Peter Randziak
-
Posts
3,511 -
Joined
-
Last visited
-
Days Won
207
Posts posted by Peter Randziak
-
-
Hello @j-gray,
15 hours ago, j-gray said:Yes, this is specific to OS X with EP v7 and latest EI server/connector v1.9. EI Connector is successfully activated for some time, then reverts to inactivated with the 'RUN_LOOP_ERROR RUN_LOOP_TIMEOUT' errors logged repeatedly.
It seems that my colleague reproduced it we probably revealed the root cause.
The licenses are being removed on upgrade of the EEAM. So when it is upgraded to the v7, the loop errors start to appear and after the system reboot it starts to report that the EI connector is not activated.
The solution is to reactivate the EI connector so it will store again the license.
The fix needs to be done on the side of endpoint, the colleague will report it to the team responsible to address it.Peter on behalf of our EI support specialist
-
On 1/23/2023 at 5:21 PM, j-gray said:
I posted in the other thread, as well, but I'm finding that at least some of the v7 OS X clients that appear activated then days later show not activated log the details below. It also seems to hang on the specific date it quit working. As in, today is the 23rd, but the Events Statistics are all from: 2023-01-17 22:00:36, To:, 2023-01-17 22:00:36
Hello @j-gray,
sad to hear that such unpleasant issue still affects your environment 😞
As I mentioned in the other topic, a hotfix which should address such issues is on QA.
Can you please test it wit it, once it becomes available?
If it won't help, we can investigate the issue directly with you.Peter
-
Hello @j-gray,
On 1/20/2023 at 10:00 PM, j-gray said:As far as OS X v7, I'm having better luck with product activation, but some of them, once activated become deactivated again and log the following:
So you have the latest EEA for macOS v7 and EI server and connector on the latest versions too?
The product specialist is trying to reproduce the issue.
With EEA from macOS 6 latest and EI connector 1.9 everything works without any issues.
If it will stay this way, an upgrade to EEA for macOS to v.7 will be performed to see how it behaves on it...The hotfix mentioned above is on QA now, hopefully it will address most of the issues reported
Peter
-
On 1/20/2023 at 7:07 PM, j-gray said:
@Peter Randziak Sorry about that, too many support cases. It should be #00444283. I'm unable to edit my previous post, however.
In our case, we would see the following logged and EP console would show not activated. Note the 1969-12-31 date:
2022-11-29 00:00:32 00d08 Error: License check failed. License no longer active. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_E_EI_NO_LICENSE (21801)
2022-11-29 00:00:32 00d08 Info: ESET Inspect integration with Endpoint has been successfully enabled
2022-11-29 00:01:32 00d08 Error: License check failed. Try 1 out of 5. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_E_EI_NO_LICENSE (21801)
2022-11-29 00:02:32 00d08 Error: License check failed. Try 2 out of 5. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_E_EI_NO_LICENSE (21801)
2022-11-29 00:03:32 00d08 Error: License check failed. Try 3 out of 5. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_E_EI_NO_LICENSE (21801)
2022-11-29 00:04:32 00d08 Error: License check failed. Try 4 out of 5. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_E_EI_NO_LICENSE (21801)
2022-11-29 00:04:45 00be8 Info: Events Statistics, From:, 1969-12-31 17:00:00, To:, 1969-12-31 17:00:00, Duration (s):, 0, Events Per Second:, 0.000, Events:, 0, File:, 0, Registry:, 0, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 0, Injections:, 0, Dll:, 0, Traffic:, 0, Info:, 0, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 0, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 0, TrafficInterval:, 0, Executions:, 0, Subprocesses:, 0, Connections:, 0, LoadUnloadDriver:, 0, Batch Size (bytes):, 15
2022-11-29 00:04:50 00938 Info: Events sent successfully to server.ip:8093. Server responded with 200 status code in 0s011ms.
2022-11-29 00:05:32 00d08 Error: License check failed. Try 5 out of 5. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_E_EI_NO_LICENSE (21801)
2022-11-29 00:06:32 00d08 Error: License check failed. License no longer active. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_E_EI_NO_LICENSE (21801)
2022-11-29 00:06:32 00d08 Info: ESET Inspect integration with Endpoint has been successfully enabledHello @j-gray,
not an issue, one may get easily confused. Also editing the posts might lead to an confusion so better to have it as a new post.
I checked it with the EI support specialist and he told me that this should be addressed in the hotfix release, which is about to come...
It should address the activation issues, issues with the stats reporting (showing the year 1969/1970), high RAM usage and EI connector crashes.Peter
-
On 1/22/2023 at 11:33 PM, just said:
So threatsense parameters can't replace real-time file protection? @peteyt
As shown on the screenshot below, the Threat sense parameters for the Real-time filesystem protection are being configured here.
As advised before, the settings are configured for a optimal balance between performance and security for the general usage. So I recommend to keep them in the defaults.Peter
-
On 1/20/2023 at 4:43 PM, kingoftheworld said:
With the shift of priorities, is it expended that EEAv6 for macOS will be extended beyond Dec 23?
It is possible / probable, but the final decision on it hasn't been made yet...
-
Hello @Dan Burner,
the ECS 7 is currently available for BETA testing
https://forum.eset.com/topic/34778-eset-cyber-security-7-beta-for-macos-with-completely-new-architecture-is-available/ -
-
7 minutes ago, MrZork said:
I was trying to avoid US downloads, so I wouldn't want to activate a US license.
Sorry about that, my memory does not serve me well 😞
Installer for which ESET product do you need? -
Hello,
7 minutes ago, MrZork said:Not sure I follow.
as I mentioned earlier, the installers are binary identical on the US servers and EU ones so use the one offered by the Download site.
The Technical support and other services are being provided based on your license, so just activate the installed product with an license obtained from the ESET US.Peter
-
Hello @j-gray,
I checked it with the EI support specialist and he mentioned that there are 2 cases with such behavior reported under investigation (EI dev team). The activation logs are showing correct data, so they need to investigate it further.
The case #00477123 seems to be regarding memory consumption issues with EI/SQL, not sure if that is related to the above issue.
-
Hello,
yes some of the features available in the previous generation are not yet available in the v.7.
It was planned to be available during this year, but as the priorities may reshuffle it is not guaranteed.Peter
-
-
37 minutes ago, avielc said:
awefully swamped, but felt I need to keep up with you guys.
Your dedication is awesome 😉
37 minutes ago, avielc said:So I escalated a request to our Account Exec in ESET Israel,
Support contacted back, collected EP,EIServer,ERA logs from everywhere and sent as ticket to Global ESET.
I hope this would move things forward a little.37 minutes ago, avielc said:Everything else was collected and sent to ESET so I hope for good news in a few days.
Glad to hear that the data and logs were collected and the case is on the HQ support, I hope they will be able to tackle it with you to reveal what is going on there...
Please keep us posted.
38 minutes ago, avielc said:Thanks Peter
Slowly going back to normal.
Glad to hear that.
Peter
-
Thank you for reporting it, for sure it's worth checking.
Hopefully the Tech support guys and devs will be able to find the root cause of the issue... -
I assume it might have disabled the Web access protection, so apparently there is an issue with the setup 😞
-
7 hours ago, Chas4 said:
found that issue (might be the installer or from upgrading over stable), the bug breaks network connections have to remove the proxy (it will prompt to add it back on each reboot if it is not there)
I would recommend to uninstall the v.6, reboot the system and install the BETA.
7 hours ago, Chas4 said:found that issue (might be the installer or from upgrading over stable), the bug breaks network connections have to remove the proxy (it will prompt to add it back on each reboot if it is not there)
If such happened, we would like to have it checked. Can you please file a ticket with the logs to have it checked, if possible?
Glad to hear that the scanning performance has been improved for you.
-
Hello @Chas4,
as far as I know it is a loopback used by the Web access protection
The ::1 is a correct IPv6 loopback address , see for example https://en.wikipedia.org/wiki/LocalhostPeter
-
Hello @itman,
I checked it internally, it is O.K. that those files are being submitted. So was assumption was not correct. 😞
Once the download is completed, the files is still has the part in the file name, it is being renamed afterwards...Peter
-
37 minutes ago, Prakash J said:
Good Day,
May we know when will ESET Endpoint Endpoint for macOS 7 will be released?
We would like to have it released during this year.
-
21 hours ago, itman said:
@Peter Randziak there is something strange going on with the Eset international web site downloads. Any download initiated there is triggering Eset VirusLab submission whether the file is downloaded or not:
Time;Component;Event;User
1/12/2023 9:44:24 AM;ESET Kernel;File 'iBvrjmAv.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEM
1/12/2023 9:45:46 AM;ESET Kernel;File 'Vqh46bjL.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEM
1/12/2023 9:49:16 AM;ESET Kernel;File 'sYJ70dVS.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEMhmm the part files shouldn't be send as far as I know.
The ESET web does not matter, it is not handled anyhow specially.
Can you please share the full log entries from the Sent files log, including the hashes? (you may send them privately to me). -
18 hours ago, j-gray said:
@Peter Randziak The OS X license module bug was discovered last January, a year ago. I'm guessing that there are no plans to fix the bug in v6.
We're slowly upgrading OS X to EPv7, but that brings its own set of issues and we have 800 clients, so it will be a slow process.
Well as you said as the priority is the v7 development.
With the EEA/EES for macOS the EI should work even if it reports issues with licensing.
Naturally it takes time to upgrade such fleet, especially on multiple platforms.18 hours ago, j-gray said:I'm having difficulty keeping up with all the updates and patches across two platforms (Windows and OS X), EP and EI servers, clients, agents and connectors. It's also difficult to troubleshoot support issues when versions keep changing.
The Auto-updates should make it much easier to maintain.
Peter
-
22 hours ago, avielc said:
Definitely not fun to have all kinds of exhaustions out of nowhere.
I was very exhausted too, but luckily it got better quickly. I hope it will start to improve on your side too...
22 hours ago, avielc said:Regarding logs, I'm having issues with that.
I can not have it done on an employee's computer.
and I will need to have ECP logging enabled for 2-3 days running on a demo machine that won't be doing any tasks, so I can't tell if I can reproduce it.Enabling ECP logging even on production machine shouldn't be an issue.
It logs just the communication of the endpoint with the licensing authority, it communicates rarely and the xml files are very small.22 hours ago, avielc said:I hope he can play with it and reproduce it easily, if he needs more steps from me to reproduce it, please let me know.
We will see, but to be honest I'm afraid it won't be so easy to reproduce. If it would I assume the QA had noticed it...
-
On 1/10/2023 at 7:03 PM, avielc said:
(i’m only partially available due to long COVID and loads of work.
Sad to hear that, I hope it will get better soon.
On 1/10/2023 at 7:03 PM, avielc said:Completely removing eea/ees with fresh install of v7 and the deploying eei 1.9 without license (activation separately. Only worked for a short amount of time of about 2-3 days. And the. The product is not activated again.
I do not have time to diagnose it unfortunately too many projects at hand.
but this is the still ongoing for v1.9/V7hope this helps. I assume it can be easily reproduced by QA support.
I spoke with our EI support guy, one colleague reported that EPv 10 (Win), EI 1.9 a ESM 7 works fine.
So I assume we would need ECP logs from your case, if you will have time you may enable the ECP logging and provide us with the log once the issue manifests so we can check it.
The guy told me that tomorrow he will get a new MacBook so he will play with it...Peter
Slowly going back to normal.
EEAV 10.0.2034 causing BSOD
in ESET Endpoint Products
Posted
Hello @Mindflux,
I checked the minidump briefly, but I wasn't able to find any useful info.
Please provide us with the complete memory dump and output from ESET Log Collector so we can analyze the issue properly.
Feel free to send the download details to me and Marcos via a private message with reference to this forum topic.
Peter