Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by roga

  1. Hi @MartinK Thanks for the response. That server was a vm, and I made a snapshot before I upgraded. Due to other issues I've reverted that server to an earlier build and all is now working OK. I think I might be better off building a new server and migrating across, but in short term at least everything is now working OK.
  2. I have restarted services (apache, eset protect server and sqlserver) but still get "ERR_CONNECTION_REFUSED" when attempting to use management console. Any ideas? regards Roger
  3. Thanks for all your help @MartinK Everything now resolved.
  4. Hi @MartinK That all worked nicely, and once the server connected to itself, the upgrade task went ahead. One last question, as I have now deleted the traceAll file in the logs directory, will the logging go back to default on next restart?
  5. OK that makes sense: it is a vm and we moved it from one host to another. A little bit annoying, we had some backup software that did the same. I'll try and follow the documentation and let you know how I get on. BTW I haven't quite got the hang of those "blue numbers" yet - when I click on them it goes to a page with lots of reports, but it is not obvious what I have to do next. Thanks for the response and going through those logs.
  6. OK service is running, and only way to restart service (after "traceAll") is to reboot computer, I'll post most recent entries of log when server come back up. See attached part of trace log since reboot and status html in zip. NB name of domain has been replaced by "organisation" Hope the attachments help diagnose the error. regards Roga sample-trace.log status.zip
  7. I have: ESET Security Management Center (Server), Version 7.0 (7.0.577.0)ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) It all functions well in general, however it has lost contact with it's own agent - last contact was in November 2019. And now of course it won't upgrade to the latest version. BTW We do have a password on the agent. Any idea of how I can get the agent to re-register?
  8. I was using the most recent version, so I uninstalled, then reinstalled an earlier version 7.0.2091 - gui is now operating as expected. Where can I download other previous versions? I would like to install the version before the current one. regards roga
  9. I don't think I did that, if I did how would I change it?
  10. This is on a stand alone non-domain computer - no policies (either eset or group policy)
  11. I have Eset Endpoint Security 7.2.2055.0 on win10 pro 1909 I can't get the gui window to show. I've tried right clicking and double clicking the notification icon - nothing happens. If I go to the start menu and click on "Eset Endpoint Security" nothing happens. Task manager shows eset main gui and proxy gui as active, but the windows do not show. Notifications show (e.g. blocked website) I've tried cascade windows on the task bar, and "show open windows" after clicking on "show desktop", I can't see the windows. I have a raedon RX550 graphics card (no idea if that is relevant, but you never know) Any ideas? regards roga
  12. I am having a problem on a couple of machines managed by esmc regarding windows backup. The issue appears to be addressed (for another product) here: https://support.eset.com/kb6121/ Can I use notation such as \Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD with esmc and efsw? Or is this already excluded for servers as part of the automatic exclusions Or have I perhaps not understood? regard roga
  13. That sounds a good idea, as far as the services, I have just set anything obviously related to ESMC to "disabled" regards Roga
  14. I have just uninstalled esmc from a windows 2012r2 server (from "appwiz.cpl"), however it appears that some components are left behind. e.g. sql server and winpcap. (BTW is there a different way to uninstall ESMC which gets rid of the sql instance and things like winpcap?) I have other services on this machine, some of which use their own instance of sql server. (Actually just one other service, which is a cloud backup service) I can see in my list of services "SQL Server (ERASQL)" So how do I delete the sql server(s) associated with ESMC\ERA, and leave my other services alone? This server used to have ERA, then ESMC. I think different versions of the sql server were installed at different times by eset. This is my list of sql and associated files. Sql Server Customer Experience Improvement Program 10.53.6000.34 Microsoft SQL Server 2008 R2 Native Client 10.53.6560.0 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 9.0.30729.4148 Microsoft SQL Server 2008 R2 RsFx Driver 10.53.6000.34 Sql Server Customer Experience Improvement Program 12.3.6024.0 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219 Microsoft SQL Server 2014 Setup (English) 12.3.6329.1 SQL Server 2008 R2 SP2 Database Engine Services 10.53.6000.34 SQL Server 2008 R2 SP2 Database Engine Services 10.53.6000.34 SQL Server 2014 Database Engine Services 12.3.6024.0 Microsoft SQL Server 2008 Setup Support Files 10.1.2731.0 Microsoft SQL Server 2008 Setup Support Files 10.3.5500.0 SQL Server 2014 Common Files 12.3.6024.0 Microsoft VSS Writer for SQL Server 2014 12.3.6024.0 Microsoft Command Line Utilities 11 for SQL Server 11.0.2270.0 SQL Server Browser for SQL Server 2014 12.3.6024.0 SQL Server 2008 R2 SP2 Common Files 10.53.6000.34 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161 Microsoft SQL Server 2012 Native Client 11.4.7462.6 SQL Server 2014 Database Engine Shared 12.3.6024.0 SQL Server 2008 R2 SP2 Common Files 10.53.6000.34 SQL Server 2014 Database Engine Shared 12.3.6024.0 Microsoft SQL Server 2008 R2 Setup (English) 10.53.6560.0 Microsoft ODBC Driver 11 for SQL Server 12.3.6329.1 SQL Server 2014 Common Files 12.3.6024.0 SQL Server 2008 R2 SP2 Database Engine Shared 10.53.6000.34 SQL Server 2008 R2 SP2 Database Engine Shared 10.53.6000.34 Microsoft SQL Server 2014 RsFx Driver 12.3.6329.1 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 SQL Server 2014 Database Engine Services 12.3.6024.0 Microsoft SQL Server 2014 Transact-SQL ScriptDom 12.3.6329.1 regards Roger
  15. Sorry @Michalj if I wasn't clear. I do have agents installed on the cleints. I thought perhaps that I might need to roll out an updated agent, but from what I understand from what you have said I can introduce password both on agent and client software by policy, without needing to do anything else. Thanks
  16. Thanks @MichalJ I had already guessed that, so I guess I should clarify my question: I have esmc, all of the clients are managed (windows servers and workstations). In the above scenario, what is the easiest (least work) way to deploy the agent? Is this something that can be done as a client task, or do I need to run that agentinstall bat file?
  17. So back to original question - what is easiest way to roll out password protection of agent on a managed system?
  18. Hi @MichalJ Thanks for the quick response I am trying to mitigate the system following a ransomeware infection which managed to disable eea and efs, will password protection from policy prevent diasabling of protection? - it was my understanding that we also need to protect agent to stop it being disabled
  19. My understanding is that to password protect eset products on a managed system (esmc) the agent needs to be password protected. 1) Am I correct that this is the way to password protect? 2) What is the easiest way to do this for a managed network? regards Roga
  20. Thanks @Marcos that's helpful. Only thing I hadn't done with ESET is to set a password to protect settings. A couple of other things I might do in future: 1) Rename the domain admin account 2) Disable local admin accounts on servers and workstations Also noted remark from @itman re limiting amount of logons before lock out All of these disasters are a learning experience Roga
  21. Hi @Marcos Eset wasn't "deactivated by an attacker" as such in my case, EEA appears to have been deactivated by the malware, i.e. it is not as though a person paused protection and then the computer was attacked. BTW HIPS and " enable detection of potentially unsafe application" was on and everything else up to date. So can I ask when you say "ESET had recognized the ransomware", in theory should ESET have recognised the malware attempting to disable EEA? (Perhaps my variant of the worm hadn't been recognised yet)
  22. I have a small domain managed by ERA with up to date versions and definitions @Marcos said: " The detection was added on June 24. " However I had a win10 machine, which was not open to the internet, running win10 and ESET Endpoint Antivirus, which got infected on Monday 5th Aug. So I'm not sure how that happened?
  23. That appears to have worked, but I ended up having a stale record (i guess linked to the original agent) which I have since deleted, and now all looks OK.
  24. Only way to restart service is to restart the machine, which I have done, but no change. WMI is fine, I can query and get info. So since yesterday, I have rebooted the server, but no change in status
  • Create New...