chockomonkey

Thanks for sharing all that info. I am using the default ESET policy for Endpoint deployments, so it should be doing regular scans. Based on your suggestion I'll look at increasing the strictness of cleaning. I am curious--how do you differentiate between the on-demand scanner and the real-time protection with regards to the warning screens? Lastly, where does Idle-state scanning come into the mix? I had assumed, incorrectly it seems, that the window which had popped up on these workstations was from the idle-state scan.

Ah okay, well thanks for replying anyway. Out of necessity, all instances of this were manually deleted via the window that was on users' screens. Perhaps infections aren't reported to ERA or the logs when they are manually handled...

Thanks for that. So basically ESET pushed out a definition update which added this new scrinject.b threat, and during routine scanning it located various instances of it in cache? That would make sense as to it's sudden appearance. However, why wouldn't this show up in ERA or local logs?

Hi all, I've experienced some atypical behavior from ESET Endpoint Antivirus this morning and I'm looking for some insight. I have received multiple reports from users about an ESET window on their screen when they came into work this morning. One employee took a photo of this window, which I've attached. It reads: Normally ESET Endpoint Antivirus just 'does its thing' in keeping malware, phishing attempts, trojans, and other malicious events under-wraps. I get notifications about its success in my ESET Remote Administrator where I make certain that the infections were properly handled, which, they always have been. However there are certain things about this event that leaves me scratching my head: 1. This is the first time in over a year of using ESET Endpoint Antivirus 6+ that users have ever seen this window or have had their input required. 2. These events do not show up in ESET Remote Administrator. 3. These events do not show up in the local logs on the workstations. Can someone please help me understand why this is?

Thanks for the confirmation. I'll make a task to coincide with my next maintenance window, after which I'll reboot them manually.

First off I'd like to point out that it's odd that there is not a more straight-forward upgrade for incremental versions of your software built in to ERA. If there is, please let me know! For the Endpoint Antivirus product, I followed a help article here which basically said to create a Software Install task, select the new version of EEA, do not select a license, and then select reboot when necessary. This actually worked flawlessly across 19 clients. For EFS this does not seem like a good solution as I do not ever want my servers restarting except when I do it myself after properly shutting down their running services. For now, I'm creating an installer without a license which I plan to try to install over the existing product manually. But in the meantime, what is considered best practice for upgrading ESET File Security for Windows Server? Are there any plans to make this more streamlined? Thanks!

Hey thanks for the reply. It was my bad for not specifying our environment--Win7 Defender is the one in question, and it claims to have real-time protection on.

They seem to work just fine together, but if there's no benefit to be had and I can safely disable Windows Defender, then who wouldn't want the extra performance? I'm just curious what y'all do. Cheers!

So, I think i figured out what i did. This is the package i installed, quite by accident actually: So now my question is: Due to the Core product being behind 2 versions, is it safe to use? Can it be activated? Actually based on this article https://support.eset.com/kb2789/?locale=en_US&viewlocale=en_US, it seems that i should uninstall this and proceed with regular EFSW, which unlike this version can be administered via ERA 6+

Ohh, okay. I see what you mean now, and it does look like it was installed:

Thanks for offering to help, MichalJ-- I'm almost certain my licenses are okay: Here's the Execution history for my Deployment task: I have not tried to activate manually, because the application does not seem to be installed on any of the above machines. All that is installed on each is the ESET shell, which I'm guessing comes with the Agent, which did properly deploy.

I hope the length of this post isn't scaring people away form helping.. I have purchased file security, but am currently unable to use it because ERA will not deploy it. Help!

Perhaps I could just use the "Antivirus - Maximum security" policy? Is that fine for a file server that also runs SQL Server and Quickbooks server?

Yea I really really wish I'd tested it more thoroughly before rolling it all out since I definitely would have preferred to stay on 5. I agree with you--while I can understand their move to the web console for larger distributed applications, for a small business like the one at which I work, its entirely unnecessary and i find myself realizing just how limited web consoles are. Everything from the time to display data to the lack of right-click context menus.. it's just all so clunky.

Is there a better way to activate these across the board? Certainly you don't expect users to click through every single section to enable the policies for a default policy application?

Oh, wow, thanks Marcos. I thought the grayed out circle meant that it was currently selected. I see now that I need to go through and select the correct administration settings for all the settings in this policy.

When I initially deployed File Security two a couple domain controllers for testing purposes, I had created the installer with an ESET built-in policy (Antivirus - Real-time scanner only) which claims that it is "Optimized performance for server." I was told here than I should instead use the Default configuration first, as it'll provide better protection and only roll back things if i have issues.. makes sense! So i created a default policy and applied it to the group in which these two domain controllers reside. Is there something else i need to do to get this policy to be followed? Portions of File Security are still not enabled, even though they are in the policy i've applied to the group: Any advice would be great. Thanks!

I'm trying to use ERA to deploy File Security to 2 hypervisors and a domain controllers. Unfortunately, the task fails ambiguously. I say ambiguous because all the information i'm given is that the task failed. Let me point out that it'd be immensely helpful to have more information in the task execution area. even a link from the failed area to a report or a log file would be an improvement. These things existed in ERA5, and should be in new versions of your software. Searching for information as to why, I generated a report which further confused me: Here you can see my two hypervisors. For some reason when I generated the task, there was a task for Security Product, as well as Operating System. Looking back at the Admin section, I can only assume this is because when I click onto one Software Install section, two are indeed selected, one for Security Product and the other for Operating system. If anyone can explain this bizarre behavior, that'd be great. So, at this point in time it seems that my Deploy File Security Task, while failed, did succeed in at least some of its capacity. Supporting this is the fact that the File Security icon now appears near my hypervisors: However, the software does not appear to be present on either (I have rebooted them both): What further confuses me, is that as you can see above, there's an alert on VHOST. The alert is that the product is not activated: This seemed silly, but nevertheless i went ahead and attempted an activation task, which failed as well. Lastly, when I look in the log files (again, this manual step should NOT be necessary), I see a lot of this, which I can only assume is related to my issues, but I have no idea what to do about it: Please help! What used to be a simple deployment of software in ERA < 6, is now a major time-consuming and confusing mess! Thanks for your time.

I assume that ERA is in active development, but as i was trying to troubleshoot failed tasks yesterday i came upon this post: https://forum.eset.com/topic/4414-anyway-to-see-installation-failure-reason/ Which is a couple years old, pointing out the missing feature from ERA 5. It's pretty bizarre that in a newer product, we have to do more work.. a sentiment that has essentially defined my experience with ERA 6.

Thanks so much filips.

Thanks for the confirmation, but your answer leads me to another question-- In the case that I want to change something via policy (so that i can apply the desired change to multiple computers), does the lack of a default policy in Remote Administrator means I have nothing to tweak? Or, if I create a new policy myself, is it in the default state out of the box so that I could apply it with minor things changed? Or perhaps, do policies work like Group Policy for windows servers--in that, only what you set or change in the policy is actually pushed to the workstation?

Thanks for the reply, filips. How exactly do I apply the default configuration? For Endpoint there is a "Balanced" policy, but there isn't such a policy for File Security. Is it simply in the absence of a policy it uses the default config?

Hi all, I need to deploy Endpoint Antivirus to a workstation which hosts a SQL Express database. Aside from the regular exclusions which I've seen automatically applied in the File Security product, is there a guide or KB article which goes through what i should do in this instance? I'm finding quite a lack of pointers in configuration for these products. I hope i'm just looking in the wrong places! Thanks!

I've historically just used ESET's default configurations for their product deployments. However, as I'm completely new to ESET File Security, I'm curious if there are any best-practice guides for setting this up for Windows domain controllers. I've been unable to find anything like this in the knowledge base. I used ERA to deploy these installations and during the installer creation I was able to select a built-in policy (Antivirus - REal-time scanner only) which claims that it is "Optimized performance for server." Is this the best-practice for File Security deployments? Thanks all!