
-
@tommy456, do you use a supported email client (e.g. MS Outlook) and antispam? If so, could you try disabling the option below or address lists in the antispam setup and rebooting the machine and see if the issue goes away?
-
ESS v7 is very old, is not supported, lacks important security features, such as network attack protection and ransomware shield, suffers from old bugs, etc.
It reached EOL in Dec 2017. Besides no technical support, EOL also means that we can stop issuing module and engine updates at any time without prior notice.
-
Please do the following:
- disable SSL filtering in the advanced setup
- reboot the machine
- without launching any application, re-enable SSL filtering and click OK
- launch your email client and receive email. -
Exactly, that's what I was suggesting - to set up an IDS exception:
-
ESET only notifies you about machines with duplicate IP addresses in the network. You can enable advanced network protection logging in the advanced setup -> tools -> diagnostics, reproduce the detection, then disable logging, gather logs with ESET Log Collector and provide me with the generated archive. I will then post a screen shot from Wireshark that will show different MAC addresses reported in ARP responses from a particular IP address(es).
If you don't want to create any exclusions, you should ensure that only one MAC address is reported from a particular IP address.
-
You can only decide whether to be notified about duplicate IP addresses or not. There's no other third option.
It is NOT a false positive. As I wrote, you should be able to see duplicate addresses even in Wireshark so it has absolutely nothing to do with ESET.
-
It is not possible to delete records from logs manually. You can use filters to display / hide resolved threats or shorten the interval for database cleanup:
-
In order to send a private message to someone, just hover the mouse cursor over his or her nick and click Message:
-
Records in logs are cleaned automatically after some time that is defined in the ESMC Server setup. For threats it's 6 months.
Attempt to add root cert. Failed
in ESET Internet Security & ESET Smart Security Premium
Posted
Please gather logs with ESET Log Collector and provide me with the generated archive. Couldn't it be that you have 2 versions of Firefox installed? E.g. 32-bit and 64-bit? Isn't it a portable version?