mbartlett

Hello, I wanted to ask has anyone else updated to the 6.4 client now via ESET ERA console and had users with mapped drives via GPO stop working? We have several users who's mapped drives are no longer showing up after updating to 6.4 and then rebooting..

I did check and the computer renaming is enabled and set as a task as you noted. Seems the rDNS is not updated as frequently perhaps as would be ideal for this type of set up. all of the DNS options are enabled for updating PTR and A records and removing them as things change.

So a complete over sight on my behalf. In this location users have access to wireless and wired connections on desktops and surfaces, so sometimes if they dock they get wired, and thus a different IP on a different subnet, but DNS not always being instant to update, ERA see's the last IP it can, and it may not be the active IP on that range at the time. And thus perhaps another device grabbed the IP as it expired (8 day limit).

Managed computer will be re-created each time it connects to ERA server -> you have to uninstall AGENT from this machine. In case both of clients with the same name are connecting, one of them will be most probably wrongly named and it will be two different AGENT installation = two different computers. Please check computer identifier in client details view to find out which one is correctly named. I did check and you are right, while in Windows that ERA is installed on an nslookup shows the correct info, ERA shows the wrong host name / IP association. Will review each one and clean them out and see how that goes.

Thank you for the reply Martink, Below are the SYNCHRONIZATION SETTINGS. The systems that keep coming back are under the OU OU=Member Servers,DC=mydomain,DC=local, SYNCHRONIZATION SETTINGS DISTINGUISHED NAME OU=MyMainDomain,DC=mydomain,DC=local EXCLUDED DISTINGUISHED NAME(S) OU=MyDomain-CRM4,DC=mydomain,DC=local, OU=MyLocation Users,DC=mydomain,DC=local, CN=Computers,DC=mydomain,DC=local, OU=Domain Admins,DC=mydomain,DC=local, OU=Domain Computers,DC=mydomain,DC=local, OU=Domain Controllers,DC=mydomain,DC=local, CN=ForeignSecurityPrincipals,DC=mydomain,DC=local, OU=Global Contacts,DC=mydomain,DC=local, OU=Groups, DC=mydomain,DC=local, CN=Managed Service Accounts,DC=mydomain,DC=local, OU=Member Servers,DC=mydomain,DC=local

Just wanted to chime in that i have several computers that in ERA show the wrong computer name / IP. If with in the server ERA is hosted on i do an nslookup i show the proper host name and IP for the device but ERA is showing another host name not associated to the IP.

I have servers that do not have any agent installed and are not managed, also their OU is excluded from being scanned but they keep appearing.

I do not yet see if available from the ESET Admin Console yet, only as the solo download you posted.

Here is an example. i have deleted this entry on the .48 IP about 6 times in the last hour and it keeps coming back, i choose to deactivate the device and then delete it and it comes back, but as you can see the proper device is there and picked up properly...

I did as you suggested and I was able to get several more systems properly imported and showing. Now though i noticed another issue. It seems ESET Admin Console is not always updating the IP/DNS that a computer has. I have had 3 computers all reporting as not updated, in red. When i checked the computer, in DNS and just a ping from powershell on the ESET Windows server, they show a different IP than what ESET Console shows...Thus ESET thinks the system is not updated or reporting correctly. I have rebooted the server, done an ipconfig /flushdns but ESET seems to keep getting some systems IP's wrong.... Any thoughts on how ESET is getting the IP when resolving Netbios names, i presume it is an nslookup.... The 2nd issue is still ocurring, i have set the EXCLUDED DISTINGUISHED NAME(S) for when ESET sync's with what computers to pull from AD, and I have excluded all Servers which sit under an OU= on their own, but ESET keeps pulling them in anyways...as if it is ignoring the EXCLUDED DISTINGUISHED NAME(S) settings all together And on top of that I have my DISTINGUISHED NAME set to one OU below the root, so it should not even be looking outside that directory, but is... mydomain.local ----My computers <---- is what my DISTINGUISHED NAME is set to look in ----My Servers <--- is set under EXCLUDED DISTINGUISHED NAME(S) but it is still pulling My Servers

Perfect, thank you for the confirmation MartinK.

Just want to make sure, and I presume this is the case, but sometimes you never know. I have many systems in my ESET Admin Console (v6) with the VirusDB unknown and the Status as a O (circle) these are mainly servers which we do not have AV on yet (but working to) or systems that seemed to duplicate from systems that are in fact monitored and covered. If i delete these "stale" objects, it only removes them from the ESET Admin console, it won't ever actually delete the objects from the Domain controllers?

Will give that a shot and report back. It is a Windows Server 2012 R2 and has been rebooted several times.

You are very welcome Gonzalo, being in IT you learn more info is often better than less! Firewall policy is the same across all computers, this is all with in 1 location on the same LAN / Subnet, ports are open as needed (will double check just incase but GPO policy has not changed for firewall devices) Endpoint Antivirus is what the end users get This systems did previous work and connect fine with the old system they reported to, so they should have all access needed. Will adjust the logging level and see what is reported back, hopefully something I am missing. Could this also be related to if the last Admin console was set to not update versions of the local AV? Should i create a new policy to be sure all systems are forced to update their base application version?

you can do a client task to update all agents, there should be some post install steps to follow to assure you get all devices updated. Is there a reason you are going to v5 and not to version 6.3 ?