mlottgie

Another issue seems to be the versions. We recently upgraded ERA to 6.5.417.0. But the clients are still on 6.4.2014.0. Does the >= 6.5 on the edit exclusion pages mean that this will not apply? Note that this also did not work before the update of ERA, although we never had @NAME= in the rules.

So @NAME=Win32/RemoteAdmin.RAdmin.AC ???

We use Radmin here and have for years. Despite several different methods of trying to exclude it from detection, we still get alerts including Malware Outbreak emails for at least one of the desktops. It is detected as "potentially unsafe application;Win32/RemoteAdmin.RAdmin.AC;Variant;Startup scanner." This image shows the exclusion we have for this. We also have path exclusions: and several others like this including path *rserver3.exe* - Nothing seems to work here.

Most if not all of the machines showing this error are VPN clients (SonicWALL Global VPN). This includes my home machine which is not on the domain and where I run my own independent copy of the consumer version of ESET.

Our computer and user OUs from AD appear to be present, including locations where currently disabled accounts are located. Is there any way to hide these disabled accounts in the console?

We recently deployed using Rip and Replace, which worked for 95% of our machines or at least the ones that were actually on over the holidays. We were replacing Kaspersky with ESET. However, some machines failed during the install leaving USB and sometimes network and video drivers non-operational. Subsequently, using manual install, we found a couple of machines which hung during the Installing drivers phase. Killing Dropbox foreground and service apps allowed the install to continue immediately.

We have recently started deploying ESET Endpoint Security 6.4.2014.0 in a corporate setting of around 500 machines. For many of our laptop clients, we are now receiving the following alerts: Duplicate IP addresses detected in network Detected ICMP Flooding attack However, I am certain that there are not any duplicate ip addresses. If the problem were this widespread, we would have found it by now. I have been here for over 5 years. Could this have something to do with users who do not disable the WIFI when hard wired? Possible, but we are also seeing this for remote VPN clients as well. For what it's worth, we have a high-end SonicWALL firewall.

Using our ESET R&R package, about 10% of workstations fail to update and get the "Undocumented serious error (0x1106)" message. I found instructions for version 5.X to remotely clear the workstation update cache. But, I cannot find the same instructions for 6.X. Note that we are also using a proxy on the ESET RA server for updates. Since we have a policy in place, I cannot disable the proxy on the workstation. I suppose that I must remove the policy assignment, but that is done based on AD location. In most cases after running the update repeatedly 5-10 times, it will start working. It seems to cycle between downloading 185M and 97M of updates.

We had the same problem yesterday on one of the first 25 or so machines. Deleting the OST file and allowing it to finish rebuilding seemed to work.

We are deploying successfully through SCCM for the most part. But, we are using the Rip and Replace method.

We are a new ESET customer using rip and replace to install ESET Endpoint Security, and we use Outlook 2010. We installed ESET via group policy last night on a couple of machines. One user complained that her emails had all been set to read. I confirmed that they were also set to read in Outlook Web App. I don't know what can be done about it at this point, but does this sound familiar? Let me know what other details you might need.