sanjay mehta

that is my exact question. been trying to edit device control rules for a PC in a nested group, and then we have the option to set this to "replace' or "prepend" or "append" from previous merged policies. the description in help file is a bit confusing. can someone simplify it for me as to how it works ?

in my case, today, i simply solved the issue by upgrading eset endpoint on the computer to the latest version & the problem is gone ! unfortunately, for us, we may not see any acknowledgement of the issue from eset, why it happened, & what got it corrected, but the fact is now it stands solved in our case, and so there is no point in pursuing the matter, with the hope that it does not repeat in future. thanks all, for your time.

my client facing this problem since past few days. perhaps an eset update did this ? because earlier this was not there. now all of a sudden few windows 7 PCs with SP1 facing this issue. BTW, i saw this happen on a win 10 machine also in the same network, but then uninstalling eset, restart & then reinstall solved the problem on win10. however this does not work on windows 7 machines. also note that not all windows 7 machines are effected. only some. uninstalling eset removes the problem. note : checked the security tab properties for both c drive & d drive and it shows proper user and permissions. after reinstalling eset, the d drive is once again blocked. & if you check the properties of c drive security tab, it is normal, but d drive security tab is now not seen - screen shot enclosed. all pcs are networked & using the latest version of eset protect to administer. think i will have to whitelist such d drives for the moment.

finally figured out the way to uninstall. took some help from linux mint forum also. the installation folder /opt/eset/RemoteAdministrator/Agent had a setup folder which had a uninstall.sh file and that did my job. sw removed completely. but i guess, eset should provide instructions to do this. i could not find way to uninstall the agent on website. not everyone is a linux expert. neither am i.

i have installed eset agent software using live agent installer .sh script file on linux mint debian edition (LMDE). the installation was quick & can now see few processes with the name eraagent on the system. this was done for testing purposes & now i wish to uninstall the same, but do not know how to do it. cannot see the application listed in the installed software, so i ran the command ./PROTECTAgentInstaller.sh -uninstall but this only reinstalls the sw. need urgent help to remove it.

the world is rocked by the horrifying news of how despotic authoritarian governments and their agencies have used the spyware pegasus made by NSO from israel to intrude the phones & privacy of journalists/opposition leaders/judges/activists etc. from all accounts, it is now becoming clear that the two primary operating systems on phones, android & ios by google & apple have intentional backdoors disguised as security bugs to allow the security agencies to snoop into any smart phone worldwide. my question is, as a responsible antivirus vendor, will eset ever be able to protect the users from such illegal intrusions ? is it ever possible, considering that the OS itself has been laid bare to such intrusions by incorporating "security bugs". phones, especially the smart phones are are no longer secure, but the stunning silence of all AV vendors is even more cause for concern.

i would personally be more inclined to have debian as the base, but eset would know better.

just curious to know what happens to eset protect VA. will it continue to be based on centos ? can we trust the centos updates to be applied to the VA ?

when the OS is win7, we hv endpoint ver 6.5 or 6.6 installed, not the latest version 7.3. the problem obviously is with the current agent not able to upgrade any previous version of agent properly. this is frustrating. how do i uninstall the previous version of agents in all the machines ? esmc works to install or uninstall sw only on connected machines. server task to deploy agent fails as explained above. even running AIO with latest ver of agent & 6.6 ver of endpoint (for win7) fails. considering the need to manually uninstall all sw, use safemode utility eset uninstaller, if normal uninstall fails in older machines, which it often does, restart, apply windows patches, then run the AIO installer with older endpoint 6.6. all this hugely increases the time to deploy sw on existing win7 machines.

trying to install agent through the esmc server as a server task. the esmc server is the latest version available as appliance for hyper v. client machines have windows 7 or 10 generally, the clients have previous version of agent (not removed) connecting to some other remote administrator server (which is now removed from network), so now the need is to connect to the new esmc server. in some case i get the report that the task is executed successfully but on client same old version of agent shows & does not connect to new esmc server. so i manually uninstall the agent & then run the task on server again, shows up some error, but agent is actually installed and client connects to server also. lastly i tried pushing it to a windows 10 client with the previous version of agent uninstalled, the error report is attached. all this is so unpredictable and weird. surprised why the esmc server should still have so many issues. Agent Deployment tasks information in last 30 days.pdf

few suggestions : 1. description : download of all in one installer files should run in the background, and allow user to attend other tasks. detail : once the AIO installer file download is started, often it takes up long time & warns about not closing the window otherwise the download is aborted. instead let the user start the download and close the window. the download shd proceed as background process. 2. description : rename the downloaded AIO installer as per the given name to the installer instead of the generic name like ESMC_Installer_x64_en_US. optionally you can give the option to rename the files based on ver of agent & security file selected.

simply backing up & restoring the database may not work, because the installation calls for configuring while installing. may not match with the database/name/machine/IP/proxy/license/certificate. we need a utility that walks the user through each step, or takes care of the config job by itself, ensuring the final installed server replaces the old server and all client machines connect & start reporting to the RAS.

one of my client using eset on 200 PCs with ERAS badly infected by jaff ransomware. the infection was noticed on a NAS drive which was shared as a drive on few PCs. today all the PCs having the NAS disk drive as a share are down. eset is installed on all computers. matter urgent & very serious. any help will be appreciated.

import / export of config files exists in sw GUI in the setup tab, as it used to in previous versions. how is use of ecmd.exe different to this ?

exporting a policy as configuration may not help completely, because a single PC may have a set of different policies applied at the same time. the need is to export the sum of all policies applicable on any computer, which is the config for that PC.

thanks @Shaival guess, now i have enough info.

thanks @bbahes and @Marcos for the info. but can i have a point wise listing of all the main points as to why and how upgrading from v5 to v6 helps ? point wise listing makes the info easy to grasp.

interested to know specifically what are the key benefits of migrating from v5 era to v6. tried searching the site, but could not find any document. would like to know what are the key differences technology wise, and how & what all benefits ensues by migration from v5 to v6. can anybody help ? get this question very frequently.

need to understand this in more details before it sinks in . shall revert in some time.

@Gonzalo there exists an option to import & export settings on the software, which is still useful for installations without era or which don't have access to era. @MichalJ that's the way it is expected to be & should be.

enforcing a policy dynamically is not an option, because the user leaves the network for good & is not going to return immediately. one cannot apply restrictions for connected computers & remove the restrictions if they are not connected. would it not be dangerous ? my discussion is limited to computer that is removed permanently from the network. agree that removing the agent must unblock all the settings. seems logical. that is how it should be.

by standalone, i mean a PC not connected to eras, but has internet. we often save sets of such settings files for import into user's computers as per requirement who are outside the office, and may never connect to office eras. in v5 we could create and modify such settings files using the config editor.

have a win 7 SP1 system infected with following ransomware : file extensions appended with labels like .id_1662011887_2irbar3mjvbap6gt.onion.to._ exe files, documents, txt files are all affected. attached is a sample files compressed folder, containing few affected files, sysinspector report, and log collector data. password - infected. looking for help. sample files.zip

reply by hungtt answers yr queries. the need is to revert to default settings for an installation, without having to uninstall & reinstall the sw. this shd be possible without the presence of agent (which has been uninstalled already) & access to eras. an offline tool or a password to revert status to standalone or "unmanaged" can do the job.

creating config xml files for import into standalone systems