Jump to content

rpremuz

Members
  • Posts

    39
  • Joined

  • Last visited

Posts posted by rpremuz

  1. Marcos, I quoted two sync logs in the first post. Here are two more from today:

    11:01:26 OCN: {I8:0x00000000-01EAFF29}
    11:01:26 Checking local modifications
    11:01:26 Ignore property: 0x3FFA001F
    11:01:26 Compare named property: EsetMessageFlag
    11:01:26 Getting remote properties
    11:01:26 Checking remote modifications
    11:01:26 Compare (conflict) named property: EsetMessageFlag
    11:01:26 Local: {I4:1}
    11:01:26 Remote: {Error (0x8004010F)}
    11:01:26 Not equal (conflict) named property: EsetMessageFlag
    11:01:26 Local modification: {10:01:17.0072  17/11/2020 [DD/MM/YYYY]}
    11:01:26 Remote modification: {10:01:15.0591  17/11/2020 [DD/MM/YYYY]}
    11:01:26 Conflict generated, local item is winner
    10:58:16 OCN: {I8:0x00000000-01EAF9ED}
    10:58:16 Checking local modifications
    10:58:16 Ignore property: 0x3FFA001F
    10:58:16 Compare named property: EsetMessageFlag
    10:58:16 Getting remote properties
    10:58:16 Checking remote modifications
    10:58:16 Compare (conflict) named property: EsetMessageFlag
    10:58:16 Local: {I4:1}
    10:58:16 Remote: {Error (0x8004010F)}
    10:58:16 Not equal (conflict) named property: EsetMessageFlag
    10:58:16 Local modification: {09:58:08.0357  17/11/2020 [DD/MM/YYYY]}
    10:58:16 Remote modification: {09:58:08.0954  17/11/2020 [DD/MM/YYYY]}
    10:58:17 Conflict generated, remote item is winner

    We do not use ESET on MS Exchange Online.

    -- rpr.

  2. Hello!

    Our users on MS Windows 10 Pro. 2004 64-bit machines with ESET Endpoint Antivirus 7.3.2036 use current Outlook for Microsoft 365 clients with email accounts on Exchange Online.

    Clipboard01.png.e2011b16c9e8ffebf24405b71c590eb1.png

    The ESET toolbar in Outlook is enabled.

    A dozen of times every day Outlook records sync issues that include description as the following and the corresponding email message is saved to the Conflicts subfolder (which consumes mailbox space):

    15:01:29 OCN: {I8:0x00000000-01E9D201}
    15:01:29 Checking local modifications
    15:01:29 Compare property: 0x007D001F
    15:01:29 Ignore property: 0x3FFA001F
    15:01:29 Compare named property: EsetMessageFlag
    15:01:29 Compare named property: Emon Scanner Build
    15:01:29 Getting remote properties
    15:01:29 Checking remote modifications
    15:01:29 Compare (conflict) property: 0x007D001F
    15:01:29 
    15:01:29 
    15:01:29 Not equal (conflict) property: 0x007D001F
    15:01:29 Local modification: {14:01:24.0006  16/11/2020 [DD/MM/YYYY]}
    15:01:29 Remote modification: {14:01:23.0113  16/11/2020 [DD/MM/YYYY]}
    15:01:29 Conflict generated, local item is winner

    14:54:08 OCN: {I8:0x00000000-01E9C1CF}
    14:54:08 Checking local modifications
    14:54:08 Ignore property: 0x3FFA001F
    14:54:08 Compare named property: Emon Scanner Build
    14:54:08 Getting remote properties
    14:54:08 Checking remote modifications
    14:54:08 Compare (conflict) named property: Emon Scanner Build
    14:54:08 Local: {I4:47480}
    14:54:08 Remote: {Error (0x8004010F)}
    14:54:08 Not equal (conflict) named property: Emon Scanner Build
    14:54:08 Local modification: {13:54:03.0373  16/11/2020 [DD/MM/YYYY]}
    14:54:08 Remote modification: {13:54:08.0523  16/11/2020 [DD/MM/YYYY]}
    14:54:09 Conflict generated, remote item is winner

    According to some threads on this forum, the issue exists for a long time and I wonder why it has not been fixed yet.
    Any suggestions?

    -- rpr.

  3. I was able to update ESET Rogue Detection Sensor to v. 1.1.693.1 by installing rdsensor_x64.msi from All-in-one Installer (x64.zip) for ESMC 7.2.11.3 (downloaded from https://www.eset.com/int/business/security-management-center/download/).

    For upgrading Apache Tomcat from 7.0.96 to 9.0.39 I followed instructions from https://help.eset.com/esmc_install/72/en-US/upgrading_apache_tomcat_windows.html Though, the article does not say that after restoring server.xml file from previous installation you have to edit it to update the Tomcat path in the following line:

    keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 9.0\.keystore"

    Otherwise, the Apache Tomcat service will not start.

    -- rpr.

  4. I restarted the Windows Server and started the task again which finished successfully.

    Now I see the following versions:

    • ESET Management Agent 7.2.1266 - upgraded
    • ESET Security Management Center Server 7.2.1278.0 - upgraded
    • ESET Rogue Detection Sensor 1.1.693.0 - not upgraded
    • Apache Tomcat 7.0.96 - not upgraded

    KB3690 says that ESMS 7.2.11.3 on Windows should contain newer versions of the following components:

    • ESET Rogue Detection Sensor 1.1.693.1
    • Apache Tomcat 9.0.35

    Why the upgrade task in web console did not upgrade those components? Is it possible to do it manually?

     

    -- rpr.

  5. Hello,

    I am trying to upgrade ESET Security Management Center from v. 7.1.27.0 to 7.2.11.3. SMC is running on a MS Windows Server 2012.

    I followed instructions given at https://support.eset.com/en/kb7384/
    Installation prerequisites at https://help.eset.com/esmc_install/72/en-US/prerequisites_server_windows.html are all met.

    I created the upgrade task in
    Tasks > Client Tasks > ESET Security Management Center > Security Management Center Components Upgrade
    with ESET Security Management Center Server, ver. 7.2.1278.0 for Windows 
    and started it but after 3 hours it is still running, which is not expected I'd say.

    The web console is accessible and after user login it says:

    screenshot1.png.60889547780d1ef2cd21be4bb931efb0.png


    Programs and Features still shows ESET Security Management Center Server 7.1.717.0.

    How to solve this issue?

    -- rpr.

  6. Hi!

    In SMC I have created a client task for the installation of ESET Endpoint Antivirus 7.3.2032 from eea_nt64.msi package downloaded from https://www.eset.com/int/business/portfolio/

    The task will run on our machines with MS Windows 10 1903 64-bit.

    We would like that the product is installed with English GUI on all machines regardless of Windows language settings of particular machine but I don't see an option to define GUI language while creating the task in SMC. Can that be achieved with an installation parameter?

    -- rpr.

  7. I am also seeing this error on a Windows Server with MS SQL Server 2012 Express LocalDB (ver. 11.4.7469.6) and MS SQL Server 2012 Native Client (ver. 11.4.7001.0) that were installed with MS Azure AD Connect ver. 1.1.888.0.

    On 12/12/2018 at 10:40 AM, Marcos said:

    The problem is the dll C:\Windows\System32\1033\sqlnclir11.rll is not properly signed. Since ekrn works as a protected service, only properly signed dlls can be loaded in the protected process.

    If you don't observe any other issues caused by this, please ignore the error. Should it cause any issues, temporarily disable protected service in the HIPS setup and reboot the machine until Microsoft addresses the issue by properly signing the dll.

    BTW, sqlnclir11.rll is not a DLL but a RLL file explained here:
    https://docs.microsoft.com/en-us/sql/relational-databases/native-client/applications/components-of-sql-server-native-client

    I do not understand why ekrn service, that works as a protected service, needs to load sqlnclir11.rll file.

  8. Hi!

    On MS Windows 10 Pro. v. 1703 we use ESET Endpoint Antivirus 6.5.

    In Windows Defender Security Center there is the App & browser control section with three settings (see the attached screenshot).

    I'd like to know if these settings are irrelevant when ESET Endpoint Antivirus is running? If not, then what is the best option to choose for each setting:

    • Check apps and files
    • SmartScreen for Microsoft Edge
    • SmartScreen for Windows Store apps

    -- rpr.

    Clipboard03.png

  9. We are using ERA 6.3.136.0 and have ERA Agent 6.3.136.0 and ESET Endpoint AV 6.4.2014.0 installed on Windows clients.
     
    In the policy settings for the Agent we disabled the "Report if operating system is not up-to-date" option:
    post-1494-0-26161500-1465808232_thumb.png

    Also, in the policy settings for ESET Endpoint AV we disabled the following setting:
    USER INTERFACE > USER INTERFACE ELEMENTS > Application statuses > Operating system is not up to date

    post-1494-0-64614700-1465808232_thumb.png

     

    The policies are successfully applied on the clients but in spite of that the ERA Console displays the security notification (yellow exclamation mark):

    post-1494-0-43867500-1465808231_thumb.png

    while the detailed information contains the Operating system is not up to date message:

    post-1494-0-78590200-1465808231_thumb.png

    How to get rid of that notifications in ERA Console?

     

    -- rpr.

  10. In our Windows domain network we wanted to upgrade ESET Endpoint Antivirus 6.2.2033.0 to v. 6.4.2014.0 via ERA 6.3.136.0.

     

    First we upgraded the ERA Agent on the Windows 7/8.1/10 clients to v. 6.3.136.0, which finished fine.

     

    Then we tested the ESET Endpoint Antivirus upgrade via installation tasks that run the appropriate msi installer (eea_nt32_enu.msi or eea_nt64_enu.msi). We noticed that the tasks failed if a user was logged on in Windows. The error was:

     

    SoftwareInstallation: Installation failed with: (0x643), Fatal error during installation (0x643), Service 'ESET Service' (ekrn) could not be installed. Verify that you have sufficient privileges to install system services., ...

     

    After additional troubleshooting we found out that the error is caused by the Process Explorer running on the client machines. I reported a similar problem with ESET Endpoint AV 5.0 in this forum: https://forum.eset.com/topic/2927-upgrade-of-endpoint-antivirus-50-gives-error-1923/

     

    So, so solve this issue we had to kill the Process Explorer before starting upgrade of ESET AV -- this can be done remotely with pskill tool (also of Mark Russinovich):

    pskill -t \\hostname procexp.exe

    -- rpr.

  11. I've upgraded ESET Remote Administrator v. 6.2.11.1 to v. 6.3.136.0 and I'd like to report my experience with the procedure.

     

    ESET Remote Administrator v. 6.2.11.1 was installed on s MS Windows Server 2012 using the ESET Remote Administrator 6 All-in-one Installers for MS Windows 64-bit. After the configuration ERA was running fine and we were able to remotely install and administer our ESET clients in the ERA Web Console.

     

    For the upgrade to ERA 6.3.136.0 I followed instructions given on hxxp://help.eset.com/era_install/63/en-US/?components_upgrade.htm which recommends using the Remote Administrator Component Upgrade task available in the Web Console:

    • ADMIN → Client Tasks → All Tasks → ESET Remote Administrator → Remote Administrator Components Upgrade → New
      • NAME: Remote Administrator Components Upgrade
      • TASK: Remote Administrator Components Upgrade
      • TARGET: myserver
      • TRIGGER: As soon as possible
      • SETTINGS
      • enable "I agree with application End User License Agreement"
      • REMOTE ADMINISTRATION SERVER: ESET Remote Administration Server 6.3.136.0 for Windows
      • disable "Automatically reboot when needed"
      • Finish

    The console reported that the task finished successfully. But some parts of the Web Console showed an error:

    • ADMIN → Client Tasks showed "FAILED TO LOAD DATA: INTERNAL REPORT ERROR"
    • ADMIN → License Management showed "FAILED TO LOAD DATA: REPORT TEMPLATE IS INCORRECT"

    The log file in C:\Windows\temp\ra-upgrade-agent.log did not mention any obvious errors.

     

    I tried to fix the issue by restarting the server at a later time but to no avail. ERA components had the following versions:

    • ESET Remote Administrator Agent 6.3.136.0 - upgraded
    • ESET Remote Administrator Server 6.2.171.0 - old version
    • ESET Rogue Detection Sensor 1.0.959.0 - old version

    So, I conclude that the Remote Administrator Component Upgrade task upgraded only the ERA Agent while other two components were not upgraded.

     

    The troubleshooting section of the manual recommends performing a manual component-based upgrade of ERA Server and Web Console as explained on hxxp://support.eset.com/kb3668/#component. I followed those instructions and upgraded all the ERA components successfully but I must admit that the procedure was quite difficult, partially due to some mistakes in that KB article which you can find in the attachment.

     

    Here is the procedure of the manual upgrade:

    1. From https://www.eset.com/int/download-business/ download ESET Remote Administrator 6 All-in-one Installers for MS Windows 64-bit and unpack it in "C:\Temp\ESET Remote Admin 6.3.136.0".
    2. Stop Apache Tomcat 7.0 service (after that you can't use the ERA Web Console).
    3. Back up "C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\era".
    4. Remove "C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\era\webconsole".
    5. With 7-Zip open "C:\Temp\ESET Remote Admin 6.3.136.0\installers\era.war" and unpack it to "C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\era" overriding the existing files.
    6. Restore the EraWebServerConfig.properties file from the backup, that is copy old "...\era\WEB-INF\classes\sk\eset\era\g2webconsole\server\modules\config\EraWebServerConfig.properties" to "C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\era".
    7. Upgrade ERA Remote Administrator Server to v. 6.3.136.0 by running "C:\Temp\ESET Remote Admin 6.3.136.0\installers\Server_x64.msi". The most difficult part in this step is "Database server connection" where you have to specify the database settings you used with ERA 6.2. In my case the upgrade finished successfully. I started the Apache Tomcat 7.0 service and logged in to ERA Web Console which did not show the "FAILED TO LOAD DATA" errors any more.
    8. Upgrade ESET Rogue Detection Sensor to v. 1.0.1049.0 by running "C:\Temp\ESET Remote Admin 6.3.136.0\installers\RDSensor_x64.msi". In my case the upgrade was also successful.

    Finally, I also upgraded Apache Tomcat v. 7.0.64 to v. 7.0.69 as instructed on hxxp://help.eset.com/era_install/63/en-US/index.html?upgrading_apache_tomcat_windows.htm.

    I also tried to upgrade the Apache Tomcat to ver. 8.0.35 but the service would stop immediately after start. Its logs showed that the following line from server.xml is not accepted by the new version:

      <Listener className="org.apache.catalina.core.JasperListener"/>

    -- rpr.

    errata.txt

  12. We installed ESET File Security v. 4.5.12017.0 in March 2015 from efsw_nt64_enu.msi which was digitally signed on ‎21 August ‎2014 and its size is 74.233.856 bytes.

     

    On the other hand the efsw_nt64_enu.msi file I downloaded today was digitally signed on ‎17 July ‎2015 and its size is 74.372.608 bytes.

     

    So, how can these installers be the same?

     

    -- rpr.

  13. Hello!
     
    On a MS Windows Server 2012 R2 we have ESET File Security 4.5.12017.0 installed -- see the attachment.
     
    I tried to upgrade it to the latest version available for download: 4.5.12071.0 but after starting the installation package (efsw_nt64_enu.msi) the wizard offers only to repair or remove the installation, not to upgrade -- see the attachment.

     

    Instead the wizard should present the options as shown at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2790,Figure 1-2.

    How to solve this issue?
     
    -- rpr.

    post-1494-0-47682500-1438096445_thumb.png

    post-1494-0-37628000-1438096451_thumb.png

×
×
  • Create New...