da_yoshman

Hi, after using a "monitoring modus" for a while we are now in an active state, but some devices which are on the whitelist are still blocked Are there any quickshots or additional logfiles to find the cause of this behavior? Or which information do you need to help me?

Hi Marcos Thank you for your quick answer. I also tried this way, but have no informations or didn't find them in the ESET Protect console kind regards from germany Steffen

Hi Is it possible to use the device control in a "monitoring modus" to have an overview about the devices which will be impacted by a policy?

I also updated 200+ Clients today from mostly 7.2.2055.0 to 7.3.2036.0 and didn't have the problem with an unplanned reboot.

Yes i mean exactly this, but also viewing the log in eshell showed nothing

Hi Marcos, it seems that i found the solution myself During my investigation i found that the protocol shows no entries for hips. But the logfile for hips was over 1mb and still updated/ growing ... I tried to empty the logfile with no success, also using eshell to clear the log was not successful So i booted in safe mode and delete the whole file and after booting in normal mode the file was recreated and updated and i see entries in the logviewer and i can clear the logfile AND most important - ESET is only checking every hour for updates 😎

Hi, it's me again with another question I noticed that my clients are checking for updates every ten seconds, even if i disable all planned tasks ... OS ist 2008R2 and these are provisioned servers (Citrix PVS 6.1/ XenApp 6.5) Kind regards from Germany Steffen

Thanks for your reply, but this is not the problem or question at this moment. There is no .doc in the email, just a link to .doc file and i wonder a little bit about the different behavior of the three different browsers in combination with ESET

I test an EMOTET Download link and after that i'm not sure if i get all configurations to be protected or missed some configuration in ESET 1. Internet Explorer --> Seems to be protected with the network protection 2. Chrome --> It seems to me that chrome is blocking the download before ESET comes in the game 3. Firefox --> Let me decide to download or open the file. So i try to download the file, but then firefox told me that the file is infected So after that i'm not sure what will happen to this if chrome and/ or firefox think the file is clean - will then the network protection of ESET come into the ring?

Thanks for your quick answer But there is no negative impact of still using the Shared Local Cache? At this moment i have 47.000 entries stored and 160.000 cache searches after one day - is this a sign for whatever? Because originally i wanted to ask how to size the Shared Local Cache correctly Is one cpu still enough? Are 100.000 stored entries enough? ...?

Hi, i'm still in the process migrating from TrendMicro to ESET and also installed a Shared Local Cache in my virtual environment (Citrix Provisioning e.g.). But if i understand or right there is no need for Shared Local Cache anymore, because there is no performance impact? Is that right or did i misunderstood something?

Update (i'm not sure if it is better to Quote/ Edit) --> I rerun my test with AiO package from ESMC and it seems to work The formerly stucking machine (Win10) works, but it takes a long time to finish. The second test with Win7 also works and was noticeable faster ... Conclusion for me is that i have to move from ERA 6.5 to ESMC 7.x ?

Good morning from germany I made a test with the following construction and was semi successful --> I download and setup the ESMC Server Appliance and generate an AiO; manual execution show me to remove Trend Micro OfficeScan 12.0.5147 so i decided to try it silent with the parameters --silent --accepteula. It removes Trend Micro successfully, but than stuck So i killed the ntrmv.exe after waiting 30min and installation of ESET EAA continues ... First question --> Why it stucks? Second question --> I try to remove Trend Micro in the same way using the ntrmv.exe, but without success Are there special parameters or so you are using?

Here are my answers 1. Installed Trend Micro Versions including number of installations --> 11.0.4664 = 1; 11.0.4778 = 1; 12.0.1406 = 1; 12.0.1429 = 2; 12.0.1576 = 29; 12.0.1708 = 1; 12.0.4613 = 27; 12.0.5147 = 1.142 2. I stopped the parallel deployment of ESET RAA because sometimes the groups/ rules/ ... in ERA are not working 100% and it installs ESET EAV although Trend Micro is still installed 3. And if i remember right, at one point in the past i successfully remove Trend Micro with the ThirdParty-Uninstall in ERA and then suddenly it seems stop working?! 4. Is it right that is not possible at the moment to run the standalone-AVR silent? 5. So i have to really think about upgrading to V7 and then give it a try or maybe you can generate a AiO from V7 and i try it with one of my Trend Micro Installations?

@MichalJ At the moment i'm still using ERA 6.5, because i'm afraid of updating to v7 There were and are 500+ on the existing ERA 6.5 Installation and i "only" want to add the other 1.000+ which are using Trend Micro at the moment

I'm in the process of migrating 1.000+ Clients from Trend Micro OfficeScan to ESET and at the moment it is nearly impossible to remove Trend Micro in an easy way The only working way at the moment is to trigger an uninstallation from the webinterface of Trend Micro Because all the silent things with ntremove are not working for me So i created an AiO with AVR, but the included AVR doesn't remove Trend Micro because it is unsupported. So i tried the standalone AVR and this version can remove the Trend Micro - but how combine these to things? Or is it possible to use the AVR with silent parameters? Because then i can first remove Trend Micro with the standalone AVR and after that install the AiO ... PS: Wanna do all these things with PDQ

I mean i tried your way before posting and it didn't work, but now everything is fine ... Thanks for your support

I need some help or hints for creating dynamic groups ... At the moment i have a mix of Trendmicro + Kaspersky + ESET and want to do something like a soft migration to ESET. So i try to create a dynamic group with an AND to filter clients which have neither Trendmicro nor Kaspersky installed. But is it not working For me it seems that the combination of two different installed software is not working as i expected

Since - i don't know exactly - the Realtime Protection is disabled auf rebooting Windows ... Activation with the GUI works then with no problems I'm using Endpoint Antivirus 6.6.2078.5 on Windows Version 10.0.17134.191 (1803) Kind regards from hot Germany

Hi guys, i'm not sure if it helps somebody, but for me it seems i have or had the same problem. It began with the LiveGrid problem in middle of december and later the probs with username/ password were added. There was a change in our network in the middle of december and the clients use another way to the internet. This also include the clients hosting the apache http proxy which are used by most of the clients. If i change the configuration and the clients use a apache http proxy which host has no restrictions going through the firewall all problems are gone - if switch back the problems also are back again ... but maybe everything is just a fluke/ coincidence/ happenstance and has nothing to do with your problems kind regards from germany steffen