Peter Randziak

Hello @j-gray, I can see the error codes are we well described 20002 is HTTP_HOST_NOT_FOUND 20003 is HTTP_CANT_CONNECT_TO_HOST Do you happen to have any proxy in place? It seems that both point on connectivity / network issue I guess that the logs won't show much more info, but I would give it a try https://help.eset.com/protect_install/10.0/en-US/?component_installation_agent_mac.html In case the issue continues and you are not able to resolve it, please capture a Wireshark log. Make sure to start the packet capture before the download attempt starts. Peter

Hello @SteephenG, as my colleague @Marcos stated before For sure deployment to such fleet of servers needs to be done gradually and with caution. I recommend to upgrade it on the servers, which had the issue before first. If you won't upgrade all the ESET installations before the patching, I recommend them to monitor them via the ESET management console and start the ESET service by a command, if the issue occurs.

Sorry about that, my reading between the lines was apparently incorrect 😞 Please let us know how it went. Thank you for trying it again and for describing the details. Strange that it works here for us. Can you please try it once more with the steps described by our dev team? If it won't work the EI support specialist offered a remote session to check it with you. Would it be an acceptable for you, so we can move this forward? Thank you, Peter

Hello @Seferon, can you share the public license ID of the license affected for us to check? Peter

Hello, you are welcome. Thank you for the confirmation, glad that we were able to address it quickly so you can use it. Peter

Hello, glad to hear that it works for you. Peter

Hello @IggyAl, the addresses required by ESET PROTECT Cloud are listed at https://help.eset.com/protect_cloud/en-US/?prerequisites.html More general article on firewall setup for ESET products and services to work correctly is https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall Peter

Hello @Oliver Tran, It should be resolved now, can you please confirm? Peter (P_EP-27957)

Hello @Trooper, What type of OTP didn't work? SMS? can you please provide us with: 1. logs with debug verbosity 2. exact time of replication with time zone info and user used for replication 3. public IP and ISP name. 4, Wireshark log, if possible Please send those via private message to me, Marcos and TomasP Peter

Hello @Oliver Tran, I will check it for you. Peter

Hello Tom, Good, I recommend to upgrade at least those machines, which had the issue before. The issue manifests only on the first reboot i.e. the one to finish application of the updates. based on what we know, the changes in the new builds should address it. Not an issue, in might not be easy to find... Peter

hello @Thrish P, if the issue persists, can you please. 1. Try a different browser OR clear the cookies, browser cache and restart the browser 2. Record a HAR file capturing attempt to access the ESET PROTECT Cloud console 3. Change the password 4. Upload it to a safe location and send me the download details with a ref. to this forum topic Peter

Hello @pronto, the issue is being discussed at https://forum.eset.com/topic/34804-the-ekrn-service-failed-to-start-patch-tuesday-windows-updates/?do=findComment&comment=161941 As you speak of Windows servers I assume that you have the ESET Server Security for Microsoft Windows Server deployed. The latest 9.0.12017.0 has “IMPROVED: Protected antimalware service will not time out any longer during boot when Windows updates keep the file-system busy” so I recommend them to upgrade to it as they face the issue… Peter

Hello, later it turned out that the real cause is that the EI connector with EEAM 6 is not being activated so it does not have the license file created so on upgrade to EEAM 7 there is nothing to be transferred. So a new activation of EI connector after the upgrade of EEAM to v7 is required... If I recall correctly the hotfix should be released quite soon. Thank you, I'm trying to assist. The thanks should go the the EI support specialist on ESET HQ support, he is doing the real job and I also seen that the replied on the ticket, you have with your local ESET support... Peter

I recommend to have it checked with the Support team, please provide them with the details about the TimeMachine backup storage i.e. what exactly is it and how is it connected.

Hello guys, when it comes to ECS 7 (not the Pro) as far as I know BETA build #2 is not planned, as the release might be quite soon 😉 When it comes to ECS 7 Pro, I can confirm the plan mentioned by my colleague Marcos i.e. in the second half of this year, but let me stress that it is a plan 🙂 It hasn't been decided yet, if it will have a BETA phase or not. Peter

Hello @j-gray, in the part of the log, there are no meaningful errors, the 408 return codes are for "control checker connections", which are supposed to time out after 90 seconds. Those are being written due to the debug logging enabled. I checked it with the support guy and the assumes, that the licensed hasn't been killed. Can you please check if you have killed it as stated at the line 4. "kill licensed service > find its PID via ps aux | grep licensed and kill -9 PID" ? It seems that the steps to create the ECP log files are working for @avielc as he was able to obtain them. Peter

if they were asked by the HQ support I prefer to use that channel so we won't fork it and to prevent checking them twice. I checked the queue and I found the ticket, which your local support has opened with the HQ support so it should arrive there shortly.

Hello @j-gray, You are welcome, I'm trying to assist as it is a long polling issue :-(, I must admit that I'm just a proxy here the hanks goes to our EI support specialist, who is doing the real job. Thank you for trying it out and for the screenshots with SeatID data. We checked the requests for it server side, but haven't found any meaningful requests in that time frame (after my previous post and before your last post). Can you please 1. enable debug EI connector logging > via policy (make sure that the policy was applied to the endpoint in question) 2. sudo launchctl stop com.eset.protection 3. open license_cfg_112.json a license_cfg_322.json a change the logging from false to true 4. kill licensed service > find its PID via ps aux | grep licensed and kill -9 PID 5. sudo launchctl start com.eset.protection 6. reactivate the EI connector 7. wait until the EI connector is reported as not activated 8. Provide us with the content of the ECP folder > /Library/Application\ Support/ESET/Security/var/licensed/ecp 9. collect ESET Log Collector output logs from the mac + EI connector logs Just to confirm you activate the Endpoint and EI by means of the license key i.e. offline license file is NOT used, correct? Thank you, Peter on behalf of the EI support specialist

Hello @karsayor and @st3fan, I apologize for the confusion. We ere checking it internally and it seems that the statement "In order to speed up the process and receive update right after the web/repository release administrators can use "Check for updates" button available in the application GUI." is not correct 😞 The Auto-updates will be available on February 13, before that manual upgrade would be required. Such task is planned to be added to the ESET PROTECT console. Peter

Hello @karsayor, The release to web/repository was on January 30 and will be followed by first phase of Auto-update/uPCU release (50%) on 13 February, while the last phase (100%) is scheduled for 27 February. In order to speed up the process and receive update right after the web/repository release administrators can use "Check for updates" button available in the application GUI. It is a new version and we speak of servers so for sure we need to proceed with caution... Peter

Hello, the bug is being marked as to be fixed to the next version... (P_ECS6M-3138) P.S. if you would like to try out the v7 in BETA, it is already available https://forum.eset.com/topic/34778-eset-cyber-security-7-beta-for-macos-with-completely-new-architecture-is-available/ Peter

Hello @avielc and @j-gray, It suggests that the activation task failed 😞 ,the EI license check is being performed every few minutes Before we proceed with further logs, can you please 1. Check if the EI is activated (does not report the not activated status) and sends data to the server OR in the EI console - when it connected and send the events last time. 2. check if you have the license (i.e. files license_322 and license_cfg_322.json) for EI in /Library/Application\ Support/ESET/Security/var/licensed ? 3. When it starts to report the not activated status, check the license files as mentioned in #2 Thank you, Peter

That should not be an issue, as there is just one version in the BETA. The details like exact product version, OS used and other can be found in the logs...

Do you mean BETA build #2 of ESET Cyber Security or the Pro version, which Tomas Kretek mentioned? Peter