Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by roga

  1. Thanks for all your help @MartinK Everything now resolved.
  2. Hi @MartinK That all worked nicely, and once the server connected to itself, the upgrade task went ahead. One last question, as I have now deleted the traceAll file in the logs directory, will the logging go back to default on next restart?
  3. OK that makes sense: it is a vm and we moved it from one host to another. A little bit annoying, we had some backup software that did the same. I'll try and follow the documentation and let you know how I get on. BTW I haven't quite got the hang of those "blue numbers" yet - when I click on them it goes to a page with lots of reports, but it is not obvious what I have to do next. Thanks for the response and going through those logs.
  4. OK service is running, and only way to restart service (after "traceAll") is to reboot computer, I'll post most recent entries of log when server come back up. See attached part of trace log since reboot and status html in zip. NB name of domain has been replaced by "organisation" Hope the attachments help diagnose the error. regards Roga sample-trace.log status.zip
  5. I have: ESET Security Management Center (Server), Version 7.0 (7.0.577.0)ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) It all functions well in general, however it has lost contact with it's own agent - last contact was in November 2019. And now of course it won't upgrade to the latest version. BTW We do have a password on the agent. Any idea of how I can get the agent to re-register?
  6. I was using the most recent version, so I uninstalled, then reinstalled an earlier version 7.0.2091 - gui is now operating as expected. Where can I download other previous versions? I would like to install the version before the current one. regards roga
  7. I don't think I did that, if I did how would I change it?
  8. This is on a stand alone non-domain computer - no policies (either eset or group policy)
  9. I have Eset Endpoint Security 7.2.2055.0 on win10 pro 1909 I can't get the gui window to show. I've tried right clicking and double clicking the notification icon - nothing happens. If I go to the start menu and click on "Eset Endpoint Security" nothing happens. Task manager shows eset main gui and proxy gui as active, but the windows do not show. Notifications show (e.g. blocked website) I've tried cascade windows on the task bar, and "show open windows" after clicking on "show desktop", I can't see the windows. I have a raedon RX550 graphics card (no idea if that is rele
  10. I am having a problem on a couple of machines managed by esmc regarding windows backup. The issue appears to be addressed (for another product) here: https://support.eset.com/kb6121/ Can I use notation such as \Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD with esmc and efsw? Or is this already excluded for servers as part of the automatic exclusions Or have I perhaps not understood? regard roga
  11. That sounds a good idea, as far as the services, I have just set anything obviously related to ESMC to "disabled" regards Roga
  12. I have just uninstalled esmc from a windows 2012r2 server (from "appwiz.cpl"), however it appears that some components are left behind. e.g. sql server and winpcap. (BTW is there a different way to uninstall ESMC which gets rid of the sql instance and things like winpcap?) I have other services on this machine, some of which use their own instance of sql server. (Actually just one other service, which is a cloud backup service) I can see in my list of services "SQL Server (ERASQL)" So how do I delete the sql server(s) associated with ESMC\ERA, and leave my other services alone?
  13. Sorry @Michalj if I wasn't clear. I do have agents installed on the cleints. I thought perhaps that I might need to roll out an updated agent, but from what I understand from what you have said I can introduce password both on agent and client software by policy, without needing to do anything else. Thanks
  14. Thanks @MichalJ I had already guessed that, so I guess I should clarify my question: I have esmc, all of the clients are managed (windows servers and workstations). In the above scenario, what is the easiest (least work) way to deploy the agent? Is this something that can be done as a client task, or do I need to run that agentinstall bat file?
  15. So back to original question - what is easiest way to roll out password protection of agent on a managed system?
  16. Hi @MichalJ Thanks for the quick response I am trying to mitigate the system following a ransomeware infection which managed to disable eea and efs, will password protection from policy prevent diasabling of protection? - it was my understanding that we also need to protect agent to stop it being disabled
  17. My understanding is that to password protect eset products on a managed system (esmc) the agent needs to be password protected. 1) Am I correct that this is the way to password protect? 2) What is the easiest way to do this for a managed network? regards Roga
  18. Thanks @Marcos that's helpful. Only thing I hadn't done with ESET is to set a password to protect settings. A couple of other things I might do in future: 1) Rename the domain admin account 2) Disable local admin accounts on servers and workstations Also noted remark from @itman re limiting amount of logons before lock out All of these disasters are a learning experience Roga
  19. Hi @Marcos Eset wasn't "deactivated by an attacker" as such in my case, EEA appears to have been deactivated by the malware, i.e. it is not as though a person paused protection and then the computer was attacked. BTW HIPS and " enable detection of potentially unsafe application" was on and everything else up to date. So can I ask when you say "ESET had recognized the ransomware", in theory should ESET have recognised the malware attempting to disable EEA? (Perhaps my variant of the worm hadn't been recognised yet)
  20. I have a small domain managed by ERA with up to date versions and definitions @Marcos said: " The detection was added on June 24. " However I had a win10 machine, which was not open to the internet, running win10 and ESET Endpoint Antivirus, which got infected on Monday 5th Aug. So I'm not sure how that happened?
  21. That appears to have worked, but I ended up having a stale record (i guess linked to the original agent) which I have since deleted, and now all looks OK.
  22. Only way to restart service is to restart the machine, which I have done, but no change. WMI is fine, I can query and get info. So since yesterday, I have rebooted the server, but no change in status
  23. Thanks MichalJ, the "one click" is a helpful idea, will be even better if we can schedule.
  24. That only makes sense if there is a delay in "start ASAP" Yes there is a new task created, but by the time you get to it, might already have started. So, do you know if there is a delay with the default for tasks created this way? How long is that delay for? Most of the software upgrades need a reboot, this is not something that you want to happen on many machines during the working day so wouldn't it be better to be able to select a scheduled time when using context menu? The reason why I use the context menu is to save time (as targets automatically selected), please ESET
  25. ??? When you click on the context menu from dashbaord, it does create a new client task, but is set to run ASAP. My question is "is it possible to set a scheduled time from the context menu". When using context menu there are a number of options to click to accept, but time of schedule is not one of them. btw my mistake, is not "right click", here is what I mean:
  • Create New...