mogobjah

We have installed EFS for Linux on a Cent OS 7 web server and noticed that the CPU usage of "oaeventd" becomes too high, causing the server to hang and respond very slowly. Could anyone advice why is this happening and how can this be rectified? And is there any best practice on settings for EFS running on web servers? Thanks.

Are the new (fixed) v6.5 installers for ESET file security available? Kindly share the download links here. If NO, please provide ETA.

Understand that ESET is working on this. Could you please indicate when can we expect to receive the second version of the patch that supports the rest of the affected versions? We need to provide customers a clear picture on this.

The given solution worked. Thanks.

Looks like the module reappears every time the PC is rebooted. Please refer below screenshots. Before reboot: After reboot:

Yes, i'm very sure the log was collected following execution of the command and a system reboot.

Hi @Marcos, i have tried your suggested solution, but the result is still the same. I have taken another set of logs for you, just in case. Kindly help to see into this problem. eav_logs.zip

Some updates: Same set of errors even after installing ESET Internet Security. But managed to collect the logs as per your instructions. Also, we have received reports that more customers are facing similar issue. eis_logs.zip Diagnostics folder.rar

Hi Marcos. The logs are attached. eav_logs.zip

Our customer is currently getting the following error message: We upgraded the product from version 9 to the latest version (12.2.23.0). Even tried uninstalling and reinstalling the product from scratch, but the problem persists. Can anyone please help on this? I've taken ESET Log Collector logs from the endpoint, please let me know if its required, i will send it to you privately. Thanks.

After installing ESET File Security for Linux (version 4.5.13.0) on a CentOS 7 server, i'm unable to start the main service "esets". The error it shows is as follows: Output of command: journalctl -xe Can anyone help / advise how to address this issue?

Thanks Martin, i'm attaching the access.log, cache.log and squid.conf files taken from the ERA server. Please advise if you find anything amiss. ERA Squid log.rar

Our customer is using ERA virtual appliance with Squid proxy instead of Apache HTTP proxy - because all traffic to internet has to go through an upper level proxy which requires authentication. We are not sure why, but most of the ESET clients are not receiving update files properly from the Squid proxy. Are you able to see any issue in the attached access log? I notice that there is no ".nup" files being downloaded. Any pointers is appreciated.

Any chance customer made some custom changes in VA configuration? No. The VA was setup based on the steps provided in the official guide. No additional configuration was applied to the VA. Scheduling own tasks or using WebMin for configuration? WebMin is currently enabled. any chance customer is using some outside connections to this VA? This may be possible, but im not exactly sure which command was executed. Currently the server is accessible from outside because they have some PCs in remote offices that they want to manage from the ERA console. For the external agents to communicate back to the server, i had requested the customer to open port 2222 in the firewall (at the time of deployment), but today found out that additionally, port 443 and 22 have been open as well all this while. Since SSH and HTTPS are not really required i have instructed them to close these two ports immediately. but have they tried to reboot it? If so, does this issue with strange "su" is there just after startup? We tried rebooting the server again today. After reboot, the process with "su" command went missing, but strangely another process showed up with command "route -n" with similar (high) CPU usage pattern. As a workaround, I would recommend to check what happens when this problematic process is killed. The customer has a policy of backing up VMs every month, so as suggested, i tried killing the process. Observed the server for a few hours and noticed that the process with high CPU usage is not recreated, but the memory usage keep increasing slowly. I will monitor this further and share the outcome here.

Hi MartinK, as requested. The memory usage also keeps increasing over time since last reboot (yesterday). Fyi, the no of endpoints currently managed by the server is around 100.

For some reason, our customer's ERA VA is showing high CPU usage. The VA is configured with 4 virtual CPUs and on average, the CPU consumption shows between 60-100%. But at times, i notice the usage can go up to 386%, which lasts for a few seconds (Refer screenshot). This is caused by a single process, and triggered by the command "su" (Refer screenshot). Any idea what this means, and is it normal to have this usage pattern? Very high CPU usage Average CPU usage

I'm attaching the traffic captured while the agent is being installed. Thanks. Server IP: 192.168.1.23, Client IP: 192.168.62.225 Agent.rar

Hi, I'm using the latest ERA version 6.5 on a Windows server, not VA. And yes, it was set up by me.

Hi, We are currently in the midst of ESET deployment, and while installing the agent program manually, we are receiving an error with the following message on some client endpoints: "Error occurred while receiving peer certificate (try to reconnect)." The affected client endpoints are able to ping the server and get a reply. And they could also establish telnet connection to the server via port 2222 and 2223 successfully. We tried using the "Offline installation" option instead, but still received an error of certificate password mismatch (Note: We did not set any password for all the certificates). We wonder what this error means, and why is it occurring on a few endpoints only, while other endpoints are able to successfully complete the Server assisted agent installation without any issue. Any help is highly appreciated.