Arakasi

What does it even matter if the private local ip address is tossed around ? The router address or external ip is the only thing that matters when it comes to home or client workstations. Your probably not getting a lot of answers because of your silly questions. Why dont you just call by phone to get your answers. The response time will be instant. Questions answered right away. This is also the general section of the forums which receives the least attention.

Try clearing stopping ERA server service, after disconnecting and closing console. Flush your dns cache and then reconnect to ERA / open console. See if that helps. Keep in mind the default search usually contains AD/LDAP query and Windows Network query at the same time to find clients. SO if you have any bad entries in active directory or in the windows network store, they will show up too. I recommend if you know the subnet and IP range of your entire network, to create a new search, input the ip range, and deploy using that search filter.

Hello Zurd, Try setting the ESET ERA Server service, to logon using domain level credentials, instead of local system account. Make sure those problematic clients have UAC turned completely off. Ensure those clients and/or the logon credentials used have full access to Admin$ share. Maybe that will help you get going. If not report back again.

Also confirm your update settings in your policy. If you created the mirror on your server it should be: hxxp://yourserver:2221 (default) Try RDP to client and manual update too see if any errors. Usually if the ERA has an error with updates, you might see the scenario you are stuck in. Try adding username and password back to ERA too.

In other words, don't use that link for updates or new versions of programs. Update through the program's interface. Update from the actual vendor website main index. hxxp://www.eset.com/us/download/ Update using ESET Remote Administrator Console, whether its version, or your mirror with definitions for your clients.

Windows XP expiration is doing that !!

I've been doing nothing but, patch patch patch, update, the last few days.

From a Developers standpoint, Most of the info you are rambling about will actually be used in variables. IP address , username, and county etc are always going to be dynamic, thus the world of variables comes into play for programmers. (SMH)

Sometimes it doesn't hurt to walk back through the basics .... Workstations didn't fall off the domain ? On Correct domain ? ( remove 1 client and add back, run gpudupdate force again ) ( boot client to safe mode, try running a cleanuptool, ESET has an Uninstaller, which will look for driver issues of other security products ) Permissions or ACL to share where msi is located is all good ? You have a gpo for wsus on your server ? Or you mean the gpo telling clients to update from wsus is not working ? No problem for the help. Hope you get it figured out.

You could try running HIPS in learning mode for an hour or so, and complete a lot of your daily activities, including restarting the computer once to catch login items. Then switch HIPS to interactive and you will have less prompts, and only on new objects will it pop up. Its a very tight setup though, you may switch back off again eventually if you don't get used to it.

Not, overkill. EMET is good for additional protection.

Hi, Could be that the clients are having errors during installation, which will cause the msi to roll back. Try manually installing on 1 workstation that would not complete the install via gpo. Could be driver conflict. What was previous security product ?

Hi hqsec I don't recommend disabling it, because you could end up in the scenario where your infected, and its a zero-day or script not seen by ESET or any vendors before, and with Live grid disabled, you will never receive help until someone else gets infected that is using Live grid. Live grid will send the data and samples to be looked at and investigated by the research team, then sent back to you ready to clean up your system. (In a very very short sense) Disabling it will not cripple or render your security software vulnerable. Just less features and more privatized for your data and malware situations.

Are you using windows firewall ? Or something different ? This issue may need to be handled over the phone and or with remote support for quicker resolution. We can continue to assist here too.

It could be that you changed the default port settings for updating. You can find that info in the Tools > Server Options > Update tab of the ERA console. You might need to do a reverse check from a client back to the server and make sure the connection is there.

First , thanks for your support and for helping ESET out. Most development environments will allow you to step through code. ie 1 line, 2 line, and so forth watching what happens. They should find it faster than you think. Sounds like Marcos is already using a fixed copy. Awesome

Awesome Idea ! This is true, you could deploy a vbs with keys and directories to delete forcefully and with domain admin priv of course embedded. This is the heart of IT, making your own uninstaller catered to you, thank Symantec later on. If you need assistance with the code, post back, sounds like a fun small project.

I like your candor, however not giving ESET a chance to fix or repair, would be counter-productive. ( You would end up with a less protective solution (my opinion )

Hello, You need to set the correct settings in policy manager to have the clients update on the correct port 2221 for update from mirror. Then assign the policy to the clients. Ensure your network firewall has 2221 open for the update on server, and on clients. What is ESET Remote Administrator (ERA) Policy Manager and how does it work? On a side note, you can always RDP to a client and set the update settings from the client itself by going to Advanced (F5) > Update > Settings, if you needed to test your settings out on one single machine before applying the firewall rules everywhere or adding an incorrect policy to all the clients as well.

The exploit page loads a Flash SWF HAHA , Thanks Adobe

New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks hxxp://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

Hello, I took a look at your company and your home page here: www. widdit.com I can only speculate that your software is not detected as malware or trojans etc; but, the detection type of potentially unwanted, and or potentially unsafe application. Please understand, this is not a permanent/always on detection type located within the software, but an optional detection type that users and clients of ESET can choose to turn on or off. Usually if samples are indeed false positives, you will receive a reply within a matter of days. If you would like to make adjustments on your application in order to clean-up or repair the trouble-causing issues, you can reference the following link as a guideline : hxxp://www.antispywarecoalition.org/documents/BestPractices.htm ...then re-submit your software for evaluation to ESET. *Most toolbars, BHO's, re-directs, and heavy browser addons fall under the category of potentially unwanted.

Switch it to learning mode then connect. Then switch back to Automatic after successful connection.

Hi, nice to meet you. Keep in mind ESET is #1 in phishing protection recently too ! Phishing is found through emails a lot.

Hi again, Its no problem Yeah i am an official reseller, you can send me a PM regarding deals, however i assume you are in the UK, and from your pounds symbols Any specials would need to be made through a distributor in your area. There are rules/guidelines that come with being a partner , cannot break or you can lose your trust relationship and partnership with the company.