Jump to content


  • Posts

  • Joined

About Nono

  • Rank

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The fact that we DISABLE it (only on specific computer is intended). I ran the issue with the latest version of Dell Command Update (the software to update the firmware on DELL computers) : https://dl.dell.com/FOLDER06231658M/1/Dell-Command-Update-Application-for-Windows-10_34T96_WIN_3.1.2_A00.EXE Everything runs normally until the "real" copy & installation phase.
  2. We're using ESET PROTECT: ESET PROTECT (Server), Version 8.0 (8.0.2216.0)ESET PROTECT (Web Console), Version 8.0 ( with Client version: ESET Endpoint Security 8.0.2028.0 ESET Management Agent 8.0.1238.0 We have two sets of policies, one with Scan On > File Open is ENABLED and the other where it is DISABLED : On all the computer that have the feature ENABLED, it seems that Windows Installer failed to proceed. It simply hang forever. As soon as the feature is disabled, re-starting the windows installer succeed. I can reproduce the issue with two (private aka unsharable) .msi but can't seems to find any logs to troubleshoot the issue. Would it be possible to know how can I deal with such issue ? AKA: got some logs somewhere and understand why this feature blocks the installations ?
  3. Hi @Marcos I can't tell now. I already tried to explained you many times (and provide you the log) that I can't disable self-defense. I finally "solve" my issue by uninstall ESET completetly. This thread can now be closed, but I don't considered it "resolved".
  4. Without anwser, I'll have to uninstall ESET, and re-install it manually, which is a shame 😕
  5. Hi @MartinK, please liase with @Marcos. I send him the log over wetransfer, so I hope he has it as his end. When I realised that this failed, I tried to donwload the msi (which is on the bat) manually over my webbrower : this works ! On top of that, I put the manually download files on the %temp%/.eset.XXXXX/ folder and try to execute it manually (together with the config file). The behaviour was almost the same : the .msi didn't really finish the installation, but I ddidn't remember if it's was still caused by the SELF-DEFENSE or not. Note: On both of my policy (advanced & not advanced), the self-defense is activated.
  6. Hi @Marcos I had another endpoint to update so I give it a try : Disabling the SD didn't help. What helps on this case, was changing the policy. I've two sets of policy "advanced" and "not advanced" user. The main difference between the 2 policies are the rules : DETECTION ENGINE => Real-time file system protection => File open. the "Not advanced" group have it enabled, when the "advanced" group have it disabled. Could this be the reason ?! After checking, it seems that the installer failed to download the .msi / shasum checker application.
  7. The policy is enforced, and I can't deal with the override mode, as there is no agent installed anymore. Unless there is another way that this link : https://help.eset.com/era_admin/65/en-US/admin_pol_override.html to do if from the client ?
  8. @Marcos The problem is : Those endpoint are not able to disable self-defense by themselve. It has to be disable/enable via the ESET Protect Server (using the agent). I'm on the situation that : Rules are still applied (not editable) ""from the server"". The endpoint are still getting the Client updates, that's it. Does it means that I will have to uninstall the client, to be able to install the agent v8, before re-installing the client ?
  9. As I failed to OVERWRITE the agent, I manually try to uninstall the current agent, to install the new. But installing the new AND the previous (working one) failed, so I ended with no agent installed at all ... Therefor there is no such file / folder (C:\ProgramData\ESET\RemoteAdministrator\)
  10. I'm still on the situation that some endpoint aren't communicated with the server. Any help on this @Marcos ?
  11. Hi @Marcos How am I supposed to install this on my endpoint, knowing that there is no communication anymore with the server, but the rules are still "locked" / not editable ? I've generated (a quite huge) dump + log collection. Where/how can I send it to you ?
  12. I'm on the process to upgrade from ESET Security Endpoint 7 to version 8 (following my upgrade from ESMC to ESET Protect). Depending of the user (for a similar configuration), some agent upgrade failed because either explorer.exe or msiexec.exe process can't access ESET files, here is the HIPS log : C:\Windows\explorer.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\*;blocked;Self-Defense: Protect ESET files;Write to file C:\Windows\explorer.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\**;blocked;Self-Defense: Protect ESET files;Write to file C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\*;blocked;Self-Defense: Protect ESET files;Write to file C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\*;blocked;Self-Defense: Protect ESET files;Write to file on SOME case, uninstall manually the agent and installing the new works, but on some others, it didn't, leaving some user without agent at all (but the rules still applied from the server aka, not editable). Now, two things: 1) How can I install back the agent, knowing that I can't access user rules (without agent / with the client still manage by the server?) 2) How to prevent this self protection, when the installation is legit ?
  13. Thanks @MichalJ Indeed, I found the "configuration" which is more a "task" to me. The Question / suggestion was more : Why the notification send multiple time "configuration failed", when it could easily say : The Client Task "Install EES" failed And with eventually the information "Because XXXXX".
  14. I'm currently migrating my user from ESET Endpoint Security 7 to 8, following my upgrade from ESMC to ESET Protect. I'm receiving quite some emails, always with the same extra frustrating email : Why frustrating ? All the markers are green, and I can't see ANY details regarding this "invalid configuration". As far as I remember (v6 or prior), it was always the case that 'a configuration' failed ... But it's nowhere written where / how etc .. This seems to be a severe lack of information for the administrator trying to figure out (and want to fix) the issue. Would it be possible to write directly on the notification WHAT is failing and for WHICH user/computer ? I assume that if an error is catch, it's quite easy to know the source/cause of it.
  • Create New...