rpremuz
-
Posts
39 -
Joined
-
Last visited
Posts posted by rpremuz
-
-
An endpoint got a temporary problem with contacting ESET LiveGrid servers. The problem was reported to the ESET Protect server which marked the endpoint with a yellow mark. Although the problem got away, the alert mark was not cleared automatically.
Is there a way to clear that alert manually?
-- rpr.
-
I'd just like to add that we are also seeing this issue with ESET Endpoint Antivirus 8.1.2037.2 on MS Windows 10 Pro. machines and Outlook for Microsoft 365 clients (ver. 2109 Build 16.0.14430.20292 64-bit) connecting to Exchange Online.
-- rpr.
-
Marcos, I quoted two sync logs in the first post. Here are two more from today:
11:01:26 OCN: {I8:0x00000000-01EAFF29} 11:01:26 Checking local modifications 11:01:26 Ignore property: 0x3FFA001F 11:01:26 Compare named property: EsetMessageFlag 11:01:26 Getting remote properties 11:01:26 Checking remote modifications 11:01:26 Compare (conflict) named property: EsetMessageFlag 11:01:26 Local: {I4:1} 11:01:26 Remote: {Error (0x8004010F)} 11:01:26 Not equal (conflict) named property: EsetMessageFlag 11:01:26 Local modification: {10:01:17.0072 17/11/2020 [DD/MM/YYYY]} 11:01:26 Remote modification: {10:01:15.0591 17/11/2020 [DD/MM/YYYY]} 11:01:26 Conflict generated, local item is winner
10:58:16 OCN: {I8:0x00000000-01EAF9ED} 10:58:16 Checking local modifications 10:58:16 Ignore property: 0x3FFA001F 10:58:16 Compare named property: EsetMessageFlag 10:58:16 Getting remote properties 10:58:16 Checking remote modifications 10:58:16 Compare (conflict) named property: EsetMessageFlag 10:58:16 Local: {I4:1} 10:58:16 Remote: {Error (0x8004010F)} 10:58:16 Not equal (conflict) named property: EsetMessageFlag 10:58:16 Local modification: {09:58:08.0357 17/11/2020 [DD/MM/YYYY]} 10:58:16 Remote modification: {09:58:08.0954 17/11/2020 [DD/MM/YYYY]} 10:58:17 Conflict generated, remote item is winner
We do not use ESET on MS Exchange Online.
-- rpr.
-
On a PC I imported OutlookSyncIssuesFix_enable.xml to ESET Endpoint Antivirus (Setup > Import/Export settings) and then restarted Outlook but after that it is still recording new sync issues (and conflict emails).
-- rpr.
-
Hello!
Our users on MS Windows 10 Pro. 2004 64-bit machines with ESET Endpoint Antivirus 7.3.2036 use current Outlook for Microsoft 365 clients with email accounts on Exchange Online.
The ESET toolbar in Outlook is enabled.
A dozen of times every day Outlook records sync issues that include description as the following and the corresponding email message is saved to the Conflicts subfolder (which consumes mailbox space):
15:01:29 OCN: {I8:0x00000000-01E9D201}
15:01:29 Checking local modifications
15:01:29 Compare property: 0x007D001F
15:01:29 Ignore property: 0x3FFA001F
15:01:29 Compare named property: EsetMessageFlag
15:01:29 Compare named property: Emon Scanner Build
15:01:29 Getting remote properties
15:01:29 Checking remote modifications
15:01:29 Compare (conflict) property: 0x007D001F
15:01:29
15:01:29
15:01:29 Not equal (conflict) property: 0x007D001F
15:01:29 Local modification: {14:01:24.0006 16/11/2020 [DD/MM/YYYY]}
15:01:29 Remote modification: {14:01:23.0113 16/11/2020 [DD/MM/YYYY]}
15:01:29 Conflict generated, local item is winner14:54:08 OCN: {I8:0x00000000-01E9C1CF}
14:54:08 Checking local modifications
14:54:08 Ignore property: 0x3FFA001F
14:54:08 Compare named property: Emon Scanner Build
14:54:08 Getting remote properties
14:54:08 Checking remote modifications
14:54:08 Compare (conflict) named property: Emon Scanner Build
14:54:08 Local: {I4:47480}
14:54:08 Remote: {Error (0x8004010F)}
14:54:08 Not equal (conflict) named property: Emon Scanner Build
14:54:08 Local modification: {13:54:03.0373 16/11/2020 [DD/MM/YYYY]}
14:54:08 Remote modification: {13:54:08.0523 16/11/2020 [DD/MM/YYYY]}
14:54:09 Conflict generated, remote item is winnerAccording to some threads on this forum, the issue exists for a long time and I wonder why it has not been fixed yet.
Any suggestions?-- rpr.
-
I was able to update ESET Rogue Detection Sensor to v. 1.1.693.1 by installing rdsensor_x64.msi from All-in-one Installer (x64.zip) for ESMC 7.2.11.3 (downloaded from https://www.eset.com/int/business/security-management-center/download/).
For upgrading Apache Tomcat from 7.0.96 to 9.0.39 I followed instructions from https://help.eset.com/esmc_install/72/en-US/upgrading_apache_tomcat_windows.html Though, the article does not say that after restoring server.xml file from previous installation you have to edit it to update the Tomcat path in the following line:
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 9.0\.keystore"
Otherwise, the Apache Tomcat service will not start.
-- rpr.
-
I restarted the Windows Server and started the task again which finished successfully.
Now I see the following versions:
- ESET Management Agent 7.2.1266 - upgraded
- ESET Security Management Center Server 7.2.1278.0 - upgraded
- ESET Rogue Detection Sensor 1.1.693.0 - not upgraded
- Apache Tomcat 7.0.96 - not upgraded
KB3690 says that ESMS 7.2.11.3 on Windows should contain newer versions of the following components:
- ESET Rogue Detection Sensor 1.1.693.1
- Apache Tomcat 9.0.35
Why the upgrade task in web console did not upgrade those components? Is it possible to do it manually?
-- rpr.
-
Hello,
I am trying to upgrade ESET Security Management Center from v. 7.1.27.0 to 7.2.11.3. SMC is running on a MS Windows Server 2012.
I followed instructions given at https://support.eset.com/en/kb7384/
Installation prerequisites at https://help.eset.com/esmc_install/72/en-US/prerequisites_server_windows.html are all met.I created the upgrade task in
Tasks > Client Tasks > ESET Security Management Center > Security Management Center Components Upgrade
with ESET Security Management Center Server, ver. 7.2.1278.0 for Windows
and started it but after 3 hours it is still running, which is not expected I'd say.The web console is accessible and after user login it says:
Programs and Features still shows ESET Security Management Center Server 7.1.717.0.How to solve this issue?
-- rpr.
-
On https://help.eset.com/eea/7/en-US/installation_command_line.html I've found parameters that can be used for specifying GUI language with MSI file that is used in the client task: PRODUCT_LANG and PRODUCT_LANG_CODE
I successfully tested the following settings in my client task specification that installs ESET Endpoint Antivirus in US English:
-
Hi!
In SMC I have created a client task for the installation of ESET Endpoint Antivirus 7.3.2032 from eea_nt64.msi package downloaded from https://www.eset.com/int/business/portfolio/
The task will run on our machines with MS Windows 10 1903 64-bit.
We would like that the product is installed with English GUI on all machines regardless of Windows language settings of particular machine but I don't see an option to define GUI language while creating the task in SMC. Can that be achieved with an installation parameter?
-- rpr.
-
On https://help.eset.com/esmc_install/70/en-US/prerequisites_server_windows.html I see that ESMC Server on Windows requires Java/OpenJDK. This is further explained in https://support.eset.com/kb7088/ and it seems that the article says that Java Development Kit (JDK) has to be installed on the server. Is it correct or Java Runtime Environment (JRE) would be enough for ESMC to work?
-
I am also seeing this error on a Windows Server with MS SQL Server 2012 Express LocalDB (ver. 11.4.7469.6) and MS SQL Server 2012 Native Client (ver. 11.4.7001.0) that were installed with MS Azure AD Connect ver. 1.1.888.0.
On 12/12/2018 at 10:40 AM, Marcos said:The problem is the dll C:\Windows\System32\1033\sqlnclir11.rll is not properly signed. Since ekrn works as a protected service, only properly signed dlls can be loaded in the protected process.
If you don't observe any other issues caused by this, please ignore the error. Should it cause any issues, temporarily disable protected service in the HIPS setup and reboot the machine until Microsoft addresses the issue by properly signing the dll.
BTW, sqlnclir11.rll is not a DLL but a RLL file explained here:
https://docs.microsoft.com/en-us/sql/relational-databases/native-client/applications/components-of-sql-server-native-clientI do not understand why ekrn service, that works as a protected service, needs to load sqlnclir11.rll file.
-
12 minutes ago, Marcos said:
Please contact your local customer care that should provide you with a logging version of the Outlook plug-in for further troubleshooting.
The error mentions the integration with Outlook Express/Windows Mail, not Outlook (which is incorrectly written in the subject of this topic). In our site nobody uses Outlook Express/Windows Mail.
-
I can add to this that the error is triggered by a user log out from Windows.
You can get rid of the error by disabling the ESET integration into Outlook Express/Windows Mail if they are not used on the machines:
Advanced Setup > WEB AND EMAIL > Email client protection > EMAIL CLIENT INTEGRATION > Disable "Integrate into Outlook Express/Windows Mail"
-
Today I also got this error from a Windows Server 2012 R2 with ESET File Security v. 6.5.12010.0. I'd say the server does not have either Outlook Express or Windows Mail installed.
Why does ESET AV report this problem? If this is a bug, is it going to be fixed anytime soon?
-
Hi!
On MS Windows 10 Pro. v. 1703 we use ESET Endpoint Antivirus 6.5.
In Windows Defender Security Center there is the App & browser control section with three settings (see the attached screenshot).
I'd like to know if these settings are irrelevant when ESET Endpoint Antivirus is running? If not, then what is the best option to choose for each setting:
- Check apps and files
- SmartScreen for Microsoft Edge
- SmartScreen for Windows Store apps
-- rpr.
-
We are also seeing this error coming from some ESET clients (ESET Endpoint Antivirus v. 6.5.2094, Windows 10 Pro. 64-bit - v. 1511).
-
We are using ERA 6.3.136.0 and have ERA Agent 6.3.136.0 and ESET Endpoint AV 6.4.2014.0 installed on Windows clients.
In the policy settings for the Agent we disabled the "Report if operating system is not up-to-date" option:
Also, in the policy settings for ESET Endpoint AV we disabled the following setting:
USER INTERFACE > USER INTERFACE ELEMENTS > Application statuses > Operating system is not up to dateThe policies are successfully applied on the clients but in spite of that the ERA Console displays the security notification (yellow exclamation mark):
while the detailed information contains the Operating system is not up to date message:
How to get rid of that notifications in ERA Console?-- rpr.
-
In our Windows domain network we wanted to upgrade ESET Endpoint Antivirus 6.2.2033.0 to v. 6.4.2014.0 via ERA 6.3.136.0.
First we upgraded the ERA Agent on the Windows 7/8.1/10 clients to v. 6.3.136.0, which finished fine.
Then we tested the ESET Endpoint Antivirus upgrade via installation tasks that run the appropriate msi installer (eea_nt32_enu.msi or eea_nt64_enu.msi). We noticed that the tasks failed if a user was logged on in Windows. The error was:
SoftwareInstallation: Installation failed with: (0x643), Fatal error during installation (0x643), Service 'ESET Service' (ekrn) could not be installed. Verify that you have sufficient privileges to install system services., ...
After additional troubleshooting we found out that the error is caused by the Process Explorer running on the client machines. I reported a similar problem with ESET Endpoint AV 5.0 in this forum: https://forum.eset.com/topic/2927-upgrade-of-endpoint-antivirus-50-gives-error-1923/
So, so solve this issue we had to kill the Process Explorer before starting upgrade of ESET AV -- this can be done remotely with pskill tool (also of Mark Russinovich):
pskill -t \\hostname procexp.exe
-- rpr.
-
I've upgraded ESET Remote Administrator v. 6.2.11.1 to v. 6.3.136.0 and I'd like to report my experience with the procedure.
ESET Remote Administrator v. 6.2.11.1 was installed on s MS Windows Server 2012 using the ESET Remote Administrator 6 All-in-one Installers for MS Windows 64-bit. After the configuration ERA was running fine and we were able to remotely install and administer our ESET clients in the ERA Web Console.
For the upgrade to ERA 6.3.136.0 I followed instructions given on hxxp://help.eset.com/era_install/63/en-US/?components_upgrade.htm which recommends using the Remote Administrator Component Upgrade task available in the Web Console:
- ADMIN → Client Tasks → All Tasks → ESET Remote Administrator → Remote Administrator Components Upgrade → New
- NAME: Remote Administrator Components Upgrade
- TASK: Remote Administrator Components Upgrade
- TARGET: myserver
- TRIGGER: As soon as possible
- SETTINGS
- enable "I agree with application End User License Agreement"
- REMOTE ADMINISTRATION SERVER: ESET Remote Administration Server 6.3.136.0 for Windows
- disable "Automatically reboot when needed"
- Finish
The console reported that the task finished successfully. But some parts of the Web Console showed an error:
- ADMIN → Client Tasks showed "FAILED TO LOAD DATA: INTERNAL REPORT ERROR"
- ADMIN → License Management showed "FAILED TO LOAD DATA: REPORT TEMPLATE IS INCORRECT"
The log file in C:\Windows\temp\ra-upgrade-agent.log did not mention any obvious errors.
I tried to fix the issue by restarting the server at a later time but to no avail. ERA components had the following versions:
- ESET Remote Administrator Agent 6.3.136.0 - upgraded
- ESET Remote Administrator Server 6.2.171.0 - old version
- ESET Rogue Detection Sensor 1.0.959.0 - old version
So, I conclude that the Remote Administrator Component Upgrade task upgraded only the ERA Agent while other two components were not upgraded.
The troubleshooting section of the manual recommends performing a manual component-based upgrade of ERA Server and Web Console as explained on hxxp://support.eset.com/kb3668/#component. I followed those instructions and upgraded all the ERA components successfully but I must admit that the procedure was quite difficult, partially due to some mistakes in that KB article which you can find in the attachment.
Here is the procedure of the manual upgrade:
- From https://www.eset.com/int/download-business/ download ESET Remote Administrator 6 All-in-one Installers for MS Windows 64-bit and unpack it in "C:\Temp\ESET Remote Admin 6.3.136.0".
- Stop Apache Tomcat 7.0 service (after that you can't use the ERA Web Console).
- Back up "C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\era".
- Remove "C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\era\webconsole".
- With 7-Zip open "C:\Temp\ESET Remote Admin 6.3.136.0\installers\era.war" and unpack it to "C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\era" overriding the existing files.
- Restore the EraWebServerConfig.properties file from the backup, that is copy old "...\era\WEB-INF\classes\sk\eset\era\g2webconsole\server\modules\config\EraWebServerConfig.properties" to "C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\era".
- Upgrade ERA Remote Administrator Server to v. 6.3.136.0 by running "C:\Temp\ESET Remote Admin 6.3.136.0\installers\Server_x64.msi". The most difficult part in this step is "Database server connection" where you have to specify the database settings you used with ERA 6.2. In my case the upgrade finished successfully. I started the Apache Tomcat 7.0 service and logged in to ERA Web Console which did not show the "FAILED TO LOAD DATA" errors any more.
- Upgrade ESET Rogue Detection Sensor to v. 1.0.1049.0 by running "C:\Temp\ESET Remote Admin 6.3.136.0\installers\RDSensor_x64.msi". In my case the upgrade was also successful.
Finally, I also upgraded Apache Tomcat v. 7.0.64 to v. 7.0.69 as instructed on hxxp://help.eset.com/era_install/63/en-US/index.html?upgrading_apache_tomcat_windows.htm.
I also tried to upgrade the Apache Tomcat to ver. 8.0.35 but the service would stop immediately after start. Its logs showed that the following line from server.xml is not accepted by the new version:
<Listener className="org.apache.catalina.core.JasperListener"/>
-- rpr.
- ADMIN → Client Tasks → All Tasks → ESET Remote Administrator → Remote Administrator Components Upgrade → New
-
We have the same issue with Endpoint AV v. 6.2.2033.0 and virus signature database 13102.
Alerts mention the following threads:
JS/ScrInject.B trojan
HTML/Refresh.BC trojan
HTML/Phishing.Agent.B trojan
-
I can't find "Do not display notification about successful update" option in ESET Endpoint Antivirus 6.2.2033 advanced setup. Can someone please drop a screenshot?
-- rpr.
-
We installed ESET File Security v. 4.5.12017.0 in March 2015 from efsw_nt64_enu.msi which was digitally signed on 21 August 2014 and its size is 74.233.856 bytes.
On the other hand the efsw_nt64_enu.msi file I downloaded today was digitally signed on 17 July 2015 and its size is 74.372.608 bytes.
So, how can these installers be the same?
-- rpr.
-
Hello!
On a MS Windows Server 2012 R2 we have ESET File Security 4.5.12017.0 installed -- see the attachment.
I tried to upgrade it to the latest version available for download: 4.5.12071.0 but after starting the installation package (efsw_nt64_enu.msi) the wizard offers only to repair or remove the installation, not to upgrade -- see the attachment.Instead the wizard should present the options as shown at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2790,Figure 1-2.
How to solve this issue?
-- rpr.
How to clear an alert reported to ESET Protect server from an endpoint?
in ESET PROTECT On-prem (Remote Management)
Posted
It seems that the alert about ESET LiveGrid servers went away after the restart of the endpoint.
-- rpr.