Jump to content

Rainer

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

 Content Type 

Posts posted by Rainer

    Protocol Filtering

    in ESET Products for Windows Servers

    Posted

    Hello,
    I have the following problem with Protocol Filtering in ESET:
    We have a new backup software (Networker 9.2.1.2) installed on a server.
    On the servers that are to be backed up using this backup software, a "client" is installed.
    These clients are then set up on the backup server.
    The problem now is that if I want to set up a client on the backup server, the setup can not be finished. After clicking on finish freezes the image and I have to stop the service.
    I've now found that when I stop protocol filtering on the "client", the setup works.
    But that can not stay that way.
    Now I'm looking for a solution how to set up clients with protocol filtering enabled. The ESET support told me that I can exclude applications and IP addresses in the protocol filtering. I tried that, but it does not work. I have excluded the .exe file of the application and for test even our complete network (ip range).
    It just does not work (only when the Protocol Filtering is completely turned off). I have already paused the entire ESET, but disabled everything except the protocol filtering, but it still did not work.
    The manufacturer can only help me to the extent that he just tells me that I should exclude the .exe file and the IP address (which I had already done).
    I'm just stuck here (I'm working on it since more than a week).
    Does anyone have an idea?
    Thanks for your support!

    Greetings Rainer
     
     
     
     
     

    How to exclude a file from Windows profile

    in ESET Endpoint Products

    Posted

    Hi all,

    I want to exclude a file (over ERA) from the Windows user profile.

    ESET shows this file as an unwanted application, but my chinese colleague told me, that the file is safe, so I want to tell ESET (in ERA),

    that the file is safe, and exclude it.

    The problem is, that the folder name is (for every user) different.

    I.e. C:\users\username1\AppData\Local\......\filename.

          C:\users\username2\AppData\Local\......\filename.

          C:\users\username3\AppData\Local\......\filename.

    How can  do this?

    Thanks for the help!

     

    Best regards

    Rainer

    Show all systems (client/server) without any ESET product installed

    in ESET PROTECT On-prem (Remote Management)

    Posted

    Hello, it depends if ERA agent is installed (computer is managed) or no (unmanaged).

    Umanaged computers could be filtered in Computers tab by clicking the "unmanaged" filter icon in the top filter (4 buttons, unmanaged is the "O" icon.

    To find machines without any product installed you have to use dynamic group template condition "managed product mask" with expression "not in" and choose all options except ERA agent.

    Detailed instructions are in the ERA documentation: hxxp://help.eset.com/era_admin/64/en-US/index.html?dynamic_group_examlpes.htm

    Hope that this heps.

    Hi MichalJ,

     

    thanks for your help.

    This solved my problem.

    I have created a dynamic group template and it works fine.  :-)

     

    Best regards

    Rainer

    Pop3, HTTP error

    in ESET Endpoint Products

    Posted

    Hello, for Endpoint V5 please do the following:

    1. Enable dumping to protoscan pcaps by
      • importing the appropriate xml configuration (dump_to_pcaps-enable-endpoint.xml)
    2. Replicate the problem, note the time (with time zone information) when the problem occured (e.g. 16.10.2013 at 16:14:30 UTC +0900).
    3. Disable the dumping (dump_to_pcaps-disable-endpoint.xml).
    4. Include:
      1. the files EsetProxyInner.pcapng and EsetProxyOuter.pcapng (located in "c:\ProgramData\ESET\<product name>\Diagnostics")
      2. time from step 2
      3. any error messages that were displayed
      4. description of the problem
      5. OS, ESET product and protoscan versions
      6. All other ESET modules (from about section)

    Can you also check, if the driver "epfwwfpr.sys" is running? (sc query epfwwfpr).

    Thank you,

    Michal

    Hello Michal,

     

    thanks again for your help!

     

    I have news.

    Investigating this issue, my colleague has find out, that after the first reboot (means: The Agent is installed, the user powers off the system,

    leaves the office and powers on next morning the system again) the ESET shows the POP3, HTTP error message.

    After a second reboot of the system, the error message is gone (??).

    We get every morning dozens of messages from other systems, but when we reboot the systems (once, or twice), the error message is gone.

    So we have to reboot (twice) all our systems, where the new ESET Agent is installed.

    This is a working concept (a workaround).

    We can live with that.

    I have installed the Agent on nearly 60 percent of our systems, so we have to wait until all systems are installed and rebooted (twice). 

     

    Best regards

    Rainer

    Pop3, HTTP error

    in ESET Endpoint Products

    Posted

    I have seen this on ENDPOINT AV which is rather confusing being that it does not have a firewall. 

    I would suggest first one one machine only, is doing a push install task to install EEA 6.4 over the top of the V5 Endpoint. After the upgrade you need to reboot (Reboot automatically check box).

    If after the reboot, you go local to that machine and it is still showing the same status then I would suggest using a push uninstall task >> hxxp://help.eset.com/era_admin/62/en-US/?client_tasks_software_uninstall.htm to uninstall the broken V5 version and then reboot. After reboot, use your same push install task for 6.4 and install. This should resolve your issue. 

    BTW. were these windows 10 machines? 

    Hi Tmuster,

     

    thanks for your help!

     

    This works fine!

    When I'm deinstalling the ESET 5 and install the ESET 6, then I have no issue, but my problem is, that I cannot remove all ESET 5 at this time. I just want to install the ESET Agent on all systems from our headquarter and our subsidiaries. After the Agent is installed on all systems, I can remove the old ESET 5 and install the new ESET 6 (step by step)..

    I must do this in that way, because we have no it spezialists in our subsidiaries (only field staff --> you know what I mean) :-)

     

    --> I have this issue only on systems where I have installed the ESET Agent.

     

    Btw.: The systems are W7, W8.1 and W10

     

    Best regards

    Rainer

    Pop3, HTTP error

    in ESET Endpoint Products

    Posted

    Hello, what is the installed product / version & what is the operating system used?

    Is it ESET Endpoint Security / Antivirus V5, or after deployment of ERA agent, you have also upgraded ESET Endpoint Security / Antivirus to V6?

    ERA agent itself should not interfere with V5 in no other way, than to adjust its configuration to connect to ERA agent instead of the ERA V5 server, and then enforce the policies assigned to that computer by ERA V6 server.

    Couple of questions:

    Are there any policies applied to the computer via ERA 6?

    Is the issue occurring after computer restart?

    can you please send us Pcap log?

    1. Open Advanced settings of ESET product.
    2. Go to Network - Personal firewall - IDS and advanced options.
    3. Open Troubleshooting (click on plus button in the tree) and check check-box for Enable advanced PCAP logging, save advanced settings.
    4. Simulate problem with network.
    5. Stop pcap loging in advanced settings.
    6. Log from pcap: "c:\Users\All Users\ESET\ESET Smart Security\Diagnostics\".

    Also please specify the versions of modules used by your product (located in about section of ESET product).

    Hi Michal,

     

    I cannot find the "Network --> Personal firewall - IDS and advanced options" (in ESET 5.0.2265.1)

    Where can I find this setting in ESET 5 ( I have just installed the ESET 6 Agent, not the Antivirus app. from ESET 6).

     

    ...and yes, I have a policy applied to these systems (but nothing with POP3 or HTTP).

     

    I'm not sure if the error message comes again after a restart, because the systems are mostly in our subsidiaries.

    But I assume, that one or the other has powered off, at closing-time, and powered on again next morning.

     

    Best regards

    Rainer

    Pop3, HTTP error

    in ESET Endpoint Products

    Posted

    Hello, what is the installed product / version & what is the operating system used?

    Is it ESET Endpoint Security / Antivirus V5, or after deployment of ERA agent, you have also upgraded ESET Endpoint Security / Antivirus to V6?

    ERA agent itself should not interfere with V5 in no other way, than to adjust its configuration to connect to ERA agent instead of the ERA V5 server, and then enforce the policies assigned to that computer by ERA V6 server.

    Hello Michal,

     

    the installed product version is ESET Endpoint Antivirus 5.0.2265.1 and the operating system is Windows 7/8.1/10.

    I have just installed the ESET 6 Agent, no Endpoint Security, or Antivirus app. installed.

     

    Best regards

    Rainer

    Pop3, HTTP error

    in ESET Endpoint Products

    Posted

    Hello,

     

    we've ESET 5 installed on our clients.

    I want to update to ESET 6.

    The suggested solution from ESET was to install the ESET 6 Agent first on all clients, before removing the old ESET 5 client.

    I've done this on many clients (installation of the ESET 6 Agent), but now I get an error message from a lot of clients.

     

    ------------------------------------------

    During execution of Personal firewall on the computer XXXXXXXX, the following waning occured:

    An error occurred while starting proxy server. Analysis of application protocols (POP3, HTTP) will not function.

    ------------------------------------------

     

    How can I get rid of this error message?

    What do I have to configure on my ERA 6 console?

     

    Please help!

     

    Best regards

    Rainer

    ERA 6.4 creating dynamic group

    in ESET PROTECT On-prem (Remote Management)

    Posted

    Hello ESET Staff :-)

     

    thanks for your quick answer.

    I've tried it exactly like in the old topic described, but when I'm creating the group and assign the group to the new template, I get 0 PCs as a result.

     

    What am I doing wrong?

    Please help!  :-)

     

    My expression was:

    Device identifier,    Identifier type      Equal          Computer name

    Device Identifier,    Identifier value    has prefix    AU-PC

     

    Best regards

    Rainer

     

     

    ERA 6.4 creating dynamic group

    in ESET PROTECT On-prem (Remote Management)

    Posted

    Hello,

     

    I'm completely frustrated about the ERA 6.4.

     

    We have ERA 5.3 and all works fine, but now we want to switch to ERA 6.4.

    A technician from ESET told me, that best practice would be to install a brand new server.

    So I've done this, but now I have a lot of issues.

     

    One of them is:

    How can I create a dynamic group which contains i.e. all systems beginning with si-pc*      --> si-pc01, si-pc02, si-pc03 and so on.

                                                                                                                           or   si-nb*      --> si-nb01, si-nb02, si-nb03 ......

     

    Backgound:

    I want to create a group for PCs, a group for Laptops, and a group for servers.

     

    I'm absolutely new in ERA 6.4, so please explain in detail.

     

    Hope someone can help me!

    Thanks!

     

    Best regards

    Rainer

     

     

     

×
×
  • Create New...