da_yoshman

Hi, after using a "monitoring modus" for a while we are now in an active state, but some devices which are on the whitelist are still blocked Are there any quickshots or additional logfiles to find the cause of this behavior? Or which information do you need to help me?

Hi Marcos Thank you for your quick answer. I also tried this way, but have no informations or didn't find them in the ESET Protect console kind regards from germany Steffen

Hi Is it possible to use the device control in a "monitoring modus" to have an overview about the devices which will be impacted by a policy?

I also updated 200+ Clients today from mostly 7.2.2055.0 to 7.3.2036.0 and didn't have the problem with an unplanned reboot.

Yes i mean exactly this, but also viewing the log in eshell showed nothing

Hi Marcos, it seems that i found the solution myself During my investigation i found that the protocol shows no entries for hips. But the logfile for hips was over 1mb and still updated/ growing ... I tried to empty the logfile with no success, also using eshell to clear the log was not successful So i booted in safe mode and delete the whole file and after booting in normal mode the file was recreated and updated and i see entries in the logviewer and i can clear the logfile AND most important - ESET is only checking every hour for updates 😎

Hi, it's me again with another question I noticed that my clients are checking for updates every ten seconds, even if i disable all planned tasks ... OS ist 2008R2 and these are provisioned servers (Citrix PVS 6.1/ XenApp 6.5) Kind regards from Germany Steffen

Thanks for your reply, but this is not the problem or question at this moment. There is no .doc in the email, just a link to .doc file and i wonder a little bit about the different behavior of the three different browsers in combination with ESET

I test an EMOTET Download link and after that i'm not sure if i get all configurations to be protected or missed some configuration in ESET 1. Internet Explorer --> Seems to be protected with the network protection 2. Chrome --> It seems to me that chrome is blocking the download before ESET comes in the game 3. Firefox --> Let me decide to download or open the file. So i try to download the file, but then firefox told me that the file is infected So after that i'm not sure what will happen to this if chrome and/ or firefox think the file is clean - will then the network protection of ESET come into the ring?

Thanks for your quick answer But there is no negative impact of still using the Shared Local Cache? At this moment i have 47.000 entries stored and 160.000 cache searches after one day - is this a sign for whatever? Because originally i wanted to ask how to size the Shared Local Cache correctly Is one cpu still enough? Are 100.000 stored entries enough? ...?

Hi, i'm still in the process migrating from TrendMicro to ESET and also installed a Shared Local Cache in my virtual environment (Citrix Provisioning e.g.). But if i understand or right there is no need for Shared Local Cache anymore, because there is no performance impact? Is that right or did i misunderstood something?

Update (i'm not sure if it is better to Quote/ Edit) --> I rerun my test with AiO package from ESMC and it seems to work The formerly stucking machine (Win10) works, but it takes a long time to finish. The second test with Win7 also works and was noticeable faster ... Conclusion for me is that i have to move from ERA 6.5 to ESMC 7.x ?

Good morning from germany I made a test with the following construction and was semi successful --> I download and setup the ESMC Server Appliance and generate an AiO; manual execution show me to remove Trend Micro OfficeScan 12.0.5147 so i decided to try it silent with the parameters --silent --accepteula. It removes Trend Micro successfully, but than stuck So i killed the ntrmv.exe after waiting 30min and installation of ESET EAA continues ... First question --> Why it stucks? Second question --> I try to remove Trend Micro in the same way using the ntrmv.exe, but without success Are there special parameters or so you are using?

Here are my answers 1. Installed Trend Micro Versions including number of installations --> 11.0.4664 = 1; 11.0.4778 = 1; 12.0.1406 = 1; 12.0.1429 = 2; 12.0.1576 = 29; 12.0.1708 = 1; 12.0.4613 = 27; 12.0.5147 = 1.142 2. I stopped the parallel deployment of ESET RAA because sometimes the groups/ rules/ ... in ERA are not working 100% and it installs ESET EAV although Trend Micro is still installed 3. And if i remember right, at one point in the past i successfully remove Trend Micro with the ThirdParty-Uninstall in ERA and then suddenly it seems stop working?! 4. Is it right that is not possible at the moment to run the standalone-AVR silent? 5. So i have to really think about upgrading to V7 and then give it a try or maybe you can generate a AiO from V7 and i try it with one of my Trend Micro Installations?

@MichalJ At the moment i'm still using ERA 6.5, because i'm afraid of updating to v7 There were and are 500+ on the existing ERA 6.5 Installation and i "only" want to add the other 1.000+ which are using Trend Micro at the moment