brandobot

Our infosec wants us to be able to require encryption before using removable media such as usb drives. Is there a way to do this in ESET Endpoint Security?

We're running ESET Endpoint Security for AV/Firewall,etc.. version 6.5.600.1 and am noticing huge slow downs after installing CarbonBlack Response 6.1.3. the esets_daemon process spikes up to over 100% cpu usage after CarbonBlack is installed. I've tested on both 10.13.4 and 10.12.6. We've had both CarbonBlack and ESET for some time back in 2017 without any issues, but ended up removing CarbonBlack for the past couple months due to the kernel panic issues. Simple tasks such as launching terminal takes 20 seconds or attaching an image to an Outlook e-mail takes a minute and sometimes presents the spinning beach ball. Removing CarbonBlack makes the slowness go away and leaving CarbonBlack and removing ESET also makes the slowness go away. Seems like there's some incompatibility here. Is anyone else running these two products and are experiencing the same issue?

Just ran a script to check the status of our machines. of 100 machines, 17 has errors. 15 of the 17 were completely missing from the ESET Remote Administrator console. 1 was incorrectly reported, and 1 hasn't checked in for over a month.

Thanks. I wonder if there's a command I can run on an endpoint to see if a machine can actively connect to ESET. If so, I can probably script something to do a check once a week, and if it's not connecting, I can have it reinstall.

According to this post, another user has had the same issue since May 2017. Is anyone else experiencing this on macOS?

Same exact response I got. They provided me with a "beta" version that was created to address this issue, but I am still experiencing it with the beta version. How are you handling this now? Our Infosec is not okay with having machines "unmanaged." We've had to uninstall and reinstall the ESET agent periodically on all machines as we have no accurate way of telling which machines are connected.

We're also experiencing the agent is falling off on Macs. Haven't checked Windows yet. We're seeing approximately 20 Macs per month losing connection and require an uninstall/reinstall. Huge pain! I posted for help here as well.

@michalJ @marcos I've opened a forum post here. It is case #103515 Machines missing from ESET Remote Administrator console" -- Web control case is # 33848. This case stemmed back from early 2017, we worked on this for months with no resolution. Support came on-site and was able to replicate both onsite and on ESET provided machines; however, no resolution was ever found. The machines missing and losing connection from the remote administrator is extremely urgent in our environment as we have no way of actively telling which machines are missing from the console. We've had to uninstall/reinstall the agent on all machines numerous times to ensure we're able to manage 100% of our Macs. The automatic task that wasn't working was for removing stale machine entries. Support told me there was an issue with checking the "remove license" option. After unchecking the option, removing stale machines began working.

Still an issue. I was provided with a Beta version of the remote administrator app, version 6.5.376.30 that supposedly provided a fix for this issue. (was told it was a database issue) . Attaching screenshots of the endpoint being online and able to reach the ESET remote administrator server, but has not shown checked in in over 10 days.

It's issues like this that make me feel like ESET was not Enterprise Ready -- especially on the Mac side. We've seen issues from machines mysteriously losing connection or being completely removed from the ERA, to auto-run tasks that just do not work, to tremendous slowdown issues with the Web Control feature on Macs. It's extremely tiring having to contact support, send countless number of logs and to hear no resolution for months.

The part I redacted was the IP, not the hostname. But yes, it can reach both short name, fqdn, and IP. Just for clarification, this is what it looks like. (I changed the IP). Is was pointing to an IP, not a hostname.) Scope Time Text Last replication 2017-Dec-21 18:45:46 Error: CReplicationManager: Replication (network) connection to 'host: "10.12.190.32" port: 2222' failed with: Network is unreachable

As I mentioned in the above post, we are able to contact the IP on port 2222.

Yeah, I had originally uploaded the status, which you removed. I'm re-attaching it now. Note that we've connected to this machine, and was able to communicate to our IP on port 2222 successfully. On machines that had the same error, we've uninstalled the agent and re-installed and it'll reconnect successfully. Obviously, this is not a feasible task for us to do every time a machine disconnects. Status log Scope Time Text Last replication 2017-Dec-21 18:45:46 Error: CReplicationManager: Replication (network) connection to 'host: "REDACTED" port: 2222' failed with: Network is unreachable Peer certificate 2017-Dec-21 18:45:11 OK Agent peer certificate with subject 'CN=Agent at *' issued by 'CN=Server Certification Authority' with serial number '011ab7527957a342d5867130df08e51ebd01' is and will be valid in 30 days Performance Indicator Value Up time 00:00:44 Kernel time 0 sec., 0.0 % of up time User time 2 sec., 4.5 % of up time Memory private usage 44 MB Memory working set 722 MB Memory peak working set 722 MB Available physical memory 1166 MB Total I/O reads 0 KB Total I/O writes 0 KB Total I/O others 0 KB Generated at 2017-Dec-21 18:45:46 (2017-Dec-21 10:45:46 local time)

We're currently experiencing client endpoints losing connection to our ERA. Below is the last error log. I removed the host IP for security reasons. On the endpoint itself, I can do a "nc -z <IP> 2222 and it'll connect successfully. We've experienced this on 38 machines since June 2016. Our workaround has been to uninstall the ERA Agent and Reinstall the Agent. Has anyone experienced this issue before? macOS 10.12.6 trace.log