Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


ewong last won the day on December 13 2018

ewong had the most liked content!

Profile Information

  • Gender
    Not Telling
  • Location
    Hong Kong
  1. Today, I seem to be running into some weird issue. I'm not sure if it's my system or the webconsole system; but when I logged on to the ESMC server's webconsole, and tried looking at the computer list, it takes an inordinate amount of time to display "Loading". Still waiting after three minutes. [Going to try and reboot the system] Attached is a sample. In the server's log dir, the status.html shows nothing wrong and the trace.log does show some issues with a system connecting; but that shouldn't be affecting the webconsole loading... or should it? Anyone seen this before? Thanks Edmund
  2. I believe if only the Agent is installed and no AV product installed, then it'll be "Unknown". That's my experience at least.
  3. I believe the reason for that is the ESMC server cannot access the repository (default repo is at hxxp://repository.eset.com... assuming you haven't changed the update server.)
  4. As far as I know and can see, you can't specify the facility to send to. That said, it doesn't mean you can't set up a sys log server which listens to that port and process the incoming info via a script (bash, python...whichever you fancy). Theoretically, you can even set up a syslog server script using a different port to 514, which reads incoming information and then resend it directly to the local syslog server (and to whichever facility you choose). While it is an indirect way/workaround to the current issue of no facility-specifications in the syslog config, it's better than nothing. Edmund
  5. Out of curiosity, can your machine access the Internet? If not, then you've created a license from the EBA without including the necessary deployment token from ERA. IIRC, you need to specify the appropriate token and include that into the license (via EBA). I think that's what it is. It's been some time since I've touched any ERA < 6.5. Edmund
  6. I have some offline systems here that I've disabled Eset Live Grid; but now instead of amber alerts, I get red alerts due to the fact that their Eset Live Grid option is disabled (via policy). How do I get them to not give me the red alert notifications? Thanks Edmund
  7. Thanks.. so the Eset Live grid won't work then on those instances.
  8. Marcos, I was working on fixing the whole setup; but got confused. If the offline computers can access the HTTP Proxy system (and in turn, access the ESET servers), wouldn't that mean that they aren't truly 'offline' and thus can't use the offline license? So with regards to those systems, do I use the offline or online license? Thanks Edmund
  9. Please ignore the above. Apparently I'm stupid. I was setting up the AGent's update settings. and not the AV update settings. So yeah.. found out what I was doing wrong. Edmund
  10. I'm quite confused with how the policies are applied on the systems. I have 2 policies. Policy 1 sets the connection interval, and Policy 2 sets the update settings. Policy 1's Update settings are set to "Not set in this policy" [clipboard1.jpg], whereas in Policy 2, the update settings are set to forced (the red lightning bolt icon) [clipboard2.jpg]. So in theory, policy 1 sets the connection settings and ignores the updates settings and policy 2 ignores the connection settings and forces the updates settings. However, on my system (AV 7.0.0577), the update settings are definable and my system is connecting to the ESMC server (no errors in status.html nor the trace.log). [Clipboard3.jpg] shows what I see when I look at the updates settings on my system's AV UI. So theoretically, the update server should point to the value as given by clipboard1.jpg? Sure, I can manually change it to point to the correct update server; but that defeats the purpose of setting policies. Thanks Ed
  11. Ah Thanks for the clarification, Marcos! Edmund
  12. Thanks Marcos! Just checked on the list for one system and while it has the right policies applied, it hasn't checked in since yesterday, Since it is on right now and the ERA Agent is installed, something isn't ok with this system. Edmund
  13. Hi, I have set in the policy to have the ERA Agent [7.0.0577] connect every 3 minutes for all clients and I have set the server to the ESMC server and left the port as 2222. ESMC server is at version 7.0.0577. Webconsole is at 7.0.429.0. I just changed an existing policy to redirect the clients to a different updates server path. I've waited for more than 10 minutes, and I'm not seeing my own machine's AV's Update path change. It's still pointing to an old updates server path. Aren't policies applied whenever the agent connects to the server to get commands? Or did I misunderstand some settings? Is there a way to manually force all clients to grab the updated policies? Thanks Ed
  14. Coincidentally, the ESMC server here also went AWOL and it was a frustrating experience (mainly due to the fact that I had other fires to fight). I used GPO to deploy a new installer w/ install_config.ini; but there were a few stragglers that refused to connect to the new server. So I just locally removed the ESET agent and AV and started over again. But thanks Marcos, I'll keep that in mind.
  15. I've managed to fix the mirrortool situation. Regarding the HTTP Proxy, some systems aren't supposed to have Internet access so they aren't able to access LiveGrid. If I set up the HTTP proxy, those offline systems are now considered online (as they were activated with an offline license). Am I right? Ed
  • Create New...