brandobot

I have ~40 machines in our environment who are in this current status. When I ssh or remote into the machines, I find that only the ERAAgent process is running and not the ESET Endpoint Security app. I've tried to uninstall and re-install the app. Is there a way to remotely restart all of the eset processes on a Mac and Windows machine?

I regularly see the esets_daemon process taking a high percentage of CPUs. In one occasion, I saw it over 110%... not sure how that's possible. I will try the RC version to see if it helps. Thank you! @MartinK @Peter Randziak

Has anyone else been noticing hanging or unresponsiveness Macs on Mojave running ESET Endpoint Security 6.6.866.1? About once a week, half of my test Mojave machines get the spinning beach ball and the mouse becomes unresponsive. Some recover if you wait a few minutes, others you have to force shut down. After I uninstall ESET, it's been 9 days since I've experienced freezing/hanging.

This is what we've seen: - Machine initially connects after installation of ERA. - After an undetermined amount of time, usually anywhere from a couple days to a couple weeks, the machine will no longer check-in - Removal and re-install of Agent and the machine will immediately show up again I have not tried restarting the agent service yet. ESET support just showed me how to do this today. I will find another machine that is broken, try to restart the agent service to see if it gets it re-connected. If it does not, I can use wireshark to start capturing the log while restarting the service. I don't want to rule out the network, but I don't think this is the cause because I've had test machines that never leave the office lose connection before and require a re-install of the agent to fix.

I'm getting similar issues here. A ton of machines are losing connection to ESET. The workaround has been to re-install the agent; however, the last time I did this, the machines show up in the ESET Management Center, but their status isn't a green check. It's been sitting with an empty circle for the past 2 days, modules unknown, and most last connected the same exact time the agent was reinstalled.

See below for screenshots. I ran your commands and the database integrity reports OK. I also attached the status.html where it shows the failure and last connection. ESET console shows Sept 28, 2018 was the last connect day. I ssh'd into the machine and verified I can reach the eset server on port 2222 by doing "nc -z *IP* 2222" If I remove and re-install the Agent, it'll register just fine in the ESET Remote Administrator console. I wrote an extension attribute in Jamf to determine machines out of compliance. So far I've scanned 300 machines and 75 have the word "error" in the status.html, and haven't successfully replicated within the last 3 days.

This is also affecting us. Is there a way to prevent or fix this?

Case #103515. It's been open for nearly a year. I've been told "our new version will fix this" at least 2-3 times. I've wasted countless hours installing their beta versions that they promised would fix the issue. Our current workaround is to uninstall and reinstall as well. Do you have a good way of determining which Macs are losing connection to the ESET console? Are you using Jamf? How long have you been experiencing this issue? As far as I can tell, half of our Mac population (~350) already lost its' connection in the past 1.5 weeks since we upgraded to v7 agent.

This has been an issue in our environment for the past year. We were told from our support rep that v7 agent will remedy this issue. On the machine losing connection to the ESET Security management center, I ran nc -z *server redacted*2222 Connection to *server redacted* port 2222 [tcp/rockwell-csp2] succeeded! This confirms that the client can reach the server; however, connection fails. The workaround fix has been to re-install the ESET agent to get it working again. CDynamicGroupsModule 2017-Aug-28 16:19:04 Agent is matching 2 dynamic group templates from 20 CDynamicGroupsModule 2017-Aug-28 16:19:04 Agent is matching dynamic group template with uuid 00000000-0000-0000-7014-000000000003 and version 1 CDynamicGroupsModule 2017-Aug-28 16:19:04 Agent is matching dynamic group template with uuid eac7ca9f-d3ab-4200-9905-5a464f10a368 and version 2 CDynamicGroupsModule 2017-Aug-28 16:19:04 Evaluating 15 dynamic groups AutomationModule 2017-Aug-28 16:19:09 Trigger: Tick ALLOWED [UUID=00000000-0000-0000-7006-000000000001, TYPE=REPLICATION]. AutomationModule 2017-Aug-28 16:19:09 Task: Executing task [UUID=00000000-0000-0000-7005-000000000001, TYPE=Replication, CONFIG=scenarioType: REGULAR linkData { dataLimit: 1024 isDisabled: false connections { host: "*SERVER REDACTED*" port: 2222 } }]. CReplicationModule 2017-Aug-28 16:19:09 CReplicationManager: Processing client replication task message CReplicationModule 2017-Aug-28 16:19:09 CReplicationManager: Failed to start replication, connection for replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already pending CReplicationModule 2017-Aug-28 16:19:09 CReplicationManager: Queuing replication task to be executed after current replication is finished SchedulerModule 2017-Aug-28 16:19:09 Received message: GetRemainingTimeByUserDataRequest CSystemConnectorModule 2017-Aug-28 16:19:19 Retrieving network configuration information CSystemConnectorModule 2017-Aug-28 16:19:19 StatusLog_NETWORK_ADAPTERS_STATUS: "Rows":[] CSystemConnectorModule 2017-Aug-28 16:19:19 StatusLog_NETWORK_IPADDRESSES_STATUS: "Rows":[] CSystemConnectorModule 2017-Aug-28 16:19:19 StatusLog_NETWORK_IPGATEWAYS_STATUS: "Rows":[] CSystemConnectorModule 2017-Aug-28 16:19:19 StatusLog_NETWORK_IPDNSSERVERS_STATUS: "Rows":[] SchedulerModule 2017-Aug-28 16:19:19 Received message: RegisterSleepEvent NetworkModule 2017-Aug-28 16:19:19 Forcibly closing sessionId:43, isClosing:0 NetworkModule 2017-Aug-28 16:19:19 Sending message: ConnectionFailure NetworkModule 2017-Aug-28 16:19:19 Removing session 43 NetworkModule 2017-Aug-28 16:19:19 Closing connection , session id:43 NetworkModule 2017-Aug-28 16:19:19 The connection will be closed due to timeout. Resolved endpoint is NULL CReplicationModule 2017-Aug-28 16:19:19 CReplicationManager: Replication (network) connection to 'host: "1XXXXX" port: 2222' failed with: Operation timed out

I spot checked a dozen machines on the Client Task Execution list that failed, ironically, it is showing module updated. Even on the ones that show Task Failed in the last 30 minutes. Looking at my dynamic group for Computers with outdated module, it only shows 16 out of 1900 machines. Perhaps the client task execution is reporting incorrectly?

ESET Security Management Center Server v7.0.553.0 Endpoints on Windows 10, macOS 10.12 and 10.13 I noticed our module updates have a huge amount of failures on our Mac and Windows machines. There's no error other than "failed" in the status. How would I begin troubleshooting this?

When upgrading to the latest Endpoint Security (downloading from here and then deploying with management tool -- https://www.eset.com/us/business/endpoint-security/mac-security/download/) ESET splash screen and the ESET console launches. Please provide a way to suppress these pop-ups. We don't want our users to see these notifications and pop ups, we want it to be silent.

I have a similar thing still going on in my environment. My ESET gui shows no blocks on uncategorized sites; however, all uncategorized sites are getting blocked. When uploading my logs and ESET policy to ESET, they are able to see uncategorized sites are being blocked. Very strange. At this point, we disabled web control...

What version of AnyConnect are you running? I'm on v7 and Anyconnect 4.6 without any issues.

I upgraded my mac to 6.6 a couple days ago. Today I noticed that it has failed to read the kernel extension and the firewall/web protection is disabled. After re-installing the 6.6 again, the error went away. 2 questions: 1) How do we prevent this from happening again? 2) How do I detect if any other machines are experiencing this issue? Also, when deploying the .pkg downloaded from the ESET site, it upgrades my machines successfully, but how do I suppress the ESET console from launching and flashing the splash screen? We want a silent upgrade and do not want our users to know we are updating them. Inside the .pkg, there's a "gui_startup.sh", is there a way the development team can disable this for upgrades?

@MartinK In the past, we were instructed by ESET that you can deploy using the downloadable .pkg on your website. We've done this with success in the past; however, the only flaw is that the ESET splash screen and console will launch automatically once installed.

When deploying ESET Endpoint security using the .pkg and deploying from Jamf, the ESET console pops up after install. Is there a way to suppress this? I do not want my user's to know we are doing any updates

@marcos when can we expect 7.1 to roll out?

Thanks @marcos After upgrading to v7 on the server, will the older WIndows & Mac agents on 6.5 be able to communicate with v7?

Is it preferred to upgrade using the ERA server console method? Or doing the uninstall and re-install using the MSI? https://support.eset.com/kb3668/?locale=en_US&viewlocale=en_US Also, where can I get the checksum for the ERA Mac installer?

https://nypost.com/2018/08/16/hackers-target-thousands-of-bank-emails-in-cyber-attack/amp/ What is ESET doing to protect their customers?

private messaged you

Uploaded one set of logs. Edit:: Uploaded the wrong logs. I just uploaded it again with the affected machine ees_logs.zip

All of our Windows machines began receiving dozens of pop-ups for internal websites being blocked by a category rule. (it also blocked the ESET admin console) We disabled web control for the time being.. Was there any changes/updates on ESET's side?

Thanks @tmuster2k. I'll look into ESET Endpoint Encryption. We do not need auto encryption, but at minimum need to block any drives that are not encrypted.