bitterandstout

Thanks for the quick response, we'd prefer to move them to quarantine and deal with restoring them *only* if they were not infected.

Thanks for the quick response, we'd prefer to move them to quarantine.

Hi, this is likely to be a very simple problem to solve, but I'm not seeing the answer in the docs. We run esest_scan via cron on our linux servers. What we'd like to do is to quarantine the threats rather than using the the clean mode options. Can this be done? We're running Eset Security 4.5.9.

That's 1500 multiplied by the number of snapshots help on the filesystem so given 8 snapshots we have a total of 12,000 entries in the Web console. Dealing with that many by using the "mark as resolved" button, isn't really an option. Is there a method for doing this in a granular, programatic manner?

I have a similar conundrum, we have atlassian apps running that allow attachments and the filesystem (ext4 linux) has many snapshots created daily, so the attachments are snapshotted constantly. If I scan and clean (or delete) attachments that are threats, how can I programmatically remove the cleaned/deleted threats from the ERA console? I'm currently looking at over 1500.

Something is definitely wrong on this machine, I've a scan running that was started ~40 minutes ago with the same result "connection reset by peer" (syslog output) and it still shows as running in ERA, nothing written to syslog for 30 minutes. I think I'll open a case.

Thanks Martin, The agent was upgraded yesterday to 4.5.9.0. WRT to normal running, I'd say no. After the upgrade I ran a full scan before leaving the office, sadly from the Remote Administrator Console it shows that scan is still running now. The log file on the server shows an error shortly after the scan was started: Feb 21 15:25:52 puppet2 esets_sci[30622]: warning[779e0000]: Cannot read from socket: Connection reset by peer Feb 21 15:25:52 puppet2 esets_sci[30622]: error[779e0000]: Cannot scan: Daemon closed connection

yes were using We're Running ERA 6.5 and the agent (4.5.7) is installed. And yes the product is configured to to connect to ERA on localhost & port 2225.

thanks

thanks Marcos, fair enough, wouldn't want to clutter things. So How is that configured, if I run esets_scan with --scanlog and it finds malware or a trojan, I don't see anything showing up in ERA. We're obviously pretty new to ESET. And are testing our configuration. Here is the command line I used: /opt/eset/esets/sbin/esets_scan --scanlog 1:Administrator --clean-mode=none --quarantine --log-all

when running esets_scan is it possible to send the scanlog to the console on the Remote Administrator? We're running on linux. Ver 6.5 ERA