Jump to content

Palps

Members
  • Posts

    39
  • Joined

  • Last visited

Everything posted by Palps

  1. Hi @MartinK, thanks a lot for your response! Haven't fully got it yet but figured out something working with your explanation about the "R" and the random delay interval. I have the following configured now: CRON: 0 R 8-18 ? * MON,TUE,WED,THU,FRI * Fires every hour, every weekday between 08am and 6pm at a random minute (at far as i got it right). Together with a 5m Random Delay Interval and the must have time-based throttling criteria to execute at most once per 15 minutes it's going slowly but steady. Assigned it to one of our dynamic groups, so that every client appearing in that group will get it (i know there is the "on group join"). Thanks for your support!
  2. Hi, we are in the progress of updating our environment to v9 (ESET Endpoint Antvirus & ESET Server Security). As most of our users are working via VPN from home I don't want to upgrade all 1200 clients at once so i had a look at throttling again (already haven't got it working some years ago). We have tried many combinations now, but the task does never run. It only shows as planned task. Can you help me configuring the following conditions: The task should run every 30 minutes, Monday - Friday between 08:00am and 6:00pm Only 50 clients should do the update at the same time. I have tried the following CRON and the following settings: 0 0,30 8-18 ? * MON,TUE,WED,THU,FRI * I don't get the time-based Criteria. Don't i specify the time-based Criteria already via the CRON job? Thanks a lot for your help Regards Palps
  3. Same here, I have done the upgrade from EEA 7.0.2100.4 to EEA 7.1.2045.5 via the integrated software installation task via the ESET Management Center Console. I think this was the first time ever, that an ESET upgrade was working without any issues or any additional troubleshooting/configuration for our 600 clients. Let's see what happens when a new EMA version is released.
  4. Hello, @T3chGuy007 I had the same issue for each update of the Agent version sind the beginning of v6. Every time I have contacted the support but they couldn't help. I have figured out, that the HIPS Module is blocking the deletion/stop of the process ERAAgent.exe and the service EraAgentSVC. So as a result the agent cannot be updated. Currently I am doing the upgrade to EMA 7.0.577.0 and EEA 7.0.2100.4. For this I have changed the default policy for all clients, so that HIPS is disabled but not shown as Critical on the device itself, so that the users are not getting confused. Then I am waiting until they have rebootet and trying to do the Agent update from time to time. As soon as HIPS is disabled and a reboot has been done, the Security Management Center Components Upgrade task is working like a charm because the process and the service is not secured by the HIPS anymore. I have figured this out by myself as the support was never able to help me. Currently we are considering to switch to another AV solution. (Disabled HIPS) (Change application statuses) (Disable to show the issues on the client)
  5. Hello, I just wanted to confirm Zoltans info. EEA 7.0.2100.4 is working without any issues. The versions before had the update issue. Regards
  6. Hi @Marcos, do you have any feedback regarding my logs which i had uploaded?
  7. Hi Marcos, sorry for my late reply. Please find the new logs attached. eea_logs.zip
  8. Please find the logs attached. I have sent you the password via PM. eea_logs.zip
  9. Okay, but with v6 i dont get this errors. Here some more screenshots. Since last wednesday (14.11.) i have the same situation: The icon in the taskbar is doing the "scanning rotation" (like a radar) and there is written "Module upgrade in progress..." Also ESET Endpoint antivirus is showing "Updating product..." but the last successfull update was 19/11/2018 accorting to the "Update-Section": But as shown in the logs it still has the bad link to update server issue and is not showing that the detection engine has succesfully been updated. With v6 all is running smooth. Thank you for your help.
  10. It's because the ESET Kernel Dedection engine is updating but Update module not. Between 14/11/ and 16/11/ the update icon was circling the whole time. Only after a reboot the detection engine is updated sometimes.
  11. Hello togehter, as many of us i am currently in the migration phase from v6 to v7. Our environment is running an ESET Proxy at each location. I have done the migration steps as described in this KB article. Everyhting went quite well, the main server has been upgraded to ESET Management Center, the proxys as well as the policies have been reconfigured and our agents have been upgraded. The issue is, that when it comes to the upgrade of ESET Endpoint Antivirus to v7, the client is not updating the modules anymore. It seems that the detection engine can be updated, but not the modules of Endpoint Antivirus. With Endpoint Version 6.6.... everything is working fine. Do i need to do some reconfiguration of the endpoint policies? They have been configured to use the proxy servers for upgrades. I can not find anything regarding the endpoint policies in the ESET KB, only for the agent policies. Current config, which is working with Endpoint Antivirus v6.6... but not with v7.0...: Thank you very much. Regards PALPS
  12. Hello again, i am stuck again. I think i know the cause why the msiexec method is not working anymore. It was working on all machines where the user is a local admin (we have this kind of setup for engineering and quality members) but it's not working for users with normal user permissions because it can't execute the *.msi without admin permissions. Do you know a solution how to run the msiexec with elevated rights? I have also tried the other option with the "Remote Administrator Components Update" task, but it failed with the error "ReadUpgradeStatus: Upgrade of Agent from version '6.4.283.0' to '6.5.522.0' failed. Unexpected updater service Win32ExitCode 0x435". Do you know something about it? I could not find anything on google. Thanks!
  13. Hi guys, you helped me a lot. I have to update the ERA Agent for about 500 devices. Previously I did the update with the script provided by @jimwillsher and @Phydeauxdawg but currently this is somehow not working anymore for me. Now I was searching for a way to update the agents and I personally never thought that this could be done with the "Remote Administrator Components Update" task. I have used this to update my server components but as @CMS already mentioned, I thought this task is server related and can not be used for the clients. I also think renaming the tasks somehow would help a lot. Thanks and regards!
  14. Thank you for your information. I checked our servers to do the steps you have mentioned above, but I couldn't find any HIPS message anymore. As it seems the issue has been resolved by itself. In the meantime I updated the agent and client versions via our ERA server, maybe this has solved the problem.
  15. Hi, just for information, we are still getting this messages, but as it seems there is no bad impact on any server functionality, so we forgot about it because there are more important topics. So until now every member who is accessing the servers just ignores the messages. I know that this is not the preferred solution but up to now the less time consuming.
  16. This solved the problem with the shadow copies. Thank you very much for your support!
  17. Thank you for your answer. Very appreciate it. I adapted the exceptions like you proposed. I will check tomorrow morning again if the threat was found again. I don't want to exclude the whole "beremote.exe" process because this is doing the backup and maybe it will detect some other threats also. We are using Symantec Backup Exec. The backup is running during the night and on the next morning I have the threat alerts on our client backup server due to the eicar test files reported by the real-time file system protection.
  18. Any information on this topic? I am still getting this warning.
  19. Hi again, unfortunately the Eicar test file is still reported. I have the following exceptions (applied by policy, screenshot from server) Do you have some additional ideas? Thanks!
  20. So I have to remove the exceptions, do an in-depth scan via the console and wait for the threats to disappear? That's quite complicated and uncomfortable. I think I wont use the preconfigured Active Threats report. Will create my own one and filter by "Threat resolved" yes or no. By the way, why can't I add a filter to the preconfigured Active Threats report to show only threats which are not marked as resolved? (Threat.Resolved = Yes/No). Don't see this option. By creating an own report, so not using the preconfigured one, I can choose this filter. Apart from that, thank you for your information.
  21. Okay, what happens if I added a path to the exceptions between the detection and the in-depth scan? Are they still displayed or will the threats disappear from the Active Threats list?
  22. Hi, I have exactly the same issue. We are currently enrolling ESET v6 and a lot of false positives are detected but some of them are shown in the "Active Threats" report. I don't want to run a full scan on this server because this is our client backup server with many TB of data so this takes very long. They are still displayed in the Active Threats report if I select "Mark as resolved". Is there a manual way to clean out the Active Threats report without running a full scan? Thanks!
  23. Thanks MichalJ for your answer. That's what I also already thought about. But I requested the configuration on the ERA of the affected client and the configuration is showing the exceptions. I also checked the configuration directly on the client and also there I could see the configured exceptions, so they are not overwritten by a lower policy. I will try the solution posted by Marcos before I configure the exceptions locally because we have many servers and I don't want to do all the configuration manually. This should work by policy. I will try to add the paths like you explained. Have to check tomorrow morning again if the threat occurred again. Thank you both for you fast support, appreciate it.
  24. 1) Yes it is possible, just look at my attachments. The trigger is pretty easy. Just create a software installation task and later on chose "Run on", select the dynamic groups and choose the "Joined dynamic group trigger" trigger. 2,3) We have also some small remote sides with only up to 5 people and slow VPN connections but the enrollment went quite well. The agent was distributed via our software deployment and the client via the automatic installation task of the dynamic groups. On the bigger remote sides I have installed an ERA Proxy. Unfortunately I don't know how the enrollment via GP is working and if the installation files are distributed from the local proxy or from the main ERA server. Maybe some ESET member can answer this question.
×
×
  • Create New...