[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

3 hours ago, MichalJ said:

@kingoftheworld &  @Tim Jones- in general, we believe this won´t be needed with the upcoming release, where we are introducing a new feature, that should automatically identify duplicated entries, based on their hardware, and let you resolve (reset) the agent UUID from there. You would be able even to pre-configure the desired behavior (so when a default image is deployed, it will automatically get a new UUID).

Do you have any other usecase for this behavior?

This would only work if you deploy your image on different hardware, but in corporate environments a lot of times you have a bunch of identical computers with identical hardware.

[ERA agent not connecting to ERA server]

 

On 3/20/2018 at 4:34 AM, ewong said:

Could the firewall be blocking port 2222?

I have other computers with era that are connecting, it's only a few that don't.

On 3/20/2018 at 5:05 AM, Marcos said:

Please post status.html here.

status (2).zip (i removed the server name for security reasons)

On 3/20/2018 at 3:07 PM, sindbad said:

A good way is to telnet. To see if the port is open. 

 

Happened to me before. 

As written before, it can't be that the issue is that the port is blocked, as i have a lot of computers that are connecting to era.

18 hours ago, ewong said:

Which firewall did you disable?  The client or the server?

Client Firewall.

11 hours ago, ewong said:

Here's another possibility and I think this is what's horking me up a bit (though I have no explanations).

1. Look into the Programs and Features (or whatever the equivalent option is) in Control Panel.  The look for your ESET Agent.  Ensure that it exists.

2. Now, go into c:\Program Files\ESET and check if Agent exists.

3. If not, you have an installation issue and will have to use the ESETUninstaller to uninstall it and then install it again.   The rationale for using the ESETUninstaller is because you can't use the Program and FEatures uninstall option as it won't find c:\program files\ESET\Agent directory and thusly choke.

After you've run the Esetuninstaller,  try to install the Agent again with the correct installation setup parameters (era server ip, port, etc).

*This* is what I'm choking with.  I think it stems with the fact that I was using GPO to deploy the agents and I MISSED including the extra install configuration.  I'm attempting to fix this.

It's showing in "Programs and Features" and in "c:\Program Files\ESET" folder.

It's wasn't deployed using GPO, it was installed using an AIO.

10 hours ago, ewong said:

I noticed that while 'repairing' the Agent on the 'client' system,  the first screen it shows was the host setup (where ERA was) and it showed localhost.  So what I'm guessing is that the Agent was contacting localhost:2222 and not getting any response (naturally).

That's unrelated, as it's asking you for new configuration, but your old one you should be able to see in Status.html

 

I was able to find a common denominator between all computers that are not connecting to era, all of them are clones from one image, so most probably there lies the issue, but i can't pinpoint exactly where, i already uninstalled and reinstalled the era agent on the computers.

 

Thanks in advance.

[ERA agent not connecting to ERA server]

I just check in the status.html file and the server name is the correct one, and nslookup was successful as well.

So could someone please tell me what the hack is wrong with ERA agent that it doesn't connect to the ERA server?!

[ERA agent not connecting to ERA server]

Is there anyway i could see in ESET endpoint application, to which ERA server it tries to connect?

[ERA agent not connecting to ERA server]

21 hours ago, MartinK said:

In case AGENT is not connecting (i.e. remote management is not possibly), only way how to force it co connect to different hostname or IP address is to use installation repair. I have described it in one of my previous posts. I would recommend to check whether AGENT will be able to connect to SERVER in case IP address is provided. Be aware that this will work only in case IP address or wildcard "*" was used in SERVER's SSL certificate (this can be verified in SERVER's settings).

Does command:

nslookup <hostname of ERA>

return correct response on client machine? Hostname must be exactly the same as AGENT is using to be sure there is no typo.

the commend nslookup returns the correct ip, and i'm able to ping it as said already in a previous post.

[ERA agent not connecting to ERA server]

3 hours ago, MartinK said:

1. Does this happens only on specific machine or on all?
   Error " The requested name is valid, but no data of the requested type was found" seems to be generic and provided by Windows itself in case it is not able to resolve DNS name.
2. Could you try to use IP address instead of hostname, or possibly some kind of alternate name?
3. Is it IPv4 network, or hostname is using IPv6 addresses?

1. It happens on most new machines i am adding to ERA except one. (the only common denominator is they are all exactly the same model computer, and windows was cloned, I manually reinstalled ERA agent on each computer)
2. Where do i change the IP or the hostname in the clients ERA agent?
3. It's a IPv4 network

Thanks

[ERA agent not connecting to ERA server]

Update: it seems that the issue is unrelated to AIO installer, the issue appears even on computers that the agent was installed through ERA.

[ERA agent not connecting to ERA server]

 

8 hours ago, karlisi said:

Can you ping ERA server from these clients? Perhaps you have DNS name in installer's configuration and clients can't resolve it.

Yes i am able to ping the ERA server

[ERA agent not connecting to ERA server]

I found this error in last-error.html

Quote

CReplicationManager: Replication (network) connection to 'host: "<snip>.<snip>.<snip>" port: 2222' failed with: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found

 

[ERA agent not connecting to ERA server]

Hi,

I created an all in one installer, and installed a few computers with it, for some unknown reason the computers don't connect to era.

Where  could be the issue? ( i already disabled the firewall) 

Thanks in advance

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

1 minute ago, MichalJ said:

@fchelp Default trigger expiration is set for "one month" , not one day. I have attempted to create a new trigger now, and it sets expiration day for 19th February 2018.

Oh you're right, i didn't notice that it's a month later, i was only looking at the day and time, thanks!

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

Description: Set default trigger to expire in a day
Details: Currently when creating a new trigger the default is to expire the same time the trigger is created, so basically the trigger will never run unless manually changed, please change this to either force us to put in an expiration time, or change the default expiration to at-least a day later.

 

Thanks

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

2 hours ago, MichalJ said:

@fchelp Thanks for reporting. Deletion of multiple triggers was added to backlog, and option to reuse trigger (have trigger templates) was there, so I have linked it to your comment.

One note to the "reuse the same ASAP trigger" = ASAP does not equal "run now". It equals "run upon next connection of ERA agent, but not run, if the first connection is after a certain point (trigger expiration)". This will prevent us, from using the same "ASAP".

@MichalJ for adding my point to the backlog

About the ASAP, of course it's not run now, as the nodes first need to connect, it's just the best equivalent to run now, and about the expiration date, valid point, just a different idea how about deleting triggers after the expiration time?

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

 

21 hours ago, MichalJ said:

Description: Reuse old triggers
Detail: Since you pointed out that the triggers are editable, i think that when we select a computer and run a task on it (from the actions menu), it should ask us if we want to use an existing trigger, or if we want to create a new one, or maybe even more, when executing a task from the actions menu, it always runs with a "Execute ASAP" trigger, so why can't it just reuse always the same trigger instead of creating new triggers for every time, the reason i'm asking it, as i keep on running tasks and my list of triggers is growing, and here comes my second recommendation.

Description: Delete multiple triggers
Detail: The ability to delete multiple triggers at once (maybe by adding check boxes next to the triggers).

 

Thanks

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

Description: Select multiple
Detail: The ability to select one computer, hold down shift and select another computer, all computers in between should become selected.

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

2 hours ago, MichalJ said:

What do you mean by this? You mean, to stop task which is already running? As you can easily remove "trigger", or targets for a trigger. Thank you.

Could you please point me to the right directions? because as far i'm concerned there is no place you configure triggers except when choosing targets, and there is no option to remove planned executions.

2 hours ago, MichalJ said:

Concerning the "DG without agent", there are more options - filters in sections,....

Could you please elaborate?

 

Thanks

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

16 minutes ago, Marcos said:

This is not possible since dynamic groups are evaluated by agent. Membership in dynamic groups must be independent from connection to ERA Server. For instance, if a user is traveling with a notebook and has no connection to ERAS and a threat has been detected, the appropriate policy or action will be taken automatically when the machine falls into the appropriate dynamic group. If dynamic groups were evaluated on the server, this would not be possible and agent would be fully dependent on connectivity to ERAS.

Then maybe add a third type of group, we should be able to create groups by filtering the data ERA already has, maybe this could be with limitations, like these groups shouldn't be able to get policy's etc.

Another feature that bothered me that we couldn't do.
Description: import computers from reports to task.
Detail: The ability to import list of computers to run a task on them, for example i ran a server task to install ERA on a list of computers, and it failed on some of them, i want to be able to run a server or client task on all of those failed computers (this feature could maybe solve the need to create a third type of group that gets evaluated by the data that ERA already has, as we would be able to create a report with the data we want and then run whatever tasks we want on those computers).

Thanks!

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

Description: Cancel scheduled task
Detail: Currently once a task has been scheduled you can do nothing to stop it, please add the ability to be able to cancel a scheduled task.

============================================

Description: Dynamic Group without agent
Detail: I should be able to create a Dynamic group without the need of an agent installed on the clients computer, this is extremely useful for example when i want to  create a server task to install agent on all agent less computers, also once a computer was already connected through an agent ERA anyway has all info from the computers so why do we have to wait until all computers actually connect again that the dynamic group should update? so many times i want to run a task on all computers that are named a specific way, so i create a dynamic rule then i have to wait i don't know how long until all computers connect to era so my dynamic group updates and only then i'm able to run my task.

============================================

Description: Exclude computers located in AD group from dynamic group.
Detail: The ability to filter out in dynamic group computer that are located in a AD group group, for example i currently have a dynamic group nested under "All" that filters computers that are named a specific way and are specific OS, i want to exclude computers that even if they are named and have the correct OS they still be excluded because they are located in a specific AD group.

 

Thanks

[Exclude groups from report]

Anyone? 

[Exclude groups from report]

48 minutes ago, MichalJ said:

The first option is not currently possible. I will have to check with developers, whether "not in" will be doable in the upcoming release. 

There is possible to select "in" ,and choose multiple items.  

I rewrote the first post to clarify clearly what the issue is.

I hope now it's easier to fully understand. (and duplicate)

Thanks

 

[Exclude groups from report]

Hi there

I'm trying to generate a report of all failed server tasks, except if the clients are in specific static groups,

steps that i did

1. I set up a report template with these settings
   
2. And i'm trying to filter the results to show me all, but a few static groups
   

But for some reason it's impossible to set a filter to exclude a group, much less multiple groups.

1. When i add the condition "Static group . Static group" and set the value to ≠ (Not equal) to WhateverGroup it generates a report with only that group, instead of all but that group.
2. Let's say this bug is fixed, we still can't exclude multiple groups, as,
   • When choosing ≠ (Not equal) we can't select more then one group
   • There is no "Not in" option to choose from in the drop down menu for condition, only a "In" option.
     
   • Even if i decide to use a workaround and set the Value to "In" and select all groups except the ones i want to exclude, it won't work as then the report fails
     

 

Thanks in advance.

[Dynamic Group for Agent less Computers]

Does the job, thanks!

[Dynamic Group for Agent less Computers]

So there is no way for me to be able to select/filter all computers that have no agent installed and run a server task on them?

I found a report for never connected computers, and this basically means computers that have no agent installed (as when the agent gets installed a connection has to be made), how could i convert this report? or at-least how could i add all computers listed in this report to a server task?

maybe it's possible to add this filter to dynamic group templates to achieve exactly that "Computer . Last connected" (taken from the report filter)

Thanks in advance!

[Dynamic Group for Agent less Computers]

Hi

 

I'm trying to set up a dynamic group that should include all computers that have no agent.

I tried with (i made two separate groups to test what expression will work)

1. Installed software . Agent supports uninstall = no value
   
2. Computer . Managed products mask = not in (all) (as because these computers never had an agent installed era has no info at all on these computers so they are in no type class)
   

Yes i already gave it some time (a day) but nothing is appearing in these groups

Our setup is a upgraded one from v5
ESET Remote Administrator (Server), Version 6.5 (6.5.522.0)
ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)
It's on Windows Server 2008 R2

Thanks in advance!