Jump to content

Timotheus

Members
  • Posts

    9
  • Joined

  • Last visited

About Timotheus

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Germany
  1. Greetings Martin, Thanks for getting back to me on this. Regarding the "migration", I did my best to follow the instructions on migrating the VA according to "ESET PROTECT VA upgrade/migration". When I got to the end of the process I had this moment of "Oh, that is where this was leading me." I felt like I had done what was wanted, but not understanding the process when you are following the instructions can cause mistakes that go undetected. But that said, I think it worked. The VA has the following characteristics: OS Type Linux OS Version 7.9.2009 OS Name CentOS ESET Management Agent 8.0.2216.0 ESET PROTECT Server 8.0.2216.0 ESET Rogue Detection Sensor 1.1.615.1 I inserted the directive in the proxy.conf and now (last half hour) I am not seeing the AH01797 errors. Or any other errors for that matter. In the httpd/access_log I am seeing lines like this: xxx.xxx.xxx.xxx - - [29/Dec/2020:11:20:31 +0100] "GET hxxp://i5.c.eset.com:80/v1/auth/4076C93323263A9A5E59/updlist/32/eid/108026/lid/108029 HTTP/1.1" 200 62 "-" "-" The IP address is from my test pc that is set to use the VA proxy for updates. Am I correct in assuming that things are working properly now? Can I now use the proxy for all of my PCs or should I look somewhere else to verify that it is working properly? Best regards!
  2. I recently migrated to ESET PROTECT Virtual Appliance from ESMC. I had not been using the HTTP Proxy, but chose to install it when finishing the installation. Clients cannot get modules from the server. The apache error log shows errors like this: [Mon Dec 28 16:11:49.896463 2020] [access_compat:error] [pid 2663] [client xxx.xxx.xxx.xxx:61361] AH01797: client denied by server configuration: proxy:http:/update.eset.com/ep7-dll-rel-sta/mod_049_horusdb_11471/em049_64_l0.dll.nup As was noted in another thread, "http:/update..." cannot be correct. But I have no idea why a slash should be missing. Does anybody know where this might be coming from?
  3. It seems a bit strange to me, but after adding logging to the policy I now see that computers are being scanned on the ESMC dashboard and also in the log file on my test pc. Does that mean that computers were being scanned but because logging was off ESMC did not find out about it?
  4. I did not enable logging. I am simply judging by the fact that the last scan time does not change inspite of giving in ample opportunity to run. The screenshot you asked for looks like this: But that probably does not mean much with logging turned off. I will turn logging on and see if there is something to be learned there.
  5. By looking at the last scan time. No scans are being run.
  6. Additional Information Version of ERA 7.2.2236.0 OS of ERA Server: Virtual Appliance OS of Client device: Win 10 Pro 64 Management Agent 7.2.1266.0 EES 7.3.2041.0
  7. Recently I changed our EES policy to run Idle-state scan.: I can see in the EES GUI that the policy is effective, but no scans are happening. Just in case I made the same changes to our Agent policy. Still no effect. Does anyone have an idea what might be wrong?
  8. Ok, this is a real help. "htcacheclean -A -p /var/cache/httpd/proxy/ > proxycachelist.txt" give me a file with over 1000 URLs stored. Probably a good indication that good things are happening. But how can I find out more? Is there a way to find out what the cache hit ratio is and if so what would be a good ratio?
  9. I have recently installed the Virtual Appliance (Ver. 6.5.417.0) and gone through the instructions for configuring the HTTP Proxy and the appropriate policies. But I do not see any way of confirming that the setup is working correctly. How can I confim that the PCs are really getting their signatures and updates from the ERA? What should I see in the log files? How can I confirm that ERA is really providing signatures and updates from its cache? When I look at IFTOP the cumulative RX value remains a bit higher then the TX value. That seems odd to me. Are there log files that would indicate that it is caching properly?
×
×
  • Create New...