Jump to content

Matus

Former ESET Employees
  • Posts

    67
  • Joined

  • Last visited

Posts posted by Matus

  1. Hi guys. We're very sorry for the inconvenience. We'll surely adjust a tooltip. To your question, why suddenly it starts to appear is that we've added a new message in case license is not available and it was implemented in current AV module 1548. In next version 1549 we'll also provide a more specific description of the error in computer details > alerts. Also, we've adjusted behavior in an environment with ESET proxy, so in case you have licensed EDTD and you experienced some issues, it should much better.

    Thank you for understanding and we're really sorry for inconveniences. 

  2. Hi Guys,

    if there is a portion of endpoints which reports some error message please check, if a particular endpoint has EDTD license. Go into ESMC Computers > Show details

    image.png

    If you don't have it, for such endpoints you'll need to do a new activation task. We've started to show proper information via module update, that why it's sudden. We're also working on a way how to add such endpoints into Dynamic Group in ESMC so some "join dynamic group trigger" or recurrent activation task can be planned. 

  3. Hi Brandobot,

    you can find logs from installation in /var/log/install.log, however, please know that there is more information than just log from ESET products. I'd strongly recommend contacting support directly - https://www.eset.com/us/support/contact/?intcmp=btn-support-request#/business-support/install-activate-endpoint-product/install-endpoint

    Thank you

  4. On 1/16/2019 at 5:59 PM, ejmorrow said:

    Exclusions would work for us, but they don't appear to be working?  I added "/root/*" to the exclusion list.  Checked /etc/opt/eset/esets/esets.cfg and found "av_exclude = "/root/*::".  Seems correct going off the main pages for esets.cfg.  Restarted the esets_daemon (Not sure if necessary).  
    
    Ran: /opt/eset/esets/sbin/esets_scan /root
    Summary of scan: 
         Total: files - 1399, objects 4694

    Thought maybe it wasn't really scanning but counting.  So performed an strace and it's indeed opening files to scan them.

    Hi EJ,

    It works a little weird due to architecture which is solved in v7. Let me explain.

    By executing OD scan in webGUI or command line "esets_scan", settings from product (esets.cfg) (or ERA policy) are not applied. You'll need to use parameters (check -h). In such case, please use following task:

    sudo /opt/eset/esets/sbin/esets_scan --exclude="/root" /root

    executing scan from ERA uses utility /opt/eset/esets/lib/esets_sci which is checking esets.cfg file and in such case it'll exclude what is defined. This is however not usable much for executing via command line as you get no output into console when you use esets_sci

    Does it make sense for you? 

  5. Unfortunately there is nothing smart... as smart I mean that it'll detect automatically what is local drive and what is shared mount. In such case only option (v4.5.x) is to do an exclusion - in ERA/ESMC policy > Antivirus > Exclusions > Files and folders to be excluded from scanning :set there mount points of shared drives. Hopefully if you have multiple servers, they're mounted on the same spot so one policy can solve that issue for all. 

    We're very sorry for inconvenience.

  6. Hi Vqhuy,

    as vShield is End of Life (https://kb.vmware.com/s/article/2144733), I'd advise you to deploy VMware NSX (only part responsible for AV which is free, not networking stuff). In such case, please find compatibility list here: 

    https://www.vmware.com/resources/compatibility/search.php?deviceCategory=security&details=1&partner=611&page=1&display_interval=10&sortColumn= &sortOrder=

    What you're interested in Guest Introspection (successor to vShield) with documentation available here: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-049EF8ED-224C-4CAF-B6E7-1CD063CCD462.html

    Long story short, you can deploy newest NSX on vCenter 6.5 with ESXi 6.0 and it'll run fine.

  7. Hi da_yoshman,

    There should be no negative impact in case latency to ESLC is in acceptable numbers. 

    Unfortunately, it's not possible to say how much impact did Cache brought to you. All connected endpoints did 160.000 requests to Cache for the result, however, it's not clear how many of them received a valid result of a scan. In case you've same files which are not whitelisted, it could bring benefit. However, it might happen that there are stored scan results of files which don't exist on other computers, so these results did not provide any benefit to other computers. 

  8. Hi Matthew, Please could you submit all logs to support team for further investigation? Have you enabled "Live Grid Feedback system" when installed directly or "Submit anonymous statistics" in ERA/ESMC policy? This would send us crash logs immediately once it happens.

    Thank you

     

  9. Hi Davidenco,

    XenServer is officially not supported nor tested on regarding .ova, only VMware infrastructure. Unfortunately, it's currently not planned to include support for XenServer, but we'll add it to our Customer Wishlist.

    For such usecase, I'd recommend to install ESLC as a standalone component on CentOS, where you get full control over everything. 

    Thank you for understanding and sorry for inconveniences.

  10. Hi davidenco,

    The appliance is closed without access to the shell. In case it doesn't fit you, it's possible to download standalone installation file: https://www.eset.com/int/business/server-antivirus/shared-local-cache/download/#installer-package and install everything by yourself with all the management benefits.

    If you want to update existing VMtools, which are already included in ESLC, please do an update of the operating system via appliance UI. New VMware tools will be downloaded from VMware YUM repository.

    Thank you

  11. Hi DarylI,

    thank you for your answer. I got a better picture now so I can provide a more relevant answer.

    First of all, unfortunately, a current version of ESET Remote Administrator doesn't handle non-persistent VDIs very good. In case the new machine is created, it'll appear as new machine and it's not linked with old one. This is something which is already in progress and will be fixed in next version of ESET Remote Administrator (ERA) in the middle of the year. 

    Another thing is, that 50,000 VDs at the same time is too much for Virtual Agent Host (VAH) component, which responsibility is to connect ESET Remote Administrator with VMs. All virtual machines would be protected without any issues, however in case of assigning new policy, creating new tasks or transfers of logs fro VMs to ERA would be very slow. It would be great if there would be multiple VAH components deployed, but current limitation is 1 VAH per 1 NSX Manager and VMware limits is 1 NSX Manager to 1 vCenter.

    In case you'd manage this infrastructure with multiple vCenters where you'd have deployed multiple NSX Managers, you could have multiple VAH components. From our tests it seems that 20,000 VMs is max which VAH is able to handle and personally I'd recommend lower number. ESET Remote Administrator can however handle 50,000 machines without any issues (you'll need however appropriate HW on that server, see links above).

    In case of further questions, do not hesitate to contact me.

    Thank you very much.

  12. Hi Daryll,

    thank you for your answer. Regard ESET Remote Administrator, for detail sizing of ESET Remote Administrator, please check our documentation:

    ESET Remote Administrator does not support clustering for the case you have described. For such installation, ERA Proxy should be used, and then reporting to one centralized server.

    Regarding ESET Virtualization Security for VMware, we're currently evaluating your scale. Are you willing to deploy VMware agent-less protection, not standard ESET Endpoint, right?

    Can you tell us, whether those VDIs are persistent or non-persistent? 

    Thank you very much.

  13. Hi Randy,

    did you follow precisely manual for installation: http://help.eset.com/evs_nsx/16/en-US/installation_nsx.htm ... and I mean really precisely?

    What exactly do you mean with "upload NSX"? 

    How customize template is after uploading NSX?

     

    Flow should be:

    1. assuming VMware NSX manager and everything is configured
    2. download and deploy evs_nsx.ova ... during this process, you'll customize template ( https://download.eset.com/com/eset/apps/business/evsa/nsx/latest/evs_nsx.ova )
    3. connect to deployed template and choose "register to NSX manager"
    4. go to VMware vCenter > Networking & Security > Installation > Service Deployment > Add ESET Service (Virtualization Security Appliance)

    Please inform me if that helps.

    Thank you very much

  14. Hi Hungtt,

    In current version we're officially compatible with NSX 6.2. You can find list of supported OS here:

    https://pubs.vmware.com/NSX-62/index.jsp#com.vmware.nsx.admin.doc/GUID-D04D1521-8EBC-449F-AD57-EF829075A25D.html

    With next update, we'll introduce support of NSX 6.3 and list can be found here: https://pubs.vmware.com/nsx-63/index.jsp#com.vmware.nsx.admin.doc/GUID-D04D1521-8EBC-449F-AD57-EF829075A25D.html

    We're working on Linux OS support in same update. List of supported Linux OS is available here: https://pubs.vmware.com/nsx-63/index.jsp#com.vmware.nsx.admin.doc/GUID-636788A7-BB64-483A-A48D-4E62B3AFC0C8.html

    Thanks!

×
×
  • Create New...