Jump to content


Former ESET Employees
  • Posts

  • Joined

  • Last visited

About EricJ

  • Rank

Profile Information

  • Gender
    Not Telling
  • Location
  1. When you are set to 'AutoSelect' your updates will always be pulled over the internet from ESET Servers. ERA6 does not come with any update mirror functionality, as the recommended solution is to use an HTTP Proxy server to save bandwidth. Updates shouldn't normally take 3 attempts to finish successfully. What is the error you receive when the update fails? Is it unable to connect to the Update Server? Regards, EricJ
  2. Hello Achmann, It sounds like you might not have access to the repository if you are no longer able to to view the install packages. I recommend starting by ensuring you have access to different ESET servers listed in this article: hxxp://support.eset.com/kb332 Also, what is the exact error you get during activation? Best, EricJ
  3. Hello kaleemullahbilal, As recommended by the other posters, I also recommend using the component upgrade task as described in this knowledgebase article: hxxp://support.eset.com/kb3668/#upgradeera Expected downtime of ERA server is about 15 - 30 mins once the task starts. However, this should not affect your clients antivirus security. You will just be unable to perform any new management tasks until the task finishes. However, if you plan on upgrading manually, you will need to download the latest server msi, agent msi, and web console. I've listed the direct download links for these components below. Server Installer: https://download.eset.com/com/eset/apps/business/era/server/windows/latest/server_x64.msi Web Console: https://download.eset.com/com/eset/apps/business/era/webconsole/latest/era.war Agent installer: https://download.eset.com/com/eset/apps/business/era/agent/latest/agent_x64.msi I typically upgrade the server component first (though it doesn't matter which you do first). To upgrade the server, run the server installation file on the system ERA server is currently running on (this requires administrator rights). The upgrade of the server component should not require any further configuration, the installer should already detect an installed Server component and begin the upgrade process. To upgrade the Web Console, you will need to locate the Apache Tomcat webapps directory. This is typically in: "C:\program files (x86)\Apache Software Foundation\Tomcat7\Webapps". Then follow the steps below: 1. Open services.msc and stop the Apache tomcat service 2. Rename the 'era' subdirectory in the 'webapps' directory (maybe to era.bk) 3. Extract the contents of the web console download (era.zip) to the tomcat webapps folder 4. Start the Apache Tomcat Service Final step is to upgrade the agent component that is running on the server, while this is not going to affect the actual administration tasks performed by ERA server, it is good practice to upgrade all components. Upgrading the Agent is as simple as upgrading the Server component, just run the installer over the top of the current installation (administrator permissions required). This process should only take 10-20 minutes total, and your ERA server will only be down for ~5-10 minutes. This upgrade should not affect client management, security, or reporting in any way. Once the server is back up the ERA agents on your workstations should check back into ERA as normal. Let me know if you have any other questions on the upgrade process. Best Regards, EricJ
  4. Hello Ivan79, Are you using ESET Virtualization Security for VMware in your environment? As that would be the only reason to use the Virtual Agent Host application. The Virtual Agent Host is used for the agentless protected vms. As for the http proxy issue, I would refer to the proxy log file in /var/log. Currently, how many ERA components are installed on your Ubuntu Server? Best, EricJ
  5. Hello Dolphin, Have you tried using the ESET Sysrescue Live disk creator? Here is the direct download link: hxxp://download.eset.com/special/sysrescue-creator/eset_sysrescue_live_creator_enu.exe Also, here is the knowledgebase article associated with the tool: hxxp://support.eset.com/kb3509 Best, EricJ
  6. Hello tmuster2k, It sounds like you want to be able to make changes to ESET Endpoint locally for testing purposes. This is only possible when a policy is not assigned to the system (also keep in mind, policies assigned at 'all' will inherit downwards to your entire group structure). One solution would be to temporarily unassign the 'master policy' from the 'all' group, perform your tests, then re-assign your policy to 'all'. This is typically an effective solution as unassigning a policy will not remove or change any settings from your other clients, but will allow you to make changes locally for testing (just remember to re-assign the policy after). An alternate solution, would be to not assign your master policy at the top level 'all' group. But instead, assign the policy at your second level of groups. For example, imagine you have 4 groups (called A,B,C,D) which are all placed directly under the 'all' group. Instead of assigning the master policy at 'all', assign the policy at groups 'A' 'B' and 'C'. If there comes a time in which you want to test settings locally on a specific computer, you can then move that computer out of the A,B, or C group and place it in group D. For your question regarding "ESET SECURITY PRODUCT FOR WINDOWS- Balanced" this should not be assigned by default. In my experience, the only policies assigned by default (no user interaction) are policies designated with 'HTTP Proxy Usage'. Regards, Eric J
  7. Hello mollimolar, What component of ESET protection are you disabling, in order to regain functionality on WoW?
  8. Hi dgillespie, Have you tried using ERA Agent Live installer to install the agent with all the correct configurations? If after trying that, it still does not connect to ERA Server. Check the Agent logs in: /var/log/eset/RemoteAdministrator/Agent Live installer steps here: hxxp://help.eset.com/era_admin/64/en-US/agent_live_installer.htm Excellent name by the way! Best, Eric
  9. Hello ar_156, I noticed when testing the issue, that Chrome forces HTTPS on youtube.com, which could possible be related to your problem. However, could you also check ESET settings and verify Chrome is not excluded from protocol filtering? - Open ESET NOD32 Antivirus - Press F5 to open Advanced Settings - Click 'Web and Email' then click 'Excluded Applications' If Chrome is added to this list, remove it, then reopen Chrome and re-test youtube.com. I was able to get this functionality to work on my test Windows 7 system. I used the URL *youtube.com* (I noticed you did not use this exact form), and defaulted all other settings. Please let me know if this does not work for you. Best, Eric
  10. This only appears to be a problem while using interactive mode. Automatic filtering mode should not filter out any communication with Blizzard/WoW Servers. For preventing the 'Allow/refuse' prompt while in interactive mode, it may be possible to just make a general rule to allow communication with their servers. Example: Allow outbound communication for Port 80 to the IP address of their servers. --Replace port 80 with whatever port they use for their launcher. If you decide to make a rule in this manner, it's best practice to be as specific as possible. Best, EricJ
  11. Hello IT Alex, Currently, if you're using the latest version of ESET Products and have settings configured at the recommended level (Live Grid, Advanced Memory Scanner, Advanced Heuristics on File Execution) then ESET will be extremely effective at blocking Filecoder-Ransomware type infections. To answer your specific question, we currently have multiple signatures for Filecoder variants that use the .zepto extension. However, keep in mind that new variants are released daily, which is why it is so important to use recommended settings and not unnecessarily disable recommended protections, such as Live Grid. Best, EricJ
  12. Hello tmuster2k, Just adding my 2 cents, however, the best way I've seen to locate the user that was initially infected is to run a scan of all computers and check for detections of 'Ransom-notes' on the systems' local %systemdrive%. ESET should detect Ransom-notes and log these as threats. At that point, it's a matter of reviewing your scan information/logs to look for these detected ransom-notes. Ransom-notes are typically text files that are placed in the same directory as encrypted documents, they usually have names similar to 'help-decrypt.txt' or 'recover-files.txt'. If you find a computer with detected ransom-notes on the system drive, then it's likely the filecoder infection was run from that computer. If it's a computer with multiple users, check C:\Users directories to see what users have ransom-notes/encrypted files. Additionally, you can check ownership of these ransom-note files. This method is typically unreliable though. In my experience, the ownership is usually set to a group such as 'users' or 'administrators'. Steps: - Locate a Ransom-note - Right-click, select properties. - Click on "Security" tab - Click 'Advanced' - Click owner tab, and you should be able to view the owner of the file Hopefully this information helps! Regards, EricJ
  13. mstroud_pfi, It sounds like the application did not install correctly, and thus you were encountering strange/unusual application problems. I'm glad you were able to resolve the issue on your own, however, please feel free to send me the Agent install log I referenced earlier I can attempt to look through that to find a potential cause of the problem. I sent you a PM with a link you can upload the log to. Out of curiosity, did you have an earlier version of ESET Endpoint Antivirus/Security installed on the computer, perhaps v5? Best, Eric
  14. Hello tbsky, This error is typically produced when running the activation task on a target that does not have a supported ESET product. Please view the computer details of the target, and check the installed applications tab to verify if the Agent is reporting an ESET Security product as installed. You can do this through the task details. Click on the failed task, select 'show failed', find your computer, click on it, then click 'Details...' Best, Eric
  15. Just to confirm, is the ERA Agent Service on the workstation running now? And does that agent check-in to ERA server successfully?
  • Create New...