Arakasi

Good deal, dont forget to change the ERA ip or hostname and port to the new in your policy.

Hello Once you make a change in the "Server Policy" , the clients will absorb those changes as soon as they check in to ERA (default 10m). So its kind of like a reverse push lol, there is no gpupdate to run. What is the unc path and what format did you use ? Also where in the policy\settings did you place this rule or exclusion ? A rule ? An IDS exclusion ? Thanks

Hello Yes You change the current policy to point to the new one, which in turn causes the policy on the new server to take effect on your clients. Once your clients check in to the old server, and receive a new ip/hostname for the ERA server, on the next go around they will look at the new server. On your version 4, if you click on Tools, then configuration editor, you can select all objects with Edit > Mark All , then go to File > Export marked to. This way you can export and import the policy into the new server. Just keep in mind, do not decommission your old server's era console and policy without first setting up the new one, and migrating your endpoints to it through policy, or you may be stuck with endpoints that have no server to look to, thus requiring a manual installation of the endpoint or a new push installation with configuration already set to point to the new server. Hope this helps and makes sense.

Sounds like a real bad install. I would boot to safe mode, run the proprietary uninstaller, and retry the installation completely.

According to this article hxxp://support.microsoft.com/kb/2918614 You could try a manual fix with the registry. Let us know if this helps.

3 things stand out to me. MSI (c) (90:A8) [20:43:43:440]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Users\Andrea\Downloads\ess_nt32_ENU.msi' against software restriction policyMSI (c) (90:A8) [20:43:43:440]: SOFTWARE RESTRICTION POLICY: C:\Users\Andrea\Downloads\ess_nt32_ENU.msi has a digital signatureMSI (c) (90:A8) [20:43:44:697]: SOFTWARE RESTRICTION POLICY: C:\Users\Andrea\Downloads\ess_nt32_ENU.msi is permitted to run at the 'unrestricted' authorization level. and Info 2898.For DlgStdFont textstyle, the system created a 'Tahoma' font, in 1 character set, of 13 pixels height.Info 2898.For UiFont_Bigger textstyle, the system created a 'Verdana' font, in 1 character set, of 20 pixels height.DEBUG: Error 2826: Control BottomLine on dialog PrepareDlg extends beyond the boundaries of the dialog to the right by 3 pixelsThe installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: PrepareDlg, BottomLine, to the rightAction ended 20:43:46: PrepareDlg. Return value 1. Also === Logging stopped: 12/8/2014 20:51:43 ===MSI (c) (90:A8) [20:51:43:646]: Note: 1: 1707 MSI (c) (90:A8) [20:51:43:646]: Product: ESET Smart Security -- Installation completed successfully.MSI (c) (90:A8) [20:51:43:646]: Windows Installer installed the product. Product Name: ESET Smart Security. Product Version: 8.0.301.0. Product Language: 1033. Manufacturer: ESET, spol s r. o.. Installation success or error status: 0.MSI (c) (90:A8) [20:51:43:650]: Grabbed execution mutex.MSI (c) (90:A8) [20:51:43:650]: Cleaning up uninstalled install packages, if any existMSI (c) (90:A8) [20:51:43:684]: MainEngineThread is returning 0=== Verbose logging stopped: 12/8/2014 20:51:43 ===

In addition, it could be permission issues on the xml files, you could check that too. if you pick things up quick, you may find a solution in this KB article : hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN741

You can try telnet on the specified port to make sure that is good. However as you stated, you probably would not get the web interface if the connection was refused. First off is it an Access db you set it up on, or sql ? Access you can use powershell, sql you can use query analyzer. Have a look at my attached pictures and tell me if you can post a shot of yours as well. Location inside the ERA Console: Tools > Server options > Logging tab > Audit log. Look here for your authentication requests when logging into the web server. We may be able to determine why. If we have an issue with your administrator password, as Marcos stated way above, the quickest solution would be to contact customer care and reinstall era server and console. However if you would like to keep everything as is, and we have determined its a simple password mismatch, we can help you reset it. If you want to tackle the repair option and keep everything as is, send me a PM tomorrow during normal business hours for ESET contact : hxxp://www.eset.com/us/about/contact/ Or contact customer care by phone for the direct route. If i am able to verify the validity of your account, we can provide instructions on a process to clear that admin password, and if its an AD account help pushing that password into it. Unsure of how the policy goes with the web console passwords, but i would recommend setting the user account password to never expire in AD, if its an admin account thats rarely used locally, but only around the network. Good luck, and sorry for the troubles Tor Vidar

Have you created a policy with these changes and pushed it out or assigned clients to the policy ?

Hello, if you upgrade from av to ess you will lose the time remaining on your av, but have a full year starting when you upgrade for the ess. I definitely recommend going with ess, their firewall is very intelligient. If you dont want to lose your remaining time on av, you will need to wait. However, if you contact customer care by phone they may be able to assist you with salvaging a little time remaining, although unsure of their methods and policies, they have great customer service. By request only they may support you by upgrading ess at a renewal rate vs new license, but its discretionray by ESET and no gaurantee can be made. Have to call and have a 1 on 1 with ESET. I hope you decide to upgrade. cheers....

Press the default button in the lower right of gui. May be under settings.

Have you tried logging in as admin and restarting? What process to restart do you take? Have you tried a shutdown ?

How did steps 9-12 go ? Completed all of them ? DNS is cleared and reset ? Have you tried querying the db using something other than a web browser? Can you try connecting to the server with a different program on port 80 ? 443 ? etc

In addition, a few clarifications if you will . . . You said "migrated" your installation from one server to a vmware server. What process did you take when you say migrate ? Are you referring to exporting settings and re-importing after you installed on the new server? Is this a version of esxi ? Do you have multiple servers on one box ? Is your ERA console now on the new vmware server, and your web console is located on a web server, totally different server? I think you may need the server that has the console install, be the same server that you go to for accessing the https web console and database. You might have less issues logging into the web console,

Hello again, A few things to point out. Your picture includes the web servers list. You cannot simply add the http(port 80) and expect it to work. Try opening the Configuration Editor in ERA, and expand to the Dashboard section to see if all the settings are there correctly, even check that the keys for https are there. My main concern might be that you should uninstall ERA console and server and reinstall, and make sure the db is created and all the settings are correct on the next go around. Don't forget to export current settings or policies.

Did you have IIS or SQL, MySql, Access, etc installed prior to ERA installation ? Did you change the specified port for the web console during initial setup maybe ? Do you have the port listed in the Server options under other settings correctly? What about potential dns issue, have you tried using the IP instead ? https://192.168.1.2/ instead of https://SERVERNAME/ Although you said all firewalls are off, can you create an exclusion in windows firewall anyway. Do you have any traffic control from switches or routers ? Web filter policies ? Have you tried with a different browser ? Have you tried launching from inside the ERA console ? Next thing to look at would be logs and/or directories.

You have anti-phishing, and app protection. Your phone cant be infected by common normal windows threats or similar. Only by android / linux-unix & or java developed threats. I am not sure how web protection comes into play here, but maybe ESET can elaborate further. Mainly because a threat would be anything that messed with your phone. So if you ran across a drive by js or similar on a site, it would be in the form of an application, which would then be detected by ESET if installed or scanned and found. If it wasnt in the form of an app, it may still be detected heuristically or by a db. We are finding advanced threats everyday, but im not sure a filter on url traffic would be necessary or not on a phone etc.

Permissions are damaged. You can try to uninstall using the uninst tool in safe mode, how did you try and delete ? I recommend contacting customer care by phone to assist in your permission issues in the registry, provided the uninst tool does not work. You may need to run some attrib commands or similar.

Also i notice it says connection error. Where are you trying to login to the web console @ ? The server with ERA installed ? A client workstation ? Remotely ? Keep in mind that database has a specified port etc, any connections need to have exclusions entered if its outside of the server itself. Port 2225

Hello, Can you give us a picture similar to the one i have attached: Create a new user in manager, add the AD group you want to push users into the new ERA user as shown i have added the domains administrators group. Then attempt to login to the web console again with the new user. Let us know the results.

Thank you Alex for coming over and greeting us.

Thank you for your post and work rugk

Hello Roger, lockscreens and/or ransomeware - are trojans that will prevent you from using your system entirely by injecting a full screen application upon login followed by disabling crucial services that allow you to operate your own computer. Lockscreen because your system is locked, and ransomware because you have to pay money to have the trojan removed and regain the use of your computer entirely. pre-defined rules in Automatic mode - are rules that ESET has already embedded into the software, rules that were created automatically when it was being setup, or rules that you put in place. One of these or similar. weakening Host-based Intrusion Prevention System - would be a security risk, but any good points that may come of it would be directed at actions such as remote access, or applications that really change the OS around. There is a higher chance of successful exploitation or intrusion if you weaken it, or disable the features or predefined rules set etc. Hips will watch things like crucial system changes that would come from the registry, or services, or common windows files etc. If there is an account or application (permissions etc) other then you that are making changes, Hips will make sure it was called or that it isnt damaging to the PC etc. Hope this helps

Any items found in the quarantine log are most likely legitimate detections and i would advise against any kind of restore from quarantine. If you feel the detection is a false positive you can submit here . However, to answer your question regarding why it won't restore. You will need to plug in your backup drives before attempting the restore, because the restore will only place it inside its original found location and path. gstmp obviously stands for Good SyncTemp, directory. So temp dirs are sometimes scheduled for cleaning or deleting.

Very good choice.