Peter Randziak
-
Posts
3,511 -
Joined
-
Last visited
-
Days Won
207
Posts posted by Peter Randziak
-
-
Hello @SteephenG,
as my colleague @Marcos stated before
For sure deployment to such fleet of servers needs to be done gradually and with caution.
I recommend to upgrade it on the servers, which had the issue before first.
If you won't upgrade all the ESET installations before the patching, I recommend them to monitor them via the ESET management console and start the ESET service by a command, if the issue occurs.
-
On 2/1/2023 at 2:07 PM, avielc said:
Hi Peter,
I didn't say that ECP logs work for me,
I said that the local support gave me the same instructions as you did, and "when" I'll reach the point where I can diagnose it, I can send it over to you as well if you wish for it.
Sorry about that, my reading between the lines was apparently incorrect 😞
Please let us know how it went.On 2/1/2023 at 5:28 PM, j-gray said:@Peter Randziak I ran through the steps again, paying close attention to step #4; grep returns two licensed processes. I kill both and rerun the grep command to ensure no other licensed processes are spawned. None are returned. As soon as I issue the 'sudo launchctl start com.eset.protection', two new .json files are generated with logging set to false (and of course read/write permissions removed).
And, same as before, the Activation task reports completed successfully within seconds. The log files look the same as above with the "license state check started" (but no reported results) and the same "unknown connection id received" errors.
EP console still does not report an EI activation error state, however.
Thank you for trying it again and for describing the details. Strange that it works here for us.
Can you please try it once more with the steps described by our dev team?
Quote- stop product: sudo launchctl stop com.eset.protection
-
activate via dummy license: sudo /Applications/ESET...app/Contents/MacOS/lic -k XXXX-XXXX-XXXX-XXXX-XXXX
- After this, /Library/Application Support/ESET/Security/var/licensed/license_cfg.json file is generated.
- the contents of the license_cfg.json file:
{
"State":0,
"Type":0,
"SeatId":"...",
"SeatName":"focal",
"ERA":false,
"Logging":false
}- in a text editor, change Logging to 'true' and save the file:
{
"State":0,
"Type":0,
"SeatId":"...",
"SeatName":"focal",
"ERA":false,
"Logging":true
}- kill licensed service
- start product: sudo launchctl start com.eset.protection
- activate with your real product license
- /Library/Application Support/ESET/Security/var/licensed/ecp folder is generated with ecp logs inside
If it won't work the EI support specialist offered a remote session to check it with you.
Would it be an acceptable for you, so we can move this forward?Thank you, Peter
-
-
Hello,
you are welcome.
Thank you for the confirmation, glad that we were able to address it quickly so you can use it.Peter
-
Hello,
glad to hear that it works for you.
Peter
-
Hello @IggyAl,
the addresses required by ESET PROTECT Cloud are listed at https://help.eset.com/protect_cloud/en-US/?prerequisites.html
More general article on firewall setup for ESET products and services to work correctly is https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall
Peter
-
-
Hello @Trooper,
What type of OTP didn't work? SMS?
can you please provide us with:
1. logs with debug verbosity
2. exact time of replication with time zone info and user used for replication
3. public IP and ISP name.
4, Wireshark log, if possible
Please send those via private message to me, Marcos and TomasPPeter
-
-
Hello Tom,
20 hours ago, pronto said:I have also just installed the first version 9.0.12017.0 on a server
Good, I recommend to upgrade at least those machines, which had the issue before.
The issue manifests only on the first reboot i.e. the one to finish application of the updates.
based on what we know, the changes in the new builds should address it.20 hours ago, pronto said:Sorry for the new thread I opened with this.
Not an issue, in might not be easy to find...
Peter
-
hello @Thrish P,
if the issue persists, can you please.
1. Try a different browser OR clear the cookies, browser cache and restart the browser
2. Record a HAR file capturing attempt to access the ESET PROTECT Cloud console
3. Change the password
4. Upload it to a safe location and send me the download details with a ref. to this forum topic
Peter
-
Hello @pronto,
the issue is being discussed at https://forum.eset.com/topic/34804-the-ekrn-service-failed-to-start-patch-tuesday-windows-updates/?do=findComment&comment=161941
1 hour ago, pronto said:Does anyone know where this comes from
On 12/16/2022 at 6:22 PM, Marcos said:The update generates a lot of disk activity inside C:\Windows\WinSxS\Catalogs by Cl.dll checking file hashes (generates more than 20,000 file opens).
1 hour ago, pronto said:possible any fixes
As you speak of Windows servers I assume that you have the ESET Server Security for Microsoft Windows Server deployed.
The latest 9.0.12017.0 has “IMPROVED: Protected antimalware service will not time out any longer during boot when Windows updates keep the file-system busy” so I recommend them to upgrade to it as they face the issue…
Peter
-
Hello,
later it turned out that the real cause is that the EI connector with EEAM 6 is not being activated so it does not have the license file created so on upgrade to EEAM 7 there is nothing to be transferred. So a new activation of EI connector after the upgrade of EEAM to v7 is required...
If I recall correctly the hotfix should be released quite soon.
On 1/25/2023 at 2:09 PM, avielc said:Thanks again for all the help and support Peter, I appreciate it all dearly.
Thank you, I'm trying to assist. The thanks should go the the EI support specialist on ESET HQ support, he is doing the real job and I also seen that the replied on the ticket, you have with your local ESET support...
Peter
-
20 hours ago, Chas4 said:
From a test I noticed that I could not restore a files in quarantine back to the original location (they were taken from a TimeMachine back on on a network location)
I recommend to have it checked with the Support team, please provide them with the details about the TimeMachine backup storage i.e. what exactly is it and how is it connected.
-
Hello guys,
when it comes to ECS 7 (not the Pro) as far as I know BETA build #2 is not planned, as the release might be quite soon 😉
When it comes to ECS 7 Pro, I can confirm the plan mentioned by my colleague Marcos i.e. in the second half of this year, but let me stress that it is a plan 🙂 It hasn't been decided yet, if it will have a BETA phase or not.Peter
-
Hello @j-gray,
in the part of the log, there are no meaningful errors, the 408 return codes are for "control checker connections", which are supposed to time out after 90 seconds. Those are being written due to the debug logging enabled.
12 hours ago, j-gray said:...in addition; problem with the license files. After changing the logging to 'true', the files are recreated (I assume when the ESET process is restarted) and new file are generated with logging set to 'false'.
In the debug logs, I can see now that the licensing attempts are failing again with the RUN_LOOP errors, but EP console still does not show error/inactivated.
I checked it with the support guy and the assumes, that the licensed hasn't been killed.
Can you please check if you have killed it as stated at the line 4. "kill licensed service > find its PID via ps aux | grep licensed and kill -9 PID" ?It seems that the steps to create the ECP log files are working for @avielc as he was able to obtain them.
Peter
-
11 hours ago, avielc said:
Hi Peter,
I have received a similar request from our local support (assuming that's what they were asked by HQ-support)
Want me to share some results with you as well?if they were asked by the HQ support I prefer to use that channel so we won't fork it and to prevent checking them twice.
I checked the queue and I found the ticket, which your local support has opened with the HQ support so it should arrive there shortly. -
Hello @j-gray,
On 1/27/2023 at 5:41 PM, j-gray said:@Peter Randziak Thanks for your help with this -I greatly appreciate your time and efforts.
You are welcome, I'm trying to assist as it is a long polling issue :-(, I must admit that I'm just a proxy here the hanks goes to our EI support specialist, who is doing the real job.
Thank you for trying it out and for the screenshots with SeatID data.
We checked the requests for it server side, but haven't found any meaningful requests in that time frame (after my previous post and before your last post).
Can you please1. enable debug EI connector logging > via policy (make sure that the policy was applied to the endpoint in question)
2. sudo launchctl stop com.eset.protection
3. open license_cfg_112.json a license_cfg_322.json a change the logging from false to true
4. kill licensed service > find its PID via ps aux | grep licensed and kill -9 PID
5. sudo launchctl start com.eset.protection
6. reactivate the EI connector
7. wait until the EI connector is reported as not activated
8. Provide us with the content of the ECP folder > /Library/Application\ Support/ESET/Security/var/licensed/ecp
9. collect ESET Log Collector output logs from the mac + EI connector logs
Just to confirm you activate the Endpoint and EI by means of the license key i.e. offline license file is NOT used, correct?
Thank you,
Peter on behalf of the EI support specialist -
I apologize for the confusion.
We ere checking it internally and it seems that the statement
"In order to speed up the process and receive update right after the web/repository release administrators can use "Check for updates" button available in the application GUI." is not correct 😞The Auto-updates will be available on February 13, before that manual upgrade would be required.
3 hours ago, karsayor said:Also, is there a way to trigger the Auto-Update/uPCU with a task from management console ?
Such task is planned to be added to the ESET PROTECT console.
Peter
-
Hello @karsayor,
The release to web/repository was on January 30 and will be followed by first phase of Auto-update/uPCU release (50%) on 13 February, while the last phase (100%) is scheduled for 27 February.
In order to speed up the process and receive update right after the web/repository release administrators can use "Check for updates" button available in the application GUI.
It is a new version and we speak of servers so for sure we need to proceed with caution...Peter
-
Hello,
the bug is being marked as to be fixed to the next version... (P_ECS6M-3138)
P.S. if you would like to try out the v7 in BETA, it is already available https://forum.eset.com/topic/34778-eset-cyber-security-7-beta-for-macos-with-completely-new-architecture-is-available/Peter
-
It suggests that the activation task failed 😞 ,the EI license check is being performed every few minutes
Before we proceed with further logs, can you please
1. Check if the EI is activated (does not report the not activated status) and sends data to the server OR in the EI console - when it connected and send the events last time.2. check if you have the license (i.e. files license_322 and license_cfg_322.json) for EI in /Library/Application\ Support/ESET/Security/var/licensed ?
3. When it starts to report the not activated status, check the license files as mentioned in #2
Thank you, Peter -
12 hours ago, Chas4 said:
Last I saw there was no version select for beta when creating a support ticket.
That should not be an issue, as there is just one version in the BETA.
The details like exact product version, OS used and other can be found in the logs... -
6 hours ago, bEeReE said:
Any news about the progress (what‘s going on behind the scenes) and date releasing the next (beta) version?
Do you mean BETA build #2 of ESET Cyber Security or the Pro version, which Tomas Kretek mentioned?
Peter
OS X agent upgrade fails after EP v10 upgrade
in ESET PROTECT On-prem (Remote Management)
Posted
Hello @j-gray,
I can see the error codes are we well described
20002 is HTTP_HOST_NOT_FOUND
20003 is HTTP_CANT_CONNECT_TO_HOST
Do you happen to have any proxy in place?
It seems that both point on connectivity / network issue
I guess that the logs won't show much more info, but I would give it a try
https://help.eset.com/protect_install/10.0/en-US/?component_installation_agent_mac.html
In case the issue continues and you are not able to resolve it, please capture a Wireshark log.
Make sure to start the packet capture before the download attempt starts.
Peter