Jump to content


  • Posts

  • Joined

  • Last visited

About fxcd

  • Rank

Profile Information

  • Gender
    Not Telling
  • Location
  1. Hi, With the help of the ESET support, we finally found the source of the problem: In our ESET policy, under "Advanced Setup -- Update -- Outdated Virus Signature Database Alerts", the EAV setting "Set maximum database age automatically" was set to FALSE, because we wanted a shorter maximum database age than the default of 7 days. As soon as the setting "Set maximum database age automatically" was set to TRUE, Windows 10 1703 did not report EAV as being out of date anymore. However, this appears to be a bug in ESET, as the problematic behaviour is caused by a legitimate ESET configuration setting and does not appear with Windows Versions earlier than Win 10 1703.
  2. Hi, I recreated the Trigger for the Client Task with Trigger Type: CRON Expression and it appears this solved the problem! I then retried it with our originally used Trigger Type "Scheduler - Weekly", and it worked as well. My guess is there was an issue in ERA/Agent/EAV 6.3, which was the version we used at the time the Client Task Trigger was originally created. However it may be, it works now with Client Tasks, even when the endpoints are not connected to the ERA server. It still would be nice to be able to use Local Time in Policies for EAV Scheduler in the future, but this feature is not that urgent for us anymore, as we now have a working solution. Thanks!
  3. Hello, Our company has 6 sites in 4 different time zones. I am trying to configure Endpoint Antivirus (EAV) on all our endpoints in our company to run a weekly scan job every Monday at lunch time. My first attempt was to configure a Client Task in our ESET Remote Administrator (ERA) appliance. In Client Tasks, I can "USE LOCAL TIME" of the target instead of console timezone. That is, the task is run at the local time of the endpoint. However, we noticed the task is not triggered on endpoints that are not permanently connected to our ERA appliance (i.e. laptops on the go). Therefore, I created a policy in ERA to configure EAV's scheduler to run the scan at the appropriate time. Unfortunately, there is no option to let the job run at the endpoint's local time. The scheduled time transmitted to the endpoint appears to be calculated from the timezone of the ERA appliance. For example, with our ERA appliance located in Europe, a task scheduled to run at 11:30 AM in an ERA policy will run at 5:30 AM in Ontario, Canada (or won't run, as the endpoint will likely not be on, that early in the morning). So I went ahead and created four policies for four different time zones to run a scan job every Monday during (local) lunch time. I therefore calculated the time difference between ERA's timezone and the individual sites. It would be acceptable to do the work once, if it wasn't for... Daylight Saving Time (DST). DST requires us to adjust our policy twice a year for two of our sites or otherwise, the job will be run an hour late or early, depending on the time change. Maybe I am overseeing an essential configuration item, but if not, it would be great to be able to set the scheduled job to run at the endpoint's local time, as this would reduce the number of policies and amount of interaction needed to centrally manage endpoints in different time zones. If someone has another useful tip in the matter, I'd really appreciate it. Thanks
  4. Thanks for the detail. Unfortunately, There is no value WscState under HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info I searched and found both a @WscState and a WscState value under HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000600\settings\EKRN_CFG Is it any of those? I checked the registry on two computers (a physical and a virtual machine, both running Windows 10 1703).
  5. Hi, Most of the machines were upgraded from version EAV 6.5.2094 (where the problem already existed). At least one got the current version 6.5.2107 right from the beginning. The problem persists after uninstall, reboot and reinstall. I need a little more info to try your suggestion: Where do I find "disable Self-defense" in ESET Endpoint Antivirus? Is it equivalent to right-clicking the ESET icon in the systray and selecting "Pause protection"? (When I do that, both HIPS and Anti-Stealth protection stay enabled. Is that OK or do I need to disable them, too?)
  6. The system time for all our endpoints is correct. Time is synchronized within our Windows Domain. Note that the problem only affects endpoints running Windows 10 1703. Endpoints running Windows 10 Enterprise 2015 LTSB, Windows 8.1 or Windows 7 are not affected by the issue. I will open a ticket with the official support and send in an exported configuration.
  7. On all computers in our company running Windows 10 Enterprise 1703 (Creators Update, Build 15063), Windows constantly reports that ESET Endpoint Antivirus (version 6.5.2107.0) is out of date (in the Action Center, as well as under "Control Panel\System and Security\Security and Maintenance"). However the ESET EAV GUI itself claims that the virus signature database is up to date. FYI: we test-installed the current BETA EAV 6.6.2031.0, where the problem appears to be fixed. However, we cannot deploy a BETA version to production systems, especially as it is not fully configurable via the current ERA release. Is there any chance there will be a hotfix for this bug in 6.5 before 6.6 is released? I noticed this problem has been mentioned as part of another thread in https://forum.eset.com/topic/12132-eset-endpoint-security-65-cant-install-on-windows-10-with-creators-update/?do=findComment&comment=62014 However I am opening a new topic for this, as it appears to me to be an unrelated issue to the "can't install" problem.
  8. I am trying to configure the Email client protection so that e-mail attachments identified as infected can be recovered in case of a false positive. We are using Outlook 2010 through 2016 with enabled ESET Outlook integration. The server is Exchange 2010. Under - Advanced Setup - Email client protection - Threatsense Parameters - Cleaning, I configured "No Cleaning" to get a dialog of available actions. When an infected email is found, the dialog is shown, and a click on "More info" shows that the option "Copy to Quarantine" is checked. However, none of the available actions (Delete or No action) actually copies the attached file to quarantine (quarantine stays empty). A click on "Delete" removes the attachment and moves the e-mail to the "Infected Items" folder. No copy of the attachment can be found in quarantine (Main ESET Window - Tools - Quarantine). A click on "No action" moves the e-mail to the "Infected Items" folder without touching the attachment Is there another separate quarantine location dedicated to the email client protection or am I missing the correct configuration option? Thanks
  • Create New...