carmik

I believe I'm already at that version, see pic.

I hoped I would be able to get some indication of cache hits to acknowledge that there is a cache and it does operate properly. Running a du -sk on /var/cache/httpd/proxy shows that it's around 1Gb. A couple of questions: 1) How is cache maintained? Are old/stale entries purged in order to avoid cache reaching an absurdly high size? There's a CacheMaxExpire directive set to a week (IIRC), but I'm not sure whether stale entries are automatically purged to make space for newer ones. 2) CacheDefaultExpire is set to an hour. If my memory serves correctly, this just means that an entry with no expiration info will become sstale after one hour. But that does not mean that it will be purged also. Immediate purging would effectively destroy any decent cache hit ratio. Is that correct? That is, do large downloads still stay? 3) If it is not automatically maintained, should I do something? 4) I've noticed that max file size for caching (CacheMaxFileSize) 200000000, or 200Mb? Since a lot of installation packages are over that amount, can you please consider increasing this amount in future ESET Apache setups? 5) Finally, I've had a pre-ESMC (ERA) installation, with a remote point on which your Apache was installed as a proxy. ESMC seems to bring HTTP2 and other goodies. After upgrading to it, I did not change the remote apache installation though. Should I change something there? Apologies for the long number of questions.

Yes, it does. It signifies that the "Operating system is not up to date". It does. I had selected the first option ("Update Operating System"). Nope, first time from within ESMC. I did try to do that once when I had ERA installed from webmin and ended up with broken ODBC. Restored the VM from a snapshot and stopped trying to approach the update with a 10-foot pole. Trying that at the moment. This time it is running, hoping that it will reboot so I can check from a Linux shell whether something has been done. Thanks for all your help!

@karlisiThanks for the info, but I am describing a server/virtual appliance issue here and not a Windows client one. @MichalJI am not sure that the agent does not work. Please check the attached screenshot. Not an expert here, but it shows that connection is taking place properly (last connected time), hardware details of the VA are exposed to the ESMC application (possibly meaning that the agent is able to communicate hardware configuration to ESMC). Can you provide some suggestion on how to proceed from this point onwards?

I've had an ERA 6.5 VA installation moved to ESMC 7. I've followed an upgrade and migrate procedure to do so and it seemed to go as planned. Clients connect and update just fine and tasks also worked ok. There was a delay initially when I was offered to initiate a component upgrade procedure in order to update ESMC itself. It seemed to hang but the other day was gone. I've been receiving a warning that the operating system is not up to date. I created a task from within ESMC to update it, but nothing seems to have been done. Two days later the task is nowhere to be found and my VA still shows that the operating system is not up to date. Any ideas?

Hello, I had this question a long time ago, while I was trying to optimize our ERA 6.5 setup. At that time, I installed the (ESET provided) Apache proxy on my ERA VA and presumed that it actually cached information. My question is: does it actually cache or does it merely proxy traffic (ie to ease communication of clients to ESET servers)? If it's the latter, was it a design decision? If it did, I'd expect to see HTTP responses different than 200 in the access log. IIRC, on my squid proxy I'd expect to see 301 responses (not modified).

One fast question, since upgrading ERA agent to ESMC agent seems to leave ERA agent leftovers in add/remove programs. Is that normal? Shouldn't they be deleted?

Thank you!

Thank you Marcos, can you please address my first question as well? That is, should I update ERA agent to ESMC on these xp boxes or not?

I have just migrated my ERA VA (6.5) to ESMC VA (7+). I will update all ERA Agents to ESMC on Vista and higher. My question is: should I upgrade ERA Agent on Windows XP to ESMC Agent or not? I presume that I should stick with ESET Endpoint Antivirus/Security 6.5 on XP, let me know if it is ok to move also to 6.6.

I was looking around for other information and stumbled upon your thread. Been using KES and KSC for around 3 years or so and recently switched to ESET, using ERA and now ESMC. I've been having HUGE problems during upgrade (KES 10 SP1, IIRC). Each major upgrade on Kaspersky was followed by days, weeks and months of non-responsive clients. Basically on ESET the clients run quite reliably. You might run into some issues with firewalling on the ESET Endpoint Security products, if you do not take care of properly adjusting the so-called security zones. I've been mainly using ESET Endpoint Antivirus, so for me this is not a major issue. Kaspersky seems to have better support for locally storing updates and installers, whereas in the ESET approach everything is downloaded from ESET servers. You can install components like the ESET proxy or an apache (or equivalent HTTP proxy) to ease transfers, however it is much less optimal than in the kaspersky case. And, of course, the ESET solutions require further tinkering. The ESET client runs EXTREMELY reliable. TBH, I hoped that server upgrades would be easier than Kaspersky (if not as easy as the F-secure), however the reality is that an upgrade like ERA to ESMC (that is one major server version to another major) was more difficult to do than Kaspersky. However, in the end everything runs ok with some minor glitches in the ESET case. E-mail interception seems to be "better" on Kaspersky. Using quotes here, because it did not produce high-cpu usage on thunderbird clients, as I've witnessed in some cases with ESET endpoint clients. Both solutions seem to support WANs, but I have no experience on the subject. There's also cloud management, but you'll definitely need some proxies at each point of presence, since you're mentioning bandwidth issues. There's a pretty well written analysis of bw requirements in this: https://help.eset.com/era_install/65/en-US/infrastructure_sizing.html Bottomline for me, I switched (after a long trial) to eset because the clients run better: no critical issues (system locks, av not running etc) and nicer management via native web interface. You can host the "server" part on some VM platform. Hope I've helped.

I've followed the steps there, but nothing helped. Then I disabled camera control in IS, uninstalled it and then the camera started working again... Bottomline, I'll stay clear from IS and stick to NOD32 which as been performing rock solid on the same rig.

Issue appeared immediately after uninstalling the eset product. Furthermore, this issue is exactly similar to the one described in page 2 of the thread I've mentioned, with the exact same camera type.

I'm running a trial version of ESET IS on a Windows 10 64bit (build 1803) system. IS version is 12.0.27.0 This IS program exhibited a number of issues, notably breaking network connectivity, which I fixed by making a clean uninstall (software was replaced by windows defender). However, the laptop's camera, a Lenovo EasyCamera, does not work at all. Issue seems to be exactly the same with the one reported by https://forum.eset.com/topic/14959-web-camera/?do=findComment&comment=76376 I've tried removing the camera and rebooting. Same issue. I've also tried reinstalling ESET IS, disabling/enabling webcam protection. Same result. How can I fix this?

But if the new VA has the same ip with the old one, how will I be able to perform a database migration as per https://help.eset.com/esmc_deploy_va/70/en-US/va_upgrade_migrate.html ?

(God this forum editor is giving me hell) Hello again, I've downloaded the latest available VA. I'm still confused by your instructions though. For example, on step 5 of https://help.eset.com/esmc_deploy_va/70/en-US/va_upgrade_migrate.html it is mentioned that:

Thanks for the pointer, will check that

@MichalJ: about a month and half has passed since our discussion. Do you know whether it is now possible to an ERA VA-> ESMC VA in-place upgrade and if so: 1) Is the procedure considered safe for production environments? 2) Link (in case it is other than https://help.eset.com/esmc_deploy_va/70/en-US/va_upgrade_migrate.html )?

Sorry mate, I restored a previous snapshot to get this done. Will try your suggestion next time this occurs.

Same problem here, during installation of NOD32.

One more question, can one wildcard the threat name? Ie use something like @NAME=uTorrent.* or @NAME=Win32/Hack* ?

Thanks again!

Perfect, thanks! BTW, do you have any links describing the @NAME as well as any other descriptors one can use in the threat name field.

I'm trying to create a policy to exclude by threat name, regardless of file location. Let's say that the threat I want to exclude from detection is Win32/uTorrent.C 1) In the ESMC policy for Endpoint security, I understand that one should modify Settings -> Detection Engine -> Basic -> Exclusions, is that correct? 2) Assuming that it is, I presume that I should select "Exclude threat" here. Exactly how do I specify the threat? I would expect that one should enter the exact threat name, ie Win32/uTorrent.C, however if one presses the question mark on this dialog box he/she is directed to https://help.eset.com/ees/7/en-US/idh_exclude.html whereas it is stated as an example that the threat should be specified as (example) @NAME=Win32/Adware.Optmedia@TYPE=ApplicUnwnt Are the @NAME= and @TYPE declarations mandatory and, if not, what is their purpose? For Win32/uTorrent.C how can I know the TYPE beforehand? BTW, there is some inconsistency in the documentation. That is, if one elects to create a policy for File Security for Windows Servers (v6+) instead, then the help file in this dialog box https://help.eset.com/efsw/7.0/en-US/idh_exclude.html does not specify the @TYPE specifier at all. Which of the specifiers above can be used? Win32/uTorrent.C , @NAME=Win32/uTorrent.C@TYPE=Something or @NAME=Win32/uTorrent.C ? 3) Finally, how can I specify that I want this to apply for all disks. Should I leave the path mask empty? Remember that this is a policy to be enforced on systems with an unknown number of drives, so how can I whitelist on global filesystem?

I've got an ERA 6.5 VA running for some time. Some days ago I enabled webmin and found out that there were some software packages updates. I did them but did not try to login to ERA again. Today, I was trying to login and was greeted with the error message in the title. Read https://support.eset.com/kb5852/?locale=en_US&viewlocale=en_US From what I can see, the eraserver service was down. Starting it up with systemctl start eraserver seems to start it ok, but afterwards it exits: [root@esetav Server]# systemctl status eraserver ● eraserver.service - ESET Remote Administrator Server Loaded: loaded (/etc/systemd/system/eraserver.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2018-10-08 12:19:13 EEST; 22min ago Process: 4328 ExecStart=/opt/eset/RemoteAdministrator/Server/ERAServer --daemon --pidfile /var/run/eraserver.pid (code=exited, status=0/SUCCESS) Main PID: 4329 (code=exited, status=70) Oct 08 12:17:23 esetav.pieria.pkm.gov.gr systemd[1]: Starting ESET Remote Administrator Server... Oct 08 12:17:23 esetav.pieria.pkm.gov.gr systemd[1]: Started ESET Remote Administrator Server. Oct 08 12:19:13 esetav.pieria.pkm.gov.gr systemd[1]: eraserver.service: main process exited, code=exited, status=70/n/a Oct 08 12:19:13 esetav.pieria.pkm.gov.gr systemd[1]: Unit eraserver.service entered failed state. Oct 08 12:19:13 esetav.pieria.pkm.gov.gr systemd[1]: eraserver.service failed. Now, I don't recall which daemon keeps ports 2222/2223 open, that is if it is eraserver or eraagent. Examining /var/log/eset/RemoteAdministrator/Server/last-error.html shows a bunch of errors thrown about the MySQL ODBC 5.3 Unicode Driver not being found: ... 2018-Oct-08 09:17:33 Probing database connection failed. Next connection attempt will be in 10 seconds. 10 more attempts will be made. The database access layer reported: [unixODBC][Driver Manager]Can't open lib 'MySQL ODBC 5.3 Unicode Driver' : file not found (0) ... Can I somehow reinstall that thing by command on my ERA 6.5 VA? I would prefer to avoid restoring an older VM backup and resetting there.