Jump to content


ESET Staff
  • Content Count

  • Joined

  • Last visited

Posts posted by Matus

  1. Hi fascik,

    there was a problematic update of a module, which was fixed within few hours. However it seems that EVS machine some did not recovered from that.

    From Installation and Upgrade > Service Deployment if you erase EVS and then re-add, it'll work. I'm not sure right now if there is some less intrusive way of fixing:(

    However, thanks to vCenter it'll redeploy within a minutes and will work fine after that.


  2. @khalis711, I'd kindly ask you to elaborate more regarding following problem: "this setup also slows down my internet connection speed during download by huge margins."

    Can you please, for example, do a speedtest on https://www.speedtest.net/ with Proxy disconnected and with connected and paste here a screenshots? Or any other way how can we understand those huge margins? 

    We do scan http network traffic for malware. As you explicitly allowing us as a Proxy, we can discuss if it's unknowingly or not. This is however a way how every anti malware solution have to work on Big Sur if he wants to scan network traffic for malware. Of course, you can disable Web Access Protection in settings and disable Proxy to feel saver. We can assure you, we do not have other interest than keeping you save by looking for malware. We do not sell personal information or gather private details about our users other than necessary to protect you in a better way. 

  3. Hi Guys,

    we're working on adding support for RHEL 8 and Suse Linux Enterprise Desktop (SLED) 15.

    What is means is, that we're actively testing our product on those distributions and we're fixing bugs occured on those systems. It might happen that on other distribution the product will work, but it'll not be officially tested and in case of bugs specific for that system, fix is not guaranteed. There are just too many distributions and we're not capable of supporting everything. 

    Thank you for understanding


  4. Hello,

    Listed below are package dependencies. However, each of those dependencies can have its own dependencies on particular distro. Unfortunately, we don't have such a list of really master dependencies (dependencies of our dependencies).

    I'm sorry. Also, list of officially supported distributions is not that big. Therefore if you have really diverse environment outside of supported list, you may experience issues which we may not fix.


    • /bin/sh
    • /etc/cron.d
    • /usr/bin/crontab
    • gcc
    • kernel-devel
    • make
    • perl
    • rpmlib(CompressedFileNames) <= 3.0.4-1
    • rpmlib(PayloadFilesHavePrefix) <= 4.0-1



    • Depends: gcc, make, perl, linux-headers-generic | linux-headers-amd64, libelf-dev | libelf-devel | elfutils-libelf-devel, libudev1, cron | cronie | systemd-cron
  5. Hello KPS,

    hashes of malicious files are shared via LiveGrid Reputation System or other mechanism mentioned above as Marcos wrote. Please don't forget, that if you're the first with a new malware and you would not upload anything to ESET and non of detection layers on the endpoint itself would detect it, you get infected. That's why EDTD works only with when files are sent. Otherwise it's almost the same as LiveGris...

    Also, EDTD analysis can result in file being suspicious or highly suspicious... for Endpoint, it looks clean so far. For LiveGrid it looks clean as well. However, with EDTD, you can set a sensitivity to block also files with such result. 

  6. Hi guys,

    to question no.1, which is probably solved anyway, here is a guidance:


    To question about CLI:

    1. To receive module updates, product have to be activated (CLI, ESMC, WebGUI).
    2.  When you initiate an update, you get a message that product is not activated (if it's not activated), other

       server:~$ sudo /opt/eset/efs/bin/upd -u
       Product is not activated.

    Otherwise you get following:

       server:~$ sudo /opt/eset/efs/bin/upd -u

       Update is not necessary - the installed modules are current.

    But yes, this could be solved better via some direct command on lic utility. We'll add that into the product.

  7. Hi Guys,

    this thing was identified as malicious, however, it's False Positive. We've added that to whitelist not to trigger, however, we're investigating what has happened, which system and why it was identified that as malicious. The issue will be fixed properly after that investigation.

    Anyway, for imagination if that would not be FP, then to your questions:

    Was it really a threat file that got deleted thanks to EDTD? - YES
    Would the ESET EndPoint Antivirus (without EDTD) still catch it? - No, it would not. Into EDTD are sent only files which Endpoint identified as clean, but "interesting" to further investigation

  8. On 3/7/2019 at 6:18 PM, hawkunsh said:

    I'd expect you to give a plausible explainaton to the circumstances described in my earlier posts. Your answers don't explain a) why only 1 out of 8 servers is affected and b) why the error suddenly goes away after awhile.

    Hi Hawkunsh,

    it's quite hard to say it just like that via forum, as we don't have any logs or other info, but in case you've a EDTD license and ESMC proxy, then:

    a, due to different replication times of servers to proxy and it seems that in exact time proxy wasn't available

    b, because there are healing methods during module updates period


    A & B will be improved in the next module update. If you however don't have EDTD license, such things should not happen and in such case I'd ask to contact support via official channel so they can troubleshoot that properly.

    Thank you very much

  9. Hi guys. We're very sorry for the inconvenience. We'll surely adjust a tooltip. To your question, why suddenly it starts to appear is that we've added a new message in case license is not available and it was implemented in current AV module 1548. In next version 1549 we'll also provide a more specific description of the error in computer details > alerts. Also, we've adjusted behavior in an environment with ESET proxy, so in case you have licensed EDTD and you experienced some issues, it should much better.

    Thank you for understanding and we're really sorry for inconveniences. 

  10. Hi Guys,

    if there is a portion of endpoints which reports some error message please check, if a particular endpoint has EDTD license. Go into ESMC Computers > Show details


    If you don't have it, for such endpoints you'll need to do a new activation task. We've started to show proper information via module update, that why it's sudden. We're also working on a way how to add such endpoints into Dynamic Group in ESMC so some "join dynamic group trigger" or recurrent activation task can be planned. 

  11. Hi Brandobot,

    you can find logs from installation in /var/log/install.log, however, please know that there is more information than just log from ESET products. I'd strongly recommend contacting support directly - https://www.eset.com/us/support/contact/?intcmp=btn-support-request#/business-support/install-activate-endpoint-product/install-endpoint

    Thank you

  12. On 1/16/2019 at 5:59 PM, ejmorrow said:

    Exclusions would work for us, but they don't appear to be working?  I added "/root/*" to the exclusion list.  Checked /etc/opt/eset/esets/esets.cfg and found "av_exclude = "/root/*::".  Seems correct going off the main pages for esets.cfg.  Restarted the esets_daemon (Not sure if necessary).  
    Ran: /opt/eset/esets/sbin/esets_scan /root
    Summary of scan: 
         Total: files - 1399, objects 4694

    Thought maybe it wasn't really scanning but counting.  So performed an strace and it's indeed opening files to scan them.

    Hi EJ,

    It works a little weird due to architecture which is solved in v7. Let me explain.

    By executing OD scan in webGUI or command line "esets_scan", settings from product (esets.cfg) (or ERA policy) are not applied. You'll need to use parameters (check -h). In such case, please use following task:

    sudo /opt/eset/esets/sbin/esets_scan --exclude="/root" /root

    executing scan from ERA uses utility /opt/eset/esets/lib/esets_sci which is checking esets.cfg file and in such case it'll exclude what is defined. This is however not usable much for executing via command line as you get no output into console when you use esets_sci

    Does it make sense for you? 

  13. Unfortunately there is nothing smart... as smart I mean that it'll detect automatically what is local drive and what is shared mount. In such case only option (v4.5.x) is to do an exclusion - in ERA/ESMC policy > Antivirus > Exclusions > Files and folders to be excluded from scanning :set there mount points of shared drives. Hopefully if you have multiple servers, they're mounted on the same spot so one policy can solve that issue for all. 

    We're very sorry for inconvenience.

  14. Hi Vqhuy,

    as vShield is End of Life (https://kb.vmware.com/s/article/2144733), I'd advise you to deploy VMware NSX (only part responsible for AV which is free, not networking stuff). In such case, please find compatibility list here: 

    https://www.vmware.com/resources/compatibility/search.php?deviceCategory=security&amp;details=1&amp;partner=611&amp;page=1&amp;display_interval=10&amp;sortColumn= &amp;sortOrder=

    What you're interested in Guest Introspection (successor to vShield) with documentation available here: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-049EF8ED-224C-4CAF-B6E7-1CD063CCD462.html

    Long story short, you can deploy newest NSX on vCenter 6.5 with ESXi 6.0 and it'll run fine.

  15. Hi da_yoshman,

    There should be no negative impact in case latency to ESLC is in acceptable numbers. 

    Unfortunately, it's not possible to say how much impact did Cache brought to you. All connected endpoints did 160.000 requests to Cache for the result, however, it's not clear how many of them received a valid result of a scan. In case you've same files which are not whitelisted, it could bring benefit. However, it might happen that there are stored scan results of files which don't exist on other computers, so these results did not provide any benefit to other computers. 

  • Create New...