carmik

There seems to be a problem, the exe does not exit. Not sure if it is safe for running it in a gpo, but will try it on a couple of systems...

Will do. In the meantime, can you please address these questions?

Is it batchable? I could put the exe on a network-accessible share and run it with a cmd script on the server, however can this exe run quietly? If so, what are the options?

I lack the skills to do so mate. Plus, I'm not sure Windows server 2003 has powershell? Any help will be appreciated.

Thank you for the fix, it's a good first step. However, I've got to replace 6.5.2118.4 on more than 1000 systems, so I (and I guess a lot of people here) would appreciate if you either provided a GPO-pushable MSI version of this file, or instructions for alternatively installing it via gpo (doable also on Windows Server 2003). The size of this task is huge, it is an impossible feat to accomplish manually unfortunately.

I presume you are talking using the procedure as per hxxp://support.eset.com/kb3466/ Correct? Is there any issue running the English language log collector on my Greek-based installation? That is, would that be ok? Furthermore, I presume the collected log files will be used to open a ticket with you in https://www.eset.com/int/support/contact/ is that correct? As I've described this is a Windows 10 installation, build 1909. Has been as such for two months (it was 1809 or 1903 before, don't recall). EDIT: In that other thread, you asked for a video. Do you need one here as well?

I've got a 5 system license that is going to expire in about 10 days. One of this licenses is installed as NOD32, on my Windows 10 Home (build 1909) rig. Had no issue, until this warning appeared. The problems appearing are the following: * (cosmetic) Every 10-30" the eset icon changes from a green E to a green E with an orange "!" warning (I think it is an exclamation mark). It stays as such for a couple of seconds, then goes back to normal "E" * (critical) trying to open the eset app, it opens but almost immediately (i) the eset icon is turned into "E" with an exclamation mark and (ii) the eset app window is closed The behaviour is similar to the one described in ... that is: The difference between my case and that other one is that in my case NOD32 does not complain about anything at all. It just does this thing with app window and the icon. I've tried repairing the installation first. It failed, so I made an uninstall and re-install. I did not use the eset cleaner but the settings are brand new. (Gawd what an awful quote mechanism!)

What is the current ESET recommendation for Windows XP? 6.5 or 6.6? But before answering, please weight your response very carefully: if and only if 6.6 is as stable as 6.5 on XP, I could consider upgrading to the former, as a viable option.

@MarcosCame to this thread this morning. Got more than 1000 clients in this state, all of them Windows XP boxes, running the ESET recommended version 6.5.2118.4 This is not among the versions you've listed, however my ESET console has turned red and my phone has not stopped ringing from concerned users. The instructions above are not a solution! And endpoint 7.2 can not be installed on XP.

Thanks for the clarifications, so the story here is that this is short-term caching in essence, and the inode default limit is ok.

I need some feedback on this. After cleaning up my VA apache setup (htcacheclean ran for the first time), the following was logged: Cleaned /var/cache/httpd/proxy. Statistics: size limit 10000.0M inodes limit 12000 total size was 9709.7M, total size now 173.4M total inodes was 1058531, total inodes now 11996 total entries was 209920, total entries now 1268 208652 entries deleted (399 from future, 206503 expired, 1750 fresh) The cache is now only 170Mb. What good is a cache that small? It seems that the reason for the cache being that small is the inode limit (by default, as per ESET KB instructions, set to 12000). Notice that that "total inodes now" is 11996, just a bit below that limit. Either I'm missing something profound here, or the ESET defaults for the proxy are not quite suitable for the purpose? Your help will be appreciated.

I'd like to second that, tags too much valuable screen space. <OT>Furthermore, column resizing is a bit troublesome, perhaps columns could be auto-resized in a future revision</OT>

Found this article: https://help.eset.com/esmc_deploy_va/70/en-US/enable_apache_http_proxy.html TBH, when I initially configured ESMC there were no ESET instructions on configuring this thing, only the generic VA installation instructions. Oh, well. EDIT: These instructions might be a bit "flawed". I believe that step 5 should read: 5. systemctl start htcacheclean

Hello, I have ESMC installed on my network and a number of remote LANs, on which I utilized the Apache HTTP server, as per https://help.eset.com/era_install/65/en-US/http_proxy_installation_windows.html I did not include the scheduling of cache maintenance (end of the above mentioned article) and as a result the cache dir grew to over 4Gb (which is not that bad), from around 130.000 files in more than 190.000 subdirectories! Understandably, that was my mistake. I tried running the htcacheclean command, which managed to lock my AD server on which Apache was running. Restarted, re-ran the same command and again the system after an hour or so entered a lockup again. Rebooted for a second time, but somehow the htcacheclean had managed to do its job: the total contents of the directory were cut tenfold to only 340Mb, from 4.600 files in 7.355 directories. I've got a couple of questions: is the size of some hundred megabytes for the cache "logical". FYI, the remote lan consists of around 20 windows PCs, most running (still) windows xp and some running windows 7 in the ESET KB article above, the htcacheclean command contains the parameters " -l10000M -L12000", which effectively limit the cache to 10Gb (ok so far) and to 12.000 inodes. How do inodes correlate in my own Windows setup?

I'm running ESMC 7.x as a virtual appliance and have the Apache proxy enabled. I think I saw somewhere that the VA is pre-configured to do Apache HTTP cache housecleaning (using htcacheclean perhaps). I've SSH'ed to the VA and did a "du -sk /var/cache/httpd/proxy" to check how much data are used. Executed that command some 5 minutes ago and I'm still waiting for a result... 😕 Bottomline: is apache proxy cache auto-cleaning enabled by default? If so how can I check that it does what it is supposed to do? if not, how can I configure auto-cleaning (presume a cron job, but I'd appreciated the specifics for ESET themselves) EDIT: The du command finished, the cache directory contains more than 11Gb ...

Thanks, I'll try that.

An update: updating manually the eset agent to esmc agent 7 resolved the issue. Could this be an issue with ERA Agent 6?

"Solved" possibly this one, the entries correspond to multiple hardware entries generated for the same pc. How can I reset hardware detection, to be asked again what to do with a system?

In the dashboard, when selecting connection status I can view a drill down of the last machine connection dates (ie one day, 3 days, 7 days, > 7 days). If I select the "> 7 days" report I see systems that have succesfully connected today, updated without issues etc. The only "issue" with these systems is that they are running era agent 6 (XP boxes) instead of esmc agent 7. Is this a bug?

I'm using ESMC 7 on a VA, upgraded from ERA 6. Did not have any client installation issues, until today. I tried to push endpoint antivirus 6.5.2123.2 to an XP client on which ERA Agent 6 was already installed and saw the previous message in the ERA console. Checking /var/log/eset/RemoteAdministrator/Server does not show anything explicitly-related, apart from some access denied messages: ... 2019-05-10 04:44:41 Information: CReportsModule [Thread 7f737efdd700]: 2 MessageProcessorThread started: 7f737efdd700 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CReportsModule (used 1580 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module AutomationModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module AutomationModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CServerStaticGroupsModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CServerStaticGroupsModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CEmailSenderModule 2019-05-10 04:44:41 Information: CEmailSenderModule [Thread 7f73ef359740]: Starting module 2019-05-10 04:44:41 Information: CEmailSenderModule [Thread 7f73ef359740]: Creating 1 worker threads 2019-05-10 04:44:41 Information: CEmailSenderModule [Thread 7f73ef359740]: Started module 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CEmailSenderModule (used 264 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CSNMPTrapSenderModule 2019-05-10 04:44:41 Information: CSNMPTrapSenderModule [Thread 7f73ef359740]: Starting module 2019-05-10 04:44:41 Information: CSNMPTrapSenderModule [Thread 7f73ef359740]: Started module 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CSNMPTrapSenderModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CSyslogSenderModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CSyslogSenderModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CReportPrinterModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CReportPrinterModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module LicenseModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module LicenseModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CMonitorModule 2019-05-10 04:44:41 Information: SchedulerModule [Thread 7f73bf7fe700]: Received message: RegisterTimeEvent 2019-05-10 04:44:41 Information: CReplicationModule [Thread 7f73847e8700]: CReplicationModule: Received log filter changed notification: persisting new log filter 2019-05-10 04:44:41 Information: AutomationModule [Thread 7f737b7d6700]: Facade: Loading all valid and enabled triggers. 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CMonitorModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CRepositoryModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CRepositoryModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CInstallersModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CInstallersModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CLogExportModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CLogExportModule (used 264 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CPoliciesModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CPoliciesModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CUsersModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CUsersModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module ConsoleApiModule 2019-05-10 04:44:41 Information: SchedulerModule [Thread 7f73bf7fe700]: Received message: RegisterTimeEvent 2019-05-10 04:44:41 Information: SchedulerModule [Thread 7f73bf7fe700]: Received message: RegisterTimeEvent 2019-05-10 04:44:41 Information: CDataMinersModule [Thread 7f73aaffd700]: CFunctionalityLogDataMiner: Postponing functionality log of type: StatusLog_FUNCTIONALITY_PROBLEMSDETAILS_STATUS 2019-05-10 04:44:41 Information: CDataMinersModule [Thread 7f73aaffd700]: CFunctionalityLogDataMiner: Postponing functionality log of type: StatusLog_FUNCTIONALITY_PRODUCTS_STATUS 2019-05-10 04:44:41 Information: CDataMinersModule [Thread 7f73aaffd700]: CFunctionalityLogDataMiner: Postponing functionality log of type: StatusLog_FUNCTIONALITY_COMPUTER_STATUS 2019-05-10 04:44:41 Information: CDataMinersModule [Thread 7f737cfd9700]: HandleLogFilterChanged: Received log filter changes notification 2019-05-10 04:44:41 Information: CEmailSenderModule [Thread 7f7379fd3700]: Starting worker thread 7f7379fd3700 2019-05-10 04:44:41 Information: AutomationModule [Thread 7f737c7d8700]: NotificationTaskHandler: There are 3459 known localizable symbol names. 2019-05-10 04:44:41 Information: ConsoleApiModule [Thread 7f73777ce700]: 0 MessageProcessorThread started: 7f73777ce700 2019-05-10 04:44:41 Information: CRepositoryModule [Thread 7f73787d0700]: Processing repository synchronization request 2019-05-10 04:44:41 Information: CRepositoryModule [Thread 7f73787d0700]: Synchronizing with remote repository 2019-05-10 04:44:41 Information: CRepositoryModule [Thread 7f73787d0700]: Synchronizing repository with url 'hxxp://repository.eset.com/v1/' 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module ConsoleApiModule (used 1048 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CPushNotificationsModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CPushNotificationsModule (used 0 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module AuthenticationModule 2019-05-10 04:44:41 Information: LicenseModule [Thread 7f7375fcb700]: SeatAssociationStatus: Seat association status retrieved. 2019-05-10 04:44:41 Information: CPushNotificationsModule [Thread 7f7376fcd700]: Configuring EPNS with timeout = 10 sec and LicenseSeat = 'X.Y.Z.W' 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module AuthenticationModule (used 212 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Starting module CEncryptionModule 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Started module CEncryptionModule (used 264 KB) 2019-05-10 04:44:41 Information: Kernel [Thread 7f73ef359740]: Used memory after modules start-up is 115072 KB 2019-05-10 04:47:38 Error: CPoliciesModule [Thread 7f73637a6700]: Access denied. 2019-05-10 04:47:38 Error: ConsoleApiModule [Thread 7f73657aa700]: 5 Error while processing CancelPolicyEdit request: Access denied. 2019-05-10 04:47:38 Error: ConsoleApiModule [Thread 7f73657aa700]: Untranslatable CInterModuleException: Access denied. 2019-05-10 05:55:25 Warning: CReplicationModule [Thread 7f7382fe5700]: VerifyDeviceAuthenticationToken: Verification of authentication token: xxxxxxxxx failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg= I made an ESMC reboot today hoping that it would solve the issue, it didn't. Plus it doesn't show up on the server trace.log On the client, the ESMC agent trace log: 2019-05-10 05:24:56 Information: [Thread 590]: Loading ESET modules from C:\Documents and Settings\All Users\Application Data\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\ 2019-05-10 05:25:04 Information: Kernel [Thread 590]: Local time is 2019-05-10 08:25:04 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: ProductLine: era 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: ProductVersion: 6.5.522.0 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: Locale: en_US 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: ProductInstanceID: XXXXXX 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: ProgramDataDirectory: C:\Documents and Settings\All Users\Application Data\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\ 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: ProductConfigurationDirectory: C:\Documents and Settings\All Users\Application Data\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Configuration\ 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: ProgramLogsDirectory: C:\Documents and Settings\All Users\Application Data\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\ 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: TempDirectory: C:\WINDOWS\TEMP\ 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: ProgramLibraryDirectory: C:\Program Files\ESET\RemoteAdministrator\Agent\ 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: ProgramEsetUpdatableModulesDirectory: C:\Documents and Settings\All Users\Application Data\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\ 2019-05-10 05:25:04 Information: Kernel [Thread 590]: InstallConfiguration: CrashDumpsDirectory: C:\Documents and Settings\All Users\Application Data\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Dumps\ 2019-05-10 05:25:04 Information: Kernel [Thread 590]: Hardware Fingerprint: XXXXX 2019-05-10 05:25:04 Information: Kernel [Thread 590]: Loaded ESET modules: 1=1068,2=1484,18=1583,40=1461.7 2019-05-10 05:25:04 Information: Kernel [Thread 590]: Used memory before loaded module libraries is 16308 KB 2019-05-10 05:25:04 Information: Kernel [Thread 590]: Loading module library Updates 2019-05-10 05:25:05 Information: Kernel [Thread 590]: Loaded module library Updates (used 1044 KB) 2019-05-10 05:25:05 Information: Kernel [Thread 590]: Loading module library Symbols 2019-05-10 05:25:05 Information: Kernel [Thread 590]: Loaded module library Symbols (used 696 KB) 2019-05-10 05:25:05 Information: Kernel [Thread 590]: Loading module library Database 2019-05-10 05:25:05 Information: Kernel [Thread 590]: Loaded module library Database (used 912 KB) 2019-05-10 05:25:05 Information: Kernel [Thread 590]: Loading module library Security 2019-05-10 05:25:06 Information: Kernel [Thread 590]: Loaded module library Security (used 792 KB) 2019-05-10 05:25:06 Information: Kernel [Thread 590]: Loading module library Scheduler 2019-05-10 05:25:06 Information: Kernel [Thread 590]: Loaded module library Scheduler (used 792 KB) 2019-05-10 05:25:06 Information: Kernel [Thread 590]: Loading module library Network 2019-05-10 05:25:07 Information: Kernel [Thread 590]: Loaded module library Network (used 1700 KB) 2019-05-10 05:25:07 Information: Kernel [Thread 590]: Loading module library Cleanup 2019-05-10 05:25:07 Information: Kernel [Thread 590]: Loaded module library Cleanup (used 564 KB) 2019-05-10 05:25:07 Information: Kernel [Thread 590]: Loading module library DataMiners 2019-05-10 05:25:08 Information: Kernel [Thread 590]: Loaded module library DataMiners (used 1164 KB) 2019-05-10 05:25:08 Information: Kernel [Thread 590]: Loading module library DynamicGroups 2019-05-10 05:25:08 Information: Kernel [Thread 590]: Loaded module library DynamicGroups (used 756 KB) 2019-05-10 05:25:08 Information: Kernel [Thread 590]: Loading module library Replication 2019-05-10 05:25:08 Information: Kernel [Thread 590]: Loaded module library Replication (used 1176 KB) 2019-05-10 05:25:08 Information: Kernel [Thread 590]: Loading module library Automation 2019-05-10 05:25:09 Information: Kernel [Thread 590]: Loaded module library Automation (used 1096 KB) 2019-05-10 05:25:09 Information: Kernel [Thread 590]: Loading module library Policies 2019-05-10 05:25:09 Information: Kernel [Thread 590]: Loaded module library Policies (used 656 KB) 2019-05-10 05:25:09 Information: Kernel [Thread 590]: Loading module library OSConnector 2019-05-10 05:25:10 Information: Kernel [Thread 590]: Loaded module library OSConnector (used 1908 KB) 2019-05-10 05:25:10 Information: Kernel [Thread 590]: Loading module library ESSConnector 2019-05-10 05:25:10 Information: Kernel [Thread 590]: Loaded module library ESSConnector (used 884 KB) 2019-05-10 05:25:10 Information: Kernel [Thread 590]: Loading module library +EVSAConnector 2019-05-10 05:25:10 Warning: Kernel [Thread 590]: Module library +EVSAConnector was not loaded 2019-05-10 05:25:10 Information: Kernel [Thread 590]: Loading module library +ESLCConnector 2019-05-10 05:25:10 Warning: Kernel [Thread 590]: Module library +ESLCConnector was not loaded 2019-05-10 05:25:10 Information: Kernel [Thread 590]: Loading module library +ERAG1ClientConnector 2019-05-10 05:25:10 Information: Kernel [Thread 590]: Loaded module library +ERAG1ClientConnector (used 2108 KB) 2019-05-10 05:25:10 Information: Kernel [Thread 590]: Loading module library +MDMCoreConnector 2019-05-10 05:25:11 Information: Kernel [Thread 590]: Loaded module library +MDMCoreConnector (used 1160 KB) 2019-05-10 05:25:11 Information: Kernel [Thread 590]: Loading module library +VAHCoreConnector 2019-05-10 05:25:11 Information: Kernel [Thread 590]: Loaded module library +VAHCoreConnector (used 1116 KB) 2019-05-10 05:25:11 Information: Kernel [Thread 590]: Loading module library +ProxyConnector 2019-05-10 05:25:11 Information: Kernel [Thread 590]: Loaded module library +ProxyConnector (used 816 KB) 2019-05-10 05:25:11 Information: Kernel [Thread 590]: Loading module library +RDSensorConnector 2019-05-10 05:25:12 Information: Kernel [Thread 590]: Loaded module library +RDSensorConnector (used 848 KB) 2019-05-10 05:25:12 Information: Kernel [Thread 590]: Loading module library +EIAgentConnector 2019-05-10 05:25:12 Information: Kernel [Thread 590]: Loaded module library +EIAgentConnector (used 708 KB) 2019-05-10 05:25:12 Information: Kernel [Thread 590]: Used memory before modules load and initialization is 37204 KB 2019-05-10 05:25:12 Information: Kernel [Thread 590]: Initializing module CUpdatesModule 2019-05-10 05:25:12 Information: Kernel [Thread 590]: Initialized module CUpdatesModule (used 40 KB) 2019-05-10 05:25:12 Information: Kernel [Thread 590]: Initializing module CSymbolsModule 2019-05-10 05:25:12 Information: Kernel [Thread 590]: Initialized module CSymbolsModule (used 612 KB) 2019-05-10 05:25:12 Information: Kernel [Thread 590]: Initializing module CDatabaseModule 2019-05-10 05:25:13 Information: CDatabaseModule [Thread 590]: Startup configuration builder builds successfully ... 2019-05-10 05:25:13 Information: CDatabaseModule [Thread 590]: Startup connection pool created ... 2019-05-10 05:25:13 Information: CDatabaseModule [Thread 590]: Builder rebuilds successfully ... 2019-05-10 05:25:13 Information: CDatabaseModule [Thread 590]: Connection pool recreated ... 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module CDatabaseModule (used 1396 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module CAgentSecurityModule 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module CAgentSecurityModule (used 0 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module SchedulerModule 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module SchedulerModule (used 28 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module NetworkModule 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module NetworkModule (used 0 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module CCleanupModule 2019-05-10 05:25:13 Information: CCleanupModule [Thread 590]: Module initialized 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module CCleanupModule (used 0 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module CDataMinersModule 2019-05-10 05:25:13 Information: CDataMinersModule [Thread 590]: DataMinerCompletionHandler: Starting completion handler worker thread 2019-05-10 05:25:13 Information: CDataMinersModule [Thread 590]: DataMinerCompletionHandler: Starting completion handler worker thread 2019-05-10 05:25:13 Information: CDataMinersModule [Thread 590]: CStatusLogDataMiner: Initializing local status log cache 2019-05-10 05:25:13 Information: CDataMinersModule [Thread 590]: CStatusLogDataMiner: Finished initialization of status log cache 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module CDataMinersModule (used 1308 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module CDynamicGroupsModule 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module CDynamicGroupsModule (used 0 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module CReplicationModule 2019-05-10 05:25:13 Information: CReplicationModule [Thread 590]: CReplicationModuleBase: Starting module initialization 2019-05-10 05:25:13 Information: CReplicationModule [Thread 590]: CReplicationModuleBase: Initializing message processing 2019-05-10 05:25:13 Information: CReplicationModule [Thread 590]: CReplicationModuleBase: Module initialization done 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module CReplicationModule (used 0 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module AutomationModule 2019-05-10 05:25:13 Information: AutomationModule [Thread 590]: TaskResumeHandler: There are 0 pending task resume requests. 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module AutomationModule (used -352 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module CPoliciesModule 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initialized module CPoliciesModule (used 168 KB) 2019-05-10 05:25:13 Information: Kernel [Thread 590]: Initializing module CSystemConnectorModule 2019-05-10 05:25:26 Information: CSystemConnectorModule [Thread 590]: No installed ESS/EES/EAV version was detected at start 2019-05-10 05:25:26 Information: CSystemConnectorModule [Thread 590]: No installed Rogue Detection Sensor version was detected at start 2019-05-10 05:25:26 Information: CSystemConnectorModule [Thread 590]: No installed proxy version was detected at start 2019-05-10 05:25:26 Information: CSystemConnectorModule [Thread 590]: No installed MDMCore version was detected at start 2019-05-10 05:25:26 Information: CSystemConnectorModule [Thread 590]: No installed VAHCore version was detected at start 2019-05-10 05:25:26 Information: CSystemConnectorModule [Thread 590]: No installed EIAgent version was detected at start 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initialized module CSystemConnectorModule (used 4388 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initializing module CEssConnectorModule 2019-05-10 05:25:26 Information: CEssConnectorModule [Thread 590]: Connector was deactivated. No tasks will be processed and no logs will be produced. 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initialized module CEssConnectorModule (used 0 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initializing module ERAG1ClientConnector 2019-05-10 05:25:26 Information: ERAG1ClientConnector [Thread 590]: <CONNECTOR_MODULE> exception class Era::Connectors::G1ClientConnector::no_installed_product occurred at ProductOfflineConfiguration\WindowsProducts.cpp:56. Product not installed. 2019-05-10 05:25:26 Information: ERAG1ClientConnector [Thread 590]: Connector was deactivated. No tasks will be processed and no logs will be produced. 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initialized module ERAG1ClientConnector (used 0 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initializing module CMDMCoreConnectorModule 2019-05-10 05:25:26 Information: CMDMCoreConnectorModule [Thread 590]: Connector was deactivated. No tasks will be processed and no logs will be produced. 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initialized module CMDMCoreConnectorModule (used 0 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initializing module CVAHCoreConnectorModule 2019-05-10 05:25:26 Information: CVAHCoreConnectorModule [Thread 590]: Connector was deactivated. No tasks will be processed and no logs will be produced. 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initialized module CVAHCoreConnectorModule (used 0 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initializing module AgentToProxyConnectorModule 2019-05-10 05:25:26 Information: AgentToProxyConnectorModule [Thread 590]: Connector was deactivated. No tasks will be processed and no logs will be produced. 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initialized module AgentToProxyConnectorModule (used 0 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initializing module CRDSensorConnectorModule 2019-05-10 05:25:26 Information: CRDSensorConnectorModule [Thread 590]: Connector was deactivated. No tasks will be processed and no logs will be produced. 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initialized module CRDSensorConnectorModule (used 0 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initializing module CEIAgentConnectorModule 2019-05-10 05:25:26 Information: CEIAgentConnectorModule [Thread 590]: Connector was deactivated. No tasks will be processed and no logs will be produced. 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Initialized module CEIAgentConnectorModule (used 0 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Starting crash dumps sending thread 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Used memory before modules start-up is 44388 KB 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Starting module CUpdatesModule 2019-05-10 05:25:26 Information: Kernel [Thread ab4]: Initiating crash dumps sender for directory: "C:\Documents and Settings\All Users\Application Data\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Dumps\" 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Started module CUpdatesModule (used 0 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Starting module CSymbolsModule 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Started module CSymbolsModule (used -368 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Starting module CDatabaseModule 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Started module CDatabaseModule (used 4 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Starting module CAgentSecurityModule 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Started module CAgentSecurityModule (used 24 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Starting module SchedulerModule 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Started module SchedulerModule (used 4 KB) 2019-05-10 05:25:26 Information: Kernel [Thread 590]: Starting module NetworkModule 2019-05-10 05:25:26 Information: CAgentSecurityModule [Thread ab8]: Checking agent peer certificate expiration in 30 days 2019-05-10 05:25:26 Information: SchedulerModule [Thread ac4]: Received message: RegisterSleepEvent 2019-05-10 05:25:27 Information: CAgentSecurityModule [Thread ab8]: Agent peer certificate with subject 'CN=Agent at *, C=US' issued by 'CN=Server Certification Authority, C=US' with serial number 'X' is and will be valid in 30 days 2019-05-10 05:25:27 Warning: NetworkModule [Thread 590]: Failed to start wake up on ipv6 open: (0x273f), Χρησιμοποιήθηκε διεύθυνση που δεν ήταν συμβατή με το πρωτόκολλο που ζητήθηκε 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module NetworkModule (used 10604 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CCleanupModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CCleanupModule (used 0 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CDataMinersModule 2019-05-10 05:25:27 Information: SchedulerModule [Thread ac4]: Received message: RegisterTimeEvent 2019-05-10 05:25:27 Information: CDataMinersModule [Thread b10]: CFunctionalityLogDataMiner: Postponing functionality log of type: StatusLog_FUNCTIONALITY_PROBLEMSDETAILS_STATUS 2019-05-10 05:25:27 Information: CDataMinersModule [Thread b10]: CFunctionalityLogDataMiner: Postponing functionality log of type: StatusLog_FUNCTIONALITY_PRODUCTS_STATUS 2019-05-10 05:25:27 Information: CDataMinersModule [Thread b10]: CFunctionalityLogDataMiner: Postponing functionality log of type: StatusLog_FUNCTIONALITY_COMPUTER_STATUS 2019-05-10 05:25:27 Information: SchedulerModule [Thread ac4]: Received message: RegisterTimeEvent 2019-05-10 05:25:27 Information: SchedulerModule [Thread ac4]: Received message: RegisterTimeEvent 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CDataMinersModule (used 84 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CDynamicGroupsModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CDynamicGroupsModule (used 28 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CReplicationModule 2019-05-10 05:25:27 Information: CReplicationModule [Thread 590]: CReplicationModuleBase: Starting module 2019-05-10 05:25:27 Information: SchedulerModule [Thread ac4]: Received message: RegisterTimeEvent 2019-05-10 05:25:27 Information: CDynamicGroupsModule [Thread b28]: Refreshing dynamic groups after replication 2019-05-10 05:25:27 Information: CReplicationModule [Thread 590]: CStepProcessor: Starting 2019-05-10 05:25:27 Information: CReplicationModule [Thread 590]: CStepProcessor: Creating 1 worker threads 2019-05-10 05:25:27 Information: CReplicationModule [Thread 590]: CReplicationManager: Starting replication control messages processing 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CReplicationModule (used 24 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module AutomationModule 2019-05-10 05:25:27 Information: CReplicationModule [Thread b30]: CStepProcessor: Starting worker thread b30 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module AutomationModule (used 28 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CPoliciesModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CPoliciesModule (used 12 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CSystemConnectorModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CSystemConnectorModule (used 16 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CEssConnectorModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CEssConnectorModule (used 0 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module ERAG1ClientConnector 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module ERAG1ClientConnector (used 0 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CMDMCoreConnectorModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CMDMCoreConnectorModule (used 0 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CVAHCoreConnectorModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CVAHCoreConnectorModule (used 0 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module AgentToProxyConnectorModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module AgentToProxyConnectorModule (used 0 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CRDSensorConnectorModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CRDSensorConnectorModule (used 0 KB) 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Starting module CEIAgentConnectorModule 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Started module CEIAgentConnectorModule (used 0 KB) 2019-05-10 05:25:27 Information: CSystemConnectorModule [Thread b40]: Connecting to product 2019-05-10 05:25:27 Information: Kernel [Thread 590]: Used memory after modules start-up is 54848 KB 2019-05-10 05:36:21 Error: CSystemConnectorModule [Thread d40]: Software installation failed: GetFile: Cannot connect to host 'repository.eset.com' [error code: 20003] Access to the net is provided by an Apache proxy. Access to the net is not allowed, all access in general is performed via either a squid proxy (for normal internet access) or via the ESMC-provided apache proxy (only for eset products).

6.5.522.0. I noticed though that in some cases upgrade goes fine, without leaving era agent leftovers behind. Whereas in some other case, it does leave. I'll have to find time to find one such case and report back.

Thank you for addressing all my questions and concerns!

And another question, I frequently observe HTTP requests of the following form: X.Y.Z.W - - [21/Mar/2019:12:34:45 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6.6/dll/update.ver HTTP/1.1" 401 - "-" "EES Update (Windows; U; 32bit; BPC 6.6.2089.2; OS: 10.0.16299 SP 0.0 NT; TDB 40782; CL 1.0.0; x32c; APP ees; ASP 0.0; FW 32.0; PX 1; PUA 0; CD 1; RA 1; PEV 0; UNS 0; UBR 125; HVCI 0; HWF: XXXXXXXXXXXXXXXXXXXXXXXXXXXX; PLOC el_gr; PCODE 111.0.0; PAR 1; ATH -1; DC 0; PLID XXX-XXX-XXX; SEAT ABCDEFG; RET 5003)" X.Y.Z.W - - [21/Mar/2019:12:34:46 +0100] "GET hxxp://update.eset.com/eset_upd/ep6.6/dll/update.ver HTTP/1.1" 200 11065 "-" "EES Update (Windows; U; 32bit; BPC 6.6.2089.2; OS: 10.0.16299 SP 0.0 NT; TDB 40782; CL 1.0.0; x32c; APP ees; ASP 0.0; FW 32.0; PX 1; PUA 0; CD 1; RA 1; PEV 0; UNS 0; UBR 125; HVCI 0; HWF: XXXXXXXXXXXXXXXXXXXXXXXXXXXX; PLOC el_gr; PCODE 111.0.0; PAR 1; ATH -1; DC 0; PLID XXX-XXX-XXX; SEAT ABCDEFG; RET 5003)" As you can see, the first request gets a 401 response code, whereas the GET one gets a document ok (200). Is the 401 HEAD response to be expected/normal?

Is this Agent-to-ESMC the traffic that goes to ports 2222-2223?

First let me thank you for a very informative post! I've used htcacheclean in the past. Is it always running as a daemon or regularly as a cron job on the VA? If it is the former, running ps aux |grep htcacheclean did not produce any results. Presumed so, thanks. IIRC, I saw *msi downloads over HTTP around 220-240Mb in size. Not sure though. A clarification please. In Agent-to-Server above, by "Server" I presume you are not referring to ESMC itself, but to the ESET server infrastructure for updates etc