Gregor

Hi, One of our clients is experiencing problems with removing and deactivating computers from ERA. They get non informative error in ERA and this is a part of trace.log from ERA Virtual Appliance: Any ideas what error code 104 is and what to do? Kind regards, Gregor trace-log.txt

Hi, I didn't find via google.fu any related topics about Samsung Secure Folder and ESET Mobile Antivirus. We have a user that is wondering why does ESET Mobile Antivirus require additional license and can't be activated via license they got at purchase of ESET Mobile Antivirus. As it seems the Secure Folder feature requires another install of any app you wanna run in protected folder. Thus ESET asking for another license. Some kind of sandbox. In such case since apparently same license can't be used twice on the same phone, where would it be smart to run ESET Mobile Antivirus? On primary phone or inside secure folder. More info on Samsung Secure Folder: https://seap.samsung.com/content/samsung-galaxy-s8-enhanced-security-feature-secure-folder Best regards, Gregor

Sorry for late reply, but I presume, client would to know which URL triggered alert and possibly block it on firewall. Not really sure to be honest. But that seems logical option.

Hi, I have a client wondering if it's possible to customize notification e-mails send by Threat alert. The default e-mail message does not include URL from where client downloaded threat and they would like to have such an option. I can't find a variable that could be used. Clicking rounded info doesn't display any variable with such option. Are there other variables beside listed ones: %TimeStamp%, %Scanner%, %ComputerName%, %InfectedObject%, %VirusName%. I was hoping there would be something like %URL%. If there are other possible variables to be used a list of them would be welcome. Thanks, Gregor

Hello, I have few couple for our client about setup of EMSX. 1. Where should EMSX be installed on every Exchange Role server or just Transport/Edge. Docs suggest to install EMSX on every Exchange server would that still be best practice? 2. Client has a wish to enable EMSX on only selected mailboxes. Would that even be possible? Not sure why would they like to unprotect certain mailboxes, but that's their question. Possibly they didn't buy enough seats for whole organization, or they would like to skip checking administrative or automation services mailboxes. (I presume the logical solution with out include/exclude mailboxes would be to have separate exchange server for mailboxes they would like to protect and another for unprotected) Best regards, Gregor

I think you are right. For the DG template I also have trigger that runs in depth scan with strict cleaning when computers join the DG with active threats.

Hello, Can anyone explain me please why there are difference in displaying computers with threats in ERA console. We have created a dynamic group which runs in depth scan on any computer that is joined there. But that group displays different threats and computes than Windows computer group. Any ideas why it is so?

1. Yeah it was meant for offline computers without any connection to outside world. 2,3. Thank you.

Hello, I have few questions regarding ERA and ELA from our client. 1. How to find offline computers in ELA/ERA and identify them? 2. Does in-depth scan ran from ERA on a client scan also mapped network drives (i presume this is defined by policy but what about default settings)? 3. Any suggestion on how to find unprotected computers inside large networks? Client is looking for a solution like this: https://blogs.technet.microsoft.com/jchalfant/collection-of-computers-missing-an-application-software-title-in-configuration-manager/ Thank you in advance for any help. Best regards

2017-08-13 06:30:18 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: Untranslatable CInterModuleException: CEcpCommunicator: ECPRequestMessageUnlinkSeatPools request failed, error=0x2051e001. 2017-08-13 06:30:40 Error: LicenseModule [Thread 7f7a4a3e9700]: AddPoolByLicenseKey: Failed to add pool by license key. Error: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:30:40 Error: LicenseModule [Thread 7f7a4a3e9700]: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:30:40 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while adding pool by license key: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:30:40 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: Untranslatable CInterModuleException: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:30:40 Error: LicenseModule [Thread 7f7a4a3e9700]: Could not parse the license file 2017-08-13 06:30:40 Error: LicenseModule [Thread 7f7a4a3e9700]: Could not parse the license file 2017-08-13 06:30:40 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while adding pool by license id: Could not parse the license file 2017-08-13 06:32:28 Error: LicenseModule [Thread 7f7a4a3e9700]: AddPoolByLicenseKey: Failed to add pool by license key. Error: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:32:28 Error: LicenseModule [Thread 7f7a4a3e9700]: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:32:28 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while adding pool by license key: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:32:28 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: Untranslatable CInterModuleException: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:32:28 Error: LicenseModule [Thread 7f7a4a3e9700]: Could not parse the license file 2017-08-13 06:32:28 Error: LicenseModule [Thread 7f7a4a3e9700]: Could not parse the license file 2017-08-13 06:32:28 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while adding pool by license id: Could not parse the license file 2017-08-13 06:34:16 Error: CRepositoryModule [Thread 7f7a4c1ec700]: Error retrieving packages: No such product 'com.eset.apps.business.eslc.linux' 2017-08-13 06:37:56 Error: LicenseModule [Thread 7f7a4a3e9700]: AddPoolByLicenseKey: Failed to add pool by license key. Error: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:37:56 Error: LicenseModule [Thread 7f7a4a3e9700]: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:37:56 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while adding pool by license key: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:37:56 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: Untranslatable CInterModuleException: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:37:57 Error: LicenseModule [Thread 7f7a4a3e9700]: AddPoolBySecurityAdmin: Failed to add pool by security admin account [Login=EAV-0176745435], because the credentials are invalid. Error: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d006. 2017-08-13 06:37:57 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while adding pool by security admin: AddPoolBySecurityAdmin: Failed to add pool by security admin account [Login=EAV-0176745435], because the credentials are invalid. Error: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d006. 2017-08-13 06:37:57 Error: LicenseModule [Thread 7f7a4a3e9700]: Could not parse the license file 2017-08-13 06:37:57 Error: LicenseModule [Thread 7f7a4a3e9700]: Could not parse the license file 2017-08-13 06:37:57 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while adding pool by license id: Could not parse the license file 2017-08-13 06:38:15 Error: LicenseModule [Thread 7f7a4a3e9700]: AddPoolByLicenseKey: Failed to add pool by license key. Error: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:38:15 Error: LicenseModule [Thread 7f7a4a3e9700]: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:38:15 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while adding pool by license key: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:38:15 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: Untranslatable CInterModuleException: CEcpCommunicator: ECPRequestMessageLinkSeatPools request failed, error=0x2051d001. 2017-08-13 06:38:15 Error: LicenseModule [Thread 7f7a4a3e9700]: Could not parse the license file 2017-08-13 06:38:15 Error: LicenseModule [Thread 7f7a4a3e9700]: Could not parse the license file 2017-08-13 06:38:15 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while adding pool by license id: Could not parse the license file 2017-08-13 06:38:55 Error: LicenseModule [Thread 7f7a4a3e9700]: RemovePoolByPoolId: Failed to remove seat pool [PoolID=3AA-NC9-3GT]. Error: CEcpCommunicator: ECPRequestMessageUnlinkSeatPools request failed, error=0x2051e001. 2017-08-13 06:38:55 Error: LicenseModule [Thread 7f7a4a3e9700]: CEcpCommunicator: ECPRequestMessageUnlinkSeatPools request failed, error=0x2051e001. 2017-08-13 06:38:55 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: 3243989 Error while removing license pool: CEcpCommunicator: ECPRequestMessageUnlinkSeatPools request failed, error=0x2051e001. 2017-08-13 06:38:55 Error: ConsoleApiModule [Thread 7f7a3a9d0700]: Untranslatable CInterModuleException: CEcpCommunicator: ECPRequestMessageUnlinkSeatPools request failed, error=0x2051e001. Attaching part of server trace log.

Hello, We have a client whose licenses will not sync between ELA and ERA. They have expanded their licenses seat number, and their number of licenses is displayed correctly in ELA but not in ERA. Our suggestion was to try and remove license from ERA and try to add it again. Now they have a problem removing the license from ERA with error: Failed to remove licenses. Any ideas?

We fixed the new ERA install. Somehow the certificate on the new server was also wrong. Probably they had imported some old certificates. We changed server certificate and redeployed agents with new certificates. That solved our problem, and clients stareted talking to the server. Case closed, thank you for help.

Yes got that far from logs and everything that there are outdated certificates from old server. Not really sure from which server logs were provided. I suppose they are from new server but I'll check tomorrow with client for sure. Yes the new server is fresh install beside the old one on another server or VM. As far I know nothing was migrated. I'm sure certificates were not imported since I checked that by myself. For testing purpose on one of the machines we pushed new agent deployment with newly generated certificate which is valid. Task said agent was installed successfully but computer never appeared as managed in ERA. Client also tried to uninstall everything ESET related from the test machine and pushed install again without any luck. That part they did on their own, so I'm not that sure what was actually performed.

Hello, Excuse me if this was already asked and resolved but I'm quite new to the ESET and a bit lost because of that. One of our client is having problems with upgrade and migrate from old ERA 6.x to the lastest 6.x one. Newer ERA install is running on a different server and IP. As it seems they have some certificate issues. Even on the old ERA clients stopped responding and connecting to ERA in April 2017. Around then their certificate expired and they forgot to renew the certificate. Deploying agent from new install of ERA with new certificate for agent doesn’t help, we used the default generated one on ERA install. Machines still don’t connect even tho task detail displays everything was OK and agent was installed. Also pushing the new config and cerificate to agent doesnć't help. We even tried to completely remove ESET products (agent, antivirus etc) from one machine and then re deploy agent from the new ERA. Same thing it will not connect. Firewalls are supposedly off according to them, didn't have chance to check by myself- Attaching few logs if anyone can help me with this problem: Client trace log: 2017-08-10 14:25:48 Error: NetworkModule [Thread ad8]: Verify user failed for all computers: 192.168.164.12: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain 2017-08-10 14:25:48 Error: NetworkModule [Thread ad8]: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format., ResolvedIpAddress:192.168.164.12, ResolvedHostname:, ResolvedPort:2222 2017-08-10 14:25:48 Error: NetworkModule [Thread ad8]: Protocol failure for session id 11, error:Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format. 2017-08-10 14:25:48 Error: CReplicationModule [Thread 136c]: CReplicationManager: Replication (network) connection to 'host: "opteset.optisis.si" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format. Şome server traces: [root@opteset Agent]# tail trace.log 2017-08-10 11:10:59 Error: CAgentSecurityModule [Thread 7f87ed7fe700]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x1, X509CSF_NotTimeValid 2017-08-10 11:10:59 Error: NetworkModule [Thread 7f87df7fe700]: Verify user failed for all computers: 127.0.0.1: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x1, X509CSF_NotTimeValid 2017-08-10 11:10:59 Error: NetworkModule [Thread 7f87df7fe700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:127.0.0.1, ResolvedHostname:, ResolvedPort:2222 2017-08-10 11:10:59 Error: NetworkModule [Thread 7f87df7fe700]: Protocol failure for session id 559, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. 2017-08-10 11:10:59 Error: CReplicationModule [Thread 7f8763fff700]: CReplicationManager: Replication (network) connection to 'host: "127.0.0.1" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. 2017-08-10 11:11:19 Error: CAgentSecurityModule [Thread 7f87ed7fe700]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x1, X509CSF_NotTimeValid 2017-08-10 11:11:19 Error: NetworkModule [Thread 7f87df7fe700]: Verify user failed for all computers: 127.0.0.1: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x1, X509CSF_NotTimeValid 2017-08-10 11:11:19 Error: NetworkModule [Thread 7f87df7fe700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:127.0.0.1, ResolvedHostname:, ResolvedPort:2222 2017-08-10 11:11:19 Error: NetworkModule [Thread 7f87df7fe700]: Protocol failure for session id 560, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. 2017-08-10 11:11:19 Error: CReplicationModule [Thread 7f8763fff700]: CReplicationManager: Replication (network) connection to 'host: "127.0.0.1" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. [root@opteset Agent]# [root@opteset Server]# tail trace.log 2017-08-10 10:33:07 Error: CRepositoryModule [Thread 7f415c7f0700]: OnlineInstallers: exception on certificate issuer request: GetCertificateIssuer: First try failed with: GetCertificationAuthorityCertificate: certificate record was not uniquely identified by serial number '01e728fabbc4a94ea586d5d62b1d64835501' (found=0), Second try failed with: Build chain failed with NodVerifyTrustResult: 0, NVT_Trusted, X509ChainStatus: 0x1, X509CSF_NotTimeValid 2017-08-10 10:33:48 Error: CRepositoryModule [Thread 7f415c7f0700]: OnlineInstallers: exception on certificate issuer request: GetCertificateIssuer: First try failed with: GetCertificationAuthorityCertificate: certificate record was not uniquely identified by serial number '01e728fabbc4a94ea586d5d62b1d64835501' (found=0), Second try failed with: Build chain failed with NodVerifyTrustResult: 0, NVT_Trusted, X509ChainStatus: 0x1, X509CSF_NotTimeValid 2017-08-10 10:34:27 Error: CRepositoryModule [Thread 7f415c7f0700]: OnlineInstallers: exception on certificate issuer request: GetCertificateIssuer: First try failed with: GetCertificationAuthorityCertificate: certificate record was not uniquely identified by serial number '01e728fabbc4a94ea586d5d62b1d64835501' (found=0), Second try failed with: Build chain failed with NodVerifyTrustResult: 0, NVT_Trusted, X509ChainStatus: 0x1, X509CSF_NotTimeValid 2017-08-10 10:35:08 Error: CRepositoryModule [Thread 7f415c7f0700]: OnlineInstallers: exception on certificate issuer request: GetCertificateIssuer: First try failed with: GetCertificationAuthorityCertificate: certificate record was not uniquely identified by serial number '01e728fabbc4a94ea586d5d62b1d64835501' (found=0), Second try failed with: Build chain failed with NodVerifyTrustResult: 0, NVT_Trusted, X509ChainStatus: 0x1, X509CSF_NotTimeValid 2017-08-10 10:53:44 Error: CRepositoryModule [Thread 7f415c7f0700]: OnlineInstallers: exception on certificate issuer request: GetCertificateIssuer: First try failed with: GetCertificationAuthorityCertificate: certificate record was not uniquely identified by serial number '01e728fabbc4a94ea586d5d62b1d64835501' (found=0), Second try failed with: Build chain failed with NodVerifyTrustResult: 0, NVT_Trusted, X509ChainStatus: 0x1, X509CSF_NotTimeValid 2017-08-10 11:09:07 Error: CRepositoryModule [Thread 7f415c7f0700]: Error retrieving packages: No such product 'com.eset.apps.business.eslc.linux' [root@opteset Server]# Best regards, Gregor