Peter Randziak

Indeed it seems that Apache HTTP proxy has taken all of the free space. When configuring appliance and proxy is enabled, service used to cleanup cache regularly should be enabled. It uses htcacheclean utility to clean cache directory. From my point of view it seems this service is not working or your proxy is heavily used and all those ~40GB of cached files were downloaded recently.
I would recommend to check status of mentioned service:
service htcacheclean status  
Any chance you enabled apache HTTP later, i.e. not during initial appliance configuration? It would explain why cleanups are not enabled.
In order to resolve this issue, easiest would be to clean proxy cache directory. In case it won't help, we will need some trace logs from ESMC services, so that we can check reason why services are not running. It is possible that actually database (MySQL) has to be restarted as it might also stopped working due to insufficient disk space.

I see where you're coming from. Most of the claims you listed can subjectively be understood in several ways, but in general, they are not false, nor misleading - e.g. the product is indeed built on NOD32 technology, as it uses the same malware detection engine, the same database, etc.
I also checked the product's online help pages and they only mention HTTP, POP3 and IMAP protocols, but nevertheless, I will ask our documentation team to include an explicit mention of no support for encrypted protocols at this time, to make it even clearer and more transparent - thank you for the feedback.

Hello @Nassim Mezlini and @RenéM,
we have build 1.0.0.153 of the ESET Password Manager ready, which supports the current Firefox version.
Currently it is available for the pre-release users and should be available for general public in the following days.
So in case you would like to get it right now, please switch your update type to pre-release.
Regards, Peter

Hi
These are completely normal information/records. We know about them and they do not point to any bug or problem. These errors started to appear as a side effect when we changed the push signatures sending from provisioning server but the consequence is that current cores (2.7.x and older) print these messages.
In next ESA version, they will not appear.
We are sorry for the inconvenience.

It is not possible to suppress those events now.
We hope that your monitoring software is capable to exclude them from watching.
regards
vladimir

Thank a lot.
 

Thanks, that means your appliance (VHD) comes from release 7.0.66.0, not latest 7.0.72.0 where we targeted this issue.
We have decided to resolve this issue by changing default limits for all systemd services, it can be done by commands:
sed -i "s/.*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=65535 /" /etc/systemd/system.conf sed -i "s/.*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=65535 /" /etc/systemd/user.conf Modification of service file (eraserver.conf) won't "survive" ESMC upgrade and file will be replaced with version bundled in installer.    

Hello, 


For problems with the iOS12 certificate, please check the iOS 12 requirements https://help.eset.com/esmc_install/70/en-US/?mobile.html 

There should be full-verbosity MSIEXEC installation log with name ra-upgrade-infrastructure.log either in AGENT's Logs directory, or in system temporary directory. It should help us to identify cause of failure of last upgrade attempt.
From symptoms you describe it is possible that AGENT's service cannot stop and thus upgrade fails - in such case, could you provide us version/type of ESET security product you are using on those clients?

Hello ET_31,
The issue is known to us and we will work on it at the beginning of March 2019, thanks for heads-up!
 

This is considered as a bug, and we will work on resolving it in the upcoming release of the product. 

I have checked with the devs, and it looks that the upgrade procedure works in the way, that it modifies the actual content of the apache http proxy, but does not modify installer entries / registry entries. Therefore i´s not changed in there. 

Hi Katbert, it is not a bug, but a result of new installation method. \
You can uninstall ESMC Web Console and Apache Tomcat as follows:
Open the Command Prompt as Administrator Stop the Tomcat7 service:
sc stop Tomcat7 Delete the Tomcat7 service:
sc delete Tomcat7 Navigate to Apache Tomcat installation folder (example shows the default path on 64-bit Windows):
C:\Program Files\Apache Software Foundation\ Delete the apache-tomcat-[version] folder.

So, I've just finished a call with ESET today. I delegated a Windows Server as a mirror. In the client default policy I configured that every client loads their updates from this server. The server loads all the updates File Security and Endpoint Security. My problem is solved.

@tbsky We are not planning to add mariaDB support. Due to our journey to the cloud and also multi-platform compatibility, we will most likely work on the support of MySQL 8 for next major release of ESMC 

Hello @Chinese users, 
the devs analyzed the dump and the conclusion is that version 12.1.23.0 should address this as it has PreCreate part refactored.
This version is so far available for ESET Insiders only, if you are being interested in participation and early access, please send me a private message with a reference to this topic.
Regards, P.R.

Hello @Chinese users,
thank you for providing us with the complete dump.
I used another unpacker to extract the dump and it seems O.K., that's weird.
I will pass the dump to be checked as I'm unable to analyze it to be able to find the root cause.
Can you please provide us a new dump to have a look?
Regards. P.R.

Hi,

No problem today. I'm wondering what could cause this strange behavior for a few days. I'm not aware of any change in my system.

That´s weird. I will report it to our QA to check the behavior. Would it look differently, if you use "replace" instead of append? It should then replace the list, with the one from your policy. All the other entries, will be basically kept.

In appliance, ESMC console is hosted in Apache Tomcat (official CentOS7 package), so you have to modify it's configuration. Configuration file should be located in /etc/tomcat/server.xml. Only known complication is that Apache Tomcat has some special requirements for naming certificate, especially when java keystore file is used.

Could you please check SERVER's trace.log for "Error:" entries from time that login does not works? When did this started to happen? Are you using "\" delimiter when specifying domain name in login screen or some alternative?

In this matter, answer to your direct question is : NO, ESMC / ERA is not serving as repository for update modules / installation files.
You have however following options:
If you have selected the option to setup Apache HTTP Proxy during the installation it will configure all ESMC components and security products to communicate via the HTTP Proxy which is set up on the ESMC server. You can use whatever proxy you have, and just configure ESMC server / agents / security products, to communicate via the proxy. It should be by default caching installers. If you have completely offline environment, as Marcos suggested you can use mirror tool for creating a update mirror, and then host it either using a web server (like IIS) or let the clients update from a folder that is accessible by them. You will have to configure their policies. In this setup, also activation via offline file is needed + you won´t be able to use ESET Live Grid as it´s a cloud based reputation system. In your setup, the option 1 would be the one I would recommend.

According to Fortinet which does annual threat landscape reporting, the "hands down winner" is exploits:
https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2017/fortinet-threat-landscape-report.html
Therefore one's number one security priority should be ensuring all their devices have applied all available OS and app software patches as soon as they are available.

Hello @brandobot, I will contact you via a personal message with further instructions.

ESET doesn't send visited URLs unless related to malware detection. Blacklists are local; either downloaded within the Rapid response module or by LiveGrid in regular intervals. Only Parental control (not part of ESET NOD32 Antivirus) sends DNS requests in an encrypted form to ESET's servers to determine a particular website's classification.

We are looking into it. It's possible that this feature will be moved to the System cleaner which is intended to be used after modification of system settings by malware.