V2TW

Members
  • Content count

    10
  • Joined

  • Last visited

About V2TW

  • Rank
    N/A

Profile Information

  • Gender
    Male
  1. Do you still have the default proxy policies applied to All group in ERA? If so then the server-side policies will still override the policies you selected in the All-In-One installer after connecting to the server. So what may have happeed is that the client did connect to ERA Proxy initially, but after policy replication Proxy Server setting gets overwritten by server-side policies. I reckon it's better to think of the all-in-one installer policy selection as a temporary configuration used before connecting to ERA.
  2. Hi There, I noticed that whenever I initiate an on-demand scan from ERA to my Linux servers, a /var/log/esets/ndlXXXXXX.dat log file gets created. However the log files are taking up huge amount of disk space (something like 3GB each, taking up total of 20GB). I can see that it's probably because these scans log all scanned files regardless of whether files are infected, but is there anyway to avoid logging everything but just the infected files to reduce the log file size?
  3. hi Marcos, I have the same issue with some of my Endpoints, all of them already have Translation Support module 1583.1 installed, any ideas?
  4. Hi, I've successfully deployed EVS for NSX in my lab environment, however I ran into some problems: 1. For some reason, EVS appliance(the one that does the actual scan) would stop working at some point, all protected guest VMs becomes frozen, i.e. mouse cursor can still move but applications cannot run, looks like filesystem activity is entirely blocked. The only way to fix this is to force restart EVS appliance. I checked /var/log/messages and see a huge number of entries like this: Mar 3 01:09:07 evs-appliance evs_sva[12722]: [WARNING] (EPSEC) [0x3278] Exceeded maximum concurrent events for /vmfs/volumes/57687926-b4eb627e-80fe-1c98ec284388/XXX.vmx full log is attached. This happened twice already and I've only deployed it for 2 days. Is there anything I've mis-configured here? please help. evs_log_messages.zip 2. How to deal with quarantined files in case of false positive? I've tried Upload Quarantine task on protected VM and it fails with message "Ignoring invalid task for VAgentHost". 3. Is Linux guest supported? I tried installing guest introspection driver on a Linux guest and it gets picked up by VAgentHost as protected VM, but it doesn't seem there's any protection, I can download and read Eicar file without getting detected.
  5. I had some success using method below to deploy EEA 6.4 silently to clients with license, you're welcome to try: create an "install.ini" file with following content and put it in the same folder of EEA 6.4 MSI: [Property] INSTALLED_BY_ERA=1 ACTIVATION_DATA=key:<your 20 letter license key> Then use your standard MSI installation scripts to do the installation, install.ini will get picked up by the installer as long as they're in the same folder. Keep in mind that this is an undocumented feature so results may vary, also obviously this requires connection to ESET servers in order for activation to work.
  6. On a side note, it seems that in the 6.4 appliance the htcacheclean service isn't properly enabled regardless of whether ENABLE HTTP PROXY is selected during initial setup. I had to run following 2 commands to properly enable it: mkdir -p /etc/systemd/system/httpd.service.requires ln -s /usr/lib/systemd/system/htcacheclean.service /etc/systemd/system/httpd.service.requires
  7. Anything strange in /var/log/eset/RemoteAdministrator/Server/trace.log ?
  8. The option to rejoin domain/factory reset etc only appears in the 6.4 version of the appliance. If you only did component upgrade task and upgrade ERA in the original 6.2 appliance to 6.4, the appliance itself(i.e. all the non-ERA components, including that console menu) still won't be updated. You can follow the steps below to migrate your current appliance to the latest version: hxxp://support.eset.com/kb5725/?viewlocale=en_US
  9. Trying using file://\\SERVERNAME\Folder1\Folder2\Agent.bat The KB uses Powershell command to download the batch file, so chances are you can use it by prefixing the address with file://. However please note that you need to make sure permissions are correct when using shared folders, because Scheduler executes command using local SYSTEM account, which means in an AD environment these are equal to computer accounts. So IMO the easiest way is to put the batch file in the Apache HTTP server installed by ERA (C:\Program Files\Apache HTTP Proxy\htdocs) and use hxxp://era.server.com:3128/Agent.bat.
  10. Please sign me up ERA 6,5 private beta, thanks!