[Product is installed, but it is not running error]

I have ~40 machines in our environment who are in this current status. When I ssh or remote into the machines, I find that only the ERAAgent process is running and not the ESET Endpoint Security app.

I've tried to uninstall and re-install the app.

Is there a way to remotely restart all of the eset processes on a Mac and Windows machine?

[macOS Mojave 10.14 ESET causing hanging and unresponsiveness?]

I regularly see the esets_daemon process taking a high percentage of CPUs. In one occasion, I saw it over 110%... not sure how that's possible.

I will try the RC version to see if it helps. Thank you!  @MartinK @Peter Randziak

[macOS Mojave 10.14 ESET causing hanging and unresponsiveness?]

Has anyone else been noticing hanging or unresponsiveness Macs on Mojave running ESET Endpoint Security 6.6.866.1? 

About once a week, half of my test Mojave machines get the spinning beach ball and the mouse becomes unresponsive. Some recover if you wait a few minutes, others you have to force shut down. After I uninstall ESET, it's been 9 days since I've experienced freezing/hanging. 

[ERA v7 Mac agents failing to check-in]

5 hours ago, MartinK said:

Thanks for details. AGENT is running, but it is not able to connect to ESMC with error "Failed to create subchannel"". This is new error for me as I don;t think it was reported since ESMC release. Does restarting AGENT service or whole machine resolves this issue, at least temporarily? In case not, would it be possible to capture network traffic using tcpdump/wireshark and provide it to me via PM?

This is what we've seen:

- Machine initially connects after installation of ERA.

- After an undetermined amount of time, usually anywhere from a couple days to a couple weeks, the machine will no longer check-in

- Removal and re-install of Agent and the machine will immediately show up again

I have not tried restarting the agent service yet. ESET support just showed me how to do this today. I will find another machine that is broken, try to restart the agent service to see if it gets it re-connected. If it does not, I can use wireshark to start capturing the log while restarting the service.

I don't want to rule out the network, but I don't think this is the cause because I've had test machines that never leave the office lose connection before and require a re-install of the agent to fix.

[ERA Agent V7 issues]

I'm getting similar issues here. A ton of machines are losing connection to ESET. The workaround has been to re-install the agent; however, the last time I did this, the machines show up in the ESET Management Center, but their status isn't a green check. It's been sitting with an empty circle for the past 2 days, modules unknown, and most last connected the same exact time the agent was reinstalled.  

 

[ERA v7 Mac agents failing to check-in]

12 hours ago, MartinK said:

and possibly also verify that both data.db and data.db.bak are valid SQLite databases? Following commands should verify integrity:

sqlite3 /Library/Application Support/com.eset.remoteadministrator.agent/data.db "PRAGMA integrity_check"
sqlite3 /Library/Application Support/com.eset.remoteadministrator.agent/data.db.bak "PRAGMA integrity_check"

of both databases.

On 9/25/2018 at 8:00 AM, j-gray said:

That's disappointing. We had the same issue with Mac agents, reportedly caused by 'unclean' shutdown. Only fix was to remove the agent via ARD and reinstall.

We were also told by support that this was fixed in the latest version. However, due to multiple and various issues noted here in the forums, I have not been in a hurry to "upgrade".

Do you have an existing support case for this?  If you don't mind providing it I can refer it to our support folks.

See below for screenshots. I ran your commands and the database integrity reports OK. I also attached the status.html where it shows the failure and last connection.

ESET console shows Sept 28, 2018 was the last connect day. I ssh'd into the machine and verified I can reach the eset server on port 2222 by doing "nc -z *IP* 2222" 

If I remove and re-install the Agent, it'll register just fine in the ESET Remote Administrator console. 

I wrote an extension attribute in Jamf to determine machines out of compliance. So far I've scanned 300 machines and 75 have the word "error" in the status.html, and haven't successfully replicated within the last 3 days.

 

['Update or remove incompatible applications' in latest google chrome for EIS]

This is also affecting us. Is there a way to prevent or fix this?

[ERA v7 Mac agents failing to check-in]

On 9/25/2018 at 8:00 AM, j-gray said:

That's disappointing. We had the same issue with Mac agents, reportedly caused by 'unclean' shutdown. Only fix was to remove the agent via ARD and reinstall.

We were also told by support that this was fixed in the latest version. However, due to multiple and various issues noted here in the forums, I have not been in a hurry to "upgrade".

Do you have an existing support case for this?  If you don't mind providing it I can refer it to our support folks.

Case #103515. It's been open for nearly a year.  I've been told "our new version will fix this" at least 2-3 times. I've wasted countless hours installing their beta versions that they promised would fix the issue. 

Our current workaround is to uninstall and reinstall as well. Do you have a good way of determining which Macs are losing connection to the ESET console?

Are you using Jamf? How long have you been experiencing this issue? As far as I can tell, half of our Mac population (~350)  already lost its' connection in the past 1.5 weeks since we upgraded to v7 agent.

[ERA v7 Mac agents failing to check-in]

This has been an issue in our environment for the past year. We were told from our support rep that v7 agent will remedy this issue.

 

On the machine losing connection to the ESET Security management center, I ran nc -z *server redacted*2222
Connection to *server redacted* port 2222 [tcp/rockwell-csp2] succeeded!

 

This confirms that the client can reach the server; however, connection fails. The workaround fix has been to re-install the ESET agent to get it working again.

 

CDynamicGroupsModule	2017-Aug-28 16:19:04	Agent is matching 2 dynamic group templates from 20
CDynamicGroupsModule	2017-Aug-28 16:19:04	Agent is matching dynamic group template with uuid 00000000-0000-0000-7014-000000000003 and version 1
CDynamicGroupsModule	2017-Aug-28 16:19:04	Agent is matching dynamic group template with uuid eac7ca9f-d3ab-4200-9905-5a464f10a368 and version 2
CDynamicGroupsModule	2017-Aug-28 16:19:04	Evaluating 15 dynamic groups
AutomationModule	2017-Aug-28 16:19:09	Trigger: Tick ALLOWED [UUID=00000000-0000-0000-7006-000000000001, TYPE=REPLICATION].
AutomationModule	2017-Aug-28 16:19:09	Task: Executing task [UUID=00000000-0000-0000-7005-000000000001, TYPE=Replication, CONFIG=scenarioType: REGULAR linkData { dataLimit: 1024 isDisabled: false connections { host: "*SERVER REDACTED*" port: 2222 } }].
CReplicationModule	2017-Aug-28 16:19:09	CReplicationManager: Processing client replication task message
CReplicationModule	2017-Aug-28 16:19:09	CReplicationManager: Failed to start replication, connection for replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already pending
CReplicationModule	2017-Aug-28 16:19:09	CReplicationManager: Queuing replication task to be executed after current replication is finished
SchedulerModule	2017-Aug-28 16:19:09	Received message: GetRemainingTimeByUserDataRequest
CSystemConnectorModule	2017-Aug-28 16:19:19	Retrieving network configuration information
CSystemConnectorModule	2017-Aug-28 16:19:19	StatusLog_NETWORK_ADAPTERS_STATUS: "Rows":[]
CSystemConnectorModule	2017-Aug-28 16:19:19	StatusLog_NETWORK_IPADDRESSES_STATUS: "Rows":[]
CSystemConnectorModule	2017-Aug-28 16:19:19	StatusLog_NETWORK_IPGATEWAYS_STATUS: "Rows":[]
CSystemConnectorModule	2017-Aug-28 16:19:19	StatusLog_NETWORK_IPDNSSERVERS_STATUS: "Rows":[]
SchedulerModule	2017-Aug-28 16:19:19	Received message: RegisterSleepEvent
NetworkModule	2017-Aug-28 16:19:19	Forcibly closing sessionId:43, isClosing:0
NetworkModule	2017-Aug-28 16:19:19	Sending message: ConnectionFailure
NetworkModule	2017-Aug-28 16:19:19	Removing session 43
NetworkModule	2017-Aug-28 16:19:19	Closing connection , session id:43
NetworkModule	2017-Aug-28 16:19:19	The connection will be closed due to timeout. Resolved endpoint is NULL
CReplicationModule	2017-Aug-28 16:19:19	CReplicationManager: Replication (network) connection to 'host: "1XXXXX" port: 2222' failed with: Operation timed out

[Modules Update failures]

I spot checked a dozen machines on the Client Task Execution list that failed, ironically, it is showing module updated. Even on the ones that show Task Failed in the last 30 minutes.

Looking at my dynamic group for Computers with outdated module, it only shows 16 out of 1900 machines. Perhaps the client task execution is reporting incorrectly?

[Modules Update failures]

ESET Security Management Center Server v7.0.553.0

Endpoints on Windows 10, macOS 10.12 and 10.13

 

I noticed our module updates have a huge amount of failures on our Mac and Windows machines.

There's no error other than "failed" in the status. How would I begin troubleshooting this?

[Upgrading macOS Endpoint Security -- Suppress pop-ups!]

When upgrading to the latest Endpoint Security (downloading from here and then deploying with management tool -- https://www.eset.com/us/business/endpoint-security/mac-security/download/)

ESET splash screen and the ESET console launches. Please provide a way to suppress these pop-ups. We don't want our users to see these notifications and pop ups, we want it to be silent.

[Eset Business 6.6 web control issue]

I have a similar thing still going on in my environment.

My ESET gui shows no blocks on uncategorized sites; however, all uncategorized sites are getting blocked. 

When uploading my logs and ESET policy to ESET, they are able to see uncategorized sites are being blocked. Very strange. At this point, we disabled web control...

[Cisco Anyconnect VPN not working with ESET v7]

What version of AnyConnect are you running? I'm on v7 and Anyconnect 4.6 without any issues.

[Mac Endpoint Security 6.6 issues]

I upgraded my mac to 6.6 a couple days ago. Today I noticed that it has failed to read the kernel extension and the firewall/web protection is disabled. After re-installing the 6.6 again, the error went away.

2 questions:

1) How do we prevent this from happening again?

2)  How do I detect if any other machines are experiencing this issue?

 

Also, when deploying the .pkg downloaded from the ESET site, it upgrades my machines successfully, but how do I suppress the ESET console from launching and flashing the splash screen? We want a silent upgrade and do not want our users to know we are updating them. Inside the .pkg, there's a "gui_startup.sh", is there a way the development team can disable this for upgrades? 

[Push Install ESET Endpoint for MAC Remotely]

@MartinK In the past, we were instructed by ESET that you can deploy using the downloadable .pkg on your website.

We've done this with success in the past; however, the only flaw is that the ESET splash screen and console will launch automatically once installed.

[Deploy ESET Endpoint Security for Mac -- Disable pop-up]

When deploying ESET Endpoint security using the .pkg and deploying from Jamf, the ESET console pops up after install. Is there a way to suppress this? I do not want my user's to know we are doing any updates

[MS Outlook 2016 "Sync Issues" and "Confilcts"]

@marcos

 when can we expect 7.1 to roll out?

[Instructions to upgrade ERA Server 6.5 to latest]

Thanks @marcos

 After upgrading to v7 on the server, will the older WIndows & Mac agents on 6.5 be able to communicate with v7?

[Instructions to upgrade ERA Server 6.5 to latest]

Is it preferred to upgrade using the ERA server console method? Or doing the uninstall and re-install using the MSI? 

https://support.eset.com/kb3668/?locale=en_US&viewlocale=en_US

 

Also, where can I get the checksum for the ERA Mac installer?

[Global phishing campaign]

https://nypost.com/2018/08/16/hackers-target-thousands-of-bank-emails-in-cyber-attack/amp/

 

What is ESET doing to protect their customers? 

[All our Windows machines are blocking websites (web control)]

7 minutes ago, Marcos said:

What particular websites are blocked that shouldn't be? There are quite many websites logged in the Web Control log but it doesn't look like every single website was blocked.

private messaged you

[All our Windows machines are blocking websites (web control)]

23 minutes ago, Marcos said:

Please collect logs with ESET Log Collector and provide me with the generated file. If too big to attach, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and provide a download link.

Uploaded one set of logs.

 

Edit:: Uploaded the wrong logs. I just uploaded it again with the  affected machine

 

ees_logs.zip

[All our Windows machines are blocking websites (web control)]

All of our Windows machines began receiving dozens of pop-ups for internal websites being blocked by a category rule. (it also blocked the ESET admin console)

We disabled web control for the time being.. Was there any changes/updates on ESET's side? 

[Requiring encryption for removable media?]

Thanks @tmuster2k. I'll look into ESET Endpoint Encryption.

We do not need auto encryption, but at minimum need to block any drives that are not encrypted.