ewong

I have some offline systems here that I've disabled Eset Live Grid; but now instead of amber alerts, I get red alerts due to the fact that their Eset Live Grid option is disabled (via policy). How do I get them to not give me the red alert notifications? Thanks Edmund

Thanks.. so the Eset Live grid won't work then on those instances.

Marcos, I was working on fixing the whole setup; but got confused. If the offline computers can access the HTTP Proxy system (and in turn, access the ESET servers), wouldn't that mean that they aren't truly 'offline' and thus can't use the offline license? So with regards to those systems, do I use the offline or online license? Thanks Edmund

Please ignore the above. Apparently I'm stupid. I was setting up the AGent's update settings. and not the AV update settings. So yeah.. found out what I was doing wrong. Edmund

I'm quite confused with how the policies are applied on the systems. I have 2 policies. Policy 1 sets the connection interval, and Policy 2 sets the update settings. Policy 1's Update settings are set to "Not set in this policy" [clipboard1.jpg], whereas in Policy 2, the update settings are set to forced (the red lightning bolt icon) [clipboard2.jpg]. So in theory, policy 1 sets the connection settings and ignores the updates settings and policy 2 ignores the connection settings and forces the updates settings. However, on my system (AV 7.0.0577), the update settings are definable and my system is connecting to the ESMC server (no errors in status.html nor the trace.log). [Clipboard3.jpg] shows what I see when I look at the updates settings on my system's AV UI. So theoretically, the update server should point to the value as given by clipboard1.jpg? Sure, I can manually change it to point to the correct update server; but that defeats the purpose of setting policies. Thanks Ed

Ah Thanks for the clarification, Marcos! Edmund

Thanks Marcos! Just checked on the list for one system and while it has the right policies applied, it hasn't checked in since yesterday, Since it is on right now and the ERA Agent is installed, something isn't ok with this system. Edmund

Hi, I have set in the policy to have the ERA Agent [7.0.0577] connect every 3 minutes for all clients and I have set the server to the ESMC server and left the port as 2222. ESMC server is at version 7.0.0577. Webconsole is at 7.0.429.0. I just changed an existing policy to redirect the clients to a different updates server path. I've waited for more than 10 minutes, and I'm not seeing my own machine's AV's Update path change. It's still pointing to an old updates server path. Aren't policies applied whenever the agent connects to the server to get commands? Or did I misunderstand some settings? Is there a way to manually force all clients to grab the updated policies? Thanks Ed

Coincidentally, the ESMC server here also went AWOL and it was a frustrating experience (mainly due to the fact that I had other fires to fight). I used GPO to deploy a new installer w/ install_config.ini; but there were a few stragglers that refused to connect to the new server. So I just locally removed the ESET agent and AV and started over again. But thanks Marcos, I'll keep that in mind.

I've managed to fix the mirrortool situation. Regarding the HTTP Proxy, some systems aren't supposed to have Internet access so they aren't able to access LiveGrid. If I set up the HTTP proxy, those offline systems are now considered online (as they were activated with an offline license). Am I right? Ed

I think it does as I see the accesses via the http logs. That said, I figured out what I was wrong with. In my haste, I had looked at the offline repository setup and how to run the mirror tool and thought the commands were the same. It took a few tries in manual updating the repo to realize my stupid mistake. I kept on getting that offline repository needed the output repository and intermediate directories. That's when the word "intermediateRepository" popped up. So right now I"m running the mirrortool for both the updates and the engine/binaries. Will see how this goes. Thanks Marcos! Ed

I suspect I'm doing something wrong or misunderstanding the offline repository setup. This is what I did (assuming that the Linux offline repository setup can also serve Windows machines): Download and ran the mirror tool via: mirrortool --mirrorType regular --intermediateUpdateDirectory ./tmp --outputDirectory /var/www/html --offlineLicenseFilename ./local_cache.lf (I assummed the offline license filename should be the "local cache" type.) setup httpd to serve /var/www/html created a new policy: with the following: Updates->Update Server: hxxp://update.server.local/ep7/ Advanced Settings-> Repository: hxxp://update.server.local/ep7/ Since I don't understand the contents of ep7/, I'm assuming that the dll/ contents have updates to the engines/binaries. If not, can someone clarify what I'm misunderstanding? Thanks! Ed

Further addendum from fiddling around with setting up the offline repo: 1) The offline repository is split into different paths which I suspect are the different available versions (6.x, 7.x..etc) 2) I needed to create a new update policy to specify the actual path for the systems. i.e. hxxp://update.server.local/ep7/ to specify (I think) for Version 7 stuff Edmund

Hi, Can someone point out if the Linux mirrortool creates all platform's offline repositories (i.e. updates/program updates for Windows/Linux/Mac)? or is it only for Linux updates; and so I'd need to set up an offline repository for Windows? Also, can someone point out if [1] is supposed to be a copy of [2] instead of being Linux specific? Thanks Edmund [1] https://help.eset.com/esmc_install/70/en-US/offline-repository.html?mirror_tool_linux.html [2] https://help.eset.com/esmc_install/70/en-US/offline-repository.html?mirror_tool_windows.html

Hi, As there are a few systems on the lan that doesn't access the Internet; but must have an AV installed, I had set up a mirror repository previously but due to the system responsible for the repository going belly up, I need to set up a new system. The previous system was based on 6.x. I've looked at the KB and have gotten quite confused with how to set up this mirror repository. As I understand it, I need to : create a mirror repository have an offline file in this mirror dir; but the issue is what kind of offline license file is it supposed to be if I need both Endpoint AV and File Security updates? Would it be a "Local Cache" license key? If so, do I specify the # of systems that update from it or can I just have everyone point to that server? in the ESMC server, I set up policies to have the clients point to the update server's mirror. But where does the Apache HTTP Proxy come in? While I believe it replaces the need for the ESMC to 'serve' the repository, it's still on the same system, so I don't quite get this. What is the 'right' way of setting up this? Thanks Ed

I've also been fighting with the Agent installation in a Domain environment. I ended up running esetuninstaller on the problematic systems to remove whatever eset product is on the system and then tried installing it again.

I'm seeing the following in Status.html (as well as the trace.log): Error: CReplicationManager: Replication (network) connection to 'host: "192.168.8.25" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format. Which I think might help. Edmund

To answer my own question: c:\Documents and Settings\All Users\Application Data\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs

Hi Marcos, What is the equivalent directory on XP? Edmund

Hi, Versions: ESET Security Management Center (Server), Version 7.0 (7.0.577.0) ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) I've synchronized SMC with the AD so the SMC now has the list of systems. While the majority systems have checked in, I still have some that are still at "Unknown" status. I've set the GPO policy to set the firewall to allow the agents to connect to the SMC; but still, they aren't connecting. I have 4 XP systems and 1 Windows 7 and 1 Windows 8.0 systems not yet connecting. Aside for the DNS/rDNS setup and the firewalls, what other things should I look at? Thanks! Edmund

This could be a routing issue or a firewall issue. Can you ping the ESMC server from the PC? (assuming echo packets are permitted) As I understand it, the Agent requires (assuming you didn't change the port #) port 2222 to be open for incoming/outgoing on both the ESMC server and the PC. Ed

Hi, Can someone clarify whether I understand the Update Modules task correctly. The ESMC server contains a link to the module update repository and Internet-capable clients go directly to that repository; whereas, those clients that don't have direct access to the Internet, need to get the updates via ESMC. Thanks Edmund

Regarding the product activation item, I've finally managed to get my system activated via ESMC; but it wasn't a simple process. I had to uninstall the Agent and AV manually via esetuninstaller. I had to reboot and gpupdate quite a few times before the Agent would install. I did a Software Install push task to install AV7. Once that's done, I had to push an product activation task; but that failed, so I disabled the firewall and tried again and it worked. (So I'm guessing I need to tweak the firewall settings. However, that said, I did encounter a few issues that could be possible bugs: Installing the Agent on a system with multiple NICs would be a crapshoot as it's possible that the agent enumerates the NICs differently and so takes the first NiC it finds, which unfortunately was the wrong one. I had to disable the 'wrong' nic, (and firewalls) before it could activate the product. Possible solution: Check if there is an internet connection on both and take the one with the internet connection. If none of the NICs have internet connection, then it wouldn't matter which one to take (I would think). Software Install push will not complete. It will continue to say Running long after I've rebooted the system in question. [attachment shown to have a system that's already activated + pending Module update but the software install task is still running (which it isn't)] Thanks Edmund PS: Even if I product activate and module update, when I re-enable the 2nd NIC, the Agent immediately uses it and thusly any subsequent tasks that require access to the Internet fails. What I need to do is disable the 2nd NIC, run the updates, and then re-enable them again. A workaround, for sure; but it is a hassle to do this.(Just saying... no offense to anyone).

I believe that the Agent/AV UI enumerates the 2nd NIC first and the first nic last. Which explains why it uses the 10.12 instead of 0.12. Does anyone know how I can fix this? Thanks Edmund

Apparently not. Anyway,created a new account and imported the ELA info.