Jump to content

Camilo Diaz

Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by Camilo Diaz

  1. Policies -> Settings -> (Web and email) Web access protection -> web protocols -> Ports used by HTTP protocol
  2. Hey Marcos, as mentioned by other members, as soon as an user logs in, Real-Time protection start working again, so I don't think it will be feasible to get the logs from a device experiencing the issue...
  3. My Bad. Have sent you a link with the full logs.Thanks
  4. Hi Marcos, we are experiencing exactly the same issue in about ~1000 workstations. all upgraded via Installation Task from ESMC . I have enabled FULL dump for logs and attached the results here. btw. it's only affecting EEA 7.3.2041.0 eea_logs.zip
  5. Hey Marcos, I do see some resolved but other ones remain not resolved. Some of them running EEA 7.3.2041.0.
  6. Can your clients telnet to your new ESMC server on port 2222? If not then there's highly likely a firewall stopping the connection. (assuming the new server is working as expected). What about new clients? Can they connect to the new server?
  7. ESET Security Management Center (Server), Version 7.2 (7.2.1278.0) ESET Security Management Center (Web Console), Version 7.2 (7.2.230.0) We are currently managing the Antivirus detection by adding the endpoints to a Dynamic Group and running a Scan Task which if successful it resolves the detection. My understating is that for the 'Firewall' Module detection, this has to be manually resolved. (Is there any insight of improvements on this?) For the 'Web protection Module' we have a fair amount of blocked detection 'attempt to connect to URL - Blocked by PUA blacklist/Blocked by Internal blacklist'. We'd like to auto-resolve/close this if the status is 'blocked'. Is this possible? Thanks, Camilo.
  8. Hi Marcos, I was experiencing the same with a few clients and after a reboot the warning is gone for good . Cheers
  9. We have experienced the same issue again, eset_proxy process consuming 100% CPU and blocking somehow the network on the affected devices. Running Eset Endpoint Security 6.90.0. All affected devices are running macOS 10.14 (Mojave). Have reported it to ESET so hopefully we'll get an answer soon. Thinking to upgrade to 6.90.3 but not sure if it will make any difference at this stage.
  10. Ok problem solved. I had missed that notification which explains it will attempt to upgrade as much as it can (in my case, the agent). I can also select a dynamic group. Thanks!
  11. Thanks @MichalJ. I've had a look at the 'security management center components upgrade' but if I choose 'Server Task', again I can't select a dynamic group and If I select 'Client Task', is not clear what the task is doing... Upgrading the client? upgrading the agent?
  12. Is there a way to select a Dynamic group as the 'Target' group for an Agent Deployment Task? As you can see in the screenshot, Dynamic groups are greyed out. I have +8000 devices so ideally I want target the task only to those that are not in the latest version. ESET Security Management Center (Server), Version 7.1 (7.1.717.0) ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0) edit: This is the official KB from Eset which is not clear on my particular questions. https://support.eset.com/en/kb6741-remotely-install-or-reinstall-the-eset-management-agent-using-eset-security-management-center-7x Thanks, Camilo
  13. seeing the same pop up (URL/Urlik.AAO) when installing other applications: ESET Endpoint Antivirus 7.2.2055.0 ie: Adobe DC
  14. That one is already resolved, that's why you can't resolve it. Have a closer look at the status and you'll see the 'i' from Informational... 1st and 2nd screenshot
  15. I have opened a case with our local customer care and provided the requested logs, but they didn't find the root cause of the problem. I was provided with the beta version 6.8.400.0 and issue still occurred there. Edit: Provided logs esets_proxy log level has been set to verbosity level = 8 Sample of esets_proxy.txt customer_info.zip
  16. Hi Marcos, yes, ESMC is behind a proxy (configured) and behind a firewall with open outbound connections to 80/443. . Traffic is allowed to all of those update servers and I can’t see anything being blocked on my proxies.
  17. ESET Security Management Center (Server), Version 7.0 (7.0.577.0) ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) ESCM is complaining under Status Overview, that cannot reach 'Server module updates'. "Server module update is failing. See audit log for more details." Outbound traffic for the ESCM server is allowed on ports 80/443. Current config is to check every few hours. SERVER: AUTOSELECT (Regular Update) I've had a look at the logs on the servers but can't find any trace of what's wrong. Connection to the repositories is working fine. Any ideas? Cheers ,Camilo.
  18. Thanks Marcos. When you said "it's possible to disable protected service", do you mean to disable 'Automatic exclusions to generate" for Microsoft SQL Server?
  19. We had the same issue and have downgraded EFS to 6.5.12010.0. Will stay in that version until the problem is fixed.
  20. Thanks for your prompt reply. The ideal solution is to delete and deactivate the license autmatically from ESMC. We are managing +8000 devices so you can understand is not a good solution to delete the devices one by one and then deactivate the license one by one. I'd like to troubleshoot connectivity to ELA servers. What's the PLID? Edit: I know PLID is now. I'll pm you the details
  21. ESET Security Management Center (Server), Version 7.0 (7.0.577.0) ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) Microsoft Windows Server 2012 R2 Datacenter (64-bit), Version 6.3.9600 Server Task keeps failing. Not much info from the console. See attachment. From the logs in C\:ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs I think the error is related to: 2019-04-18 01:40:14 Information: LicenseModule [Thread 3f0]: DeactivateSeatsForComputers: Deactivation of seat [ComputerUUID=0d784d38-806b-4b12-8607-032559162da8, SeatID=2e5c5ba1-d108-4675-a2c4-7f473ba, MasterSeatId=232f229a-8db6-4e4a-8a16-e913e8bd17d5] failed. Error: CEcpCommunicator: ECPRequestMessageDeactivation request failed, error=0x20103004. 2019-04-18 01:40:15 Information: LicenseModule [Thread 3f0]: DeactivateSeatsForComputers: Deactivation of seat [ComputerUUID=128b91b2-118d-4710-b02d-90caf056ded0, SeatID=d67b52bd-8c73-4bb4-ad4d-2841415, MasterSeatId=232f229a-8db6-4e4a-8a16-e913e8bd17d5] failed. Error: CEcpCommunicator: ECPRequestMessageDeactivation request failed, error=0x20103004. 2019-04-18 01:40:15 Information: LicenseModule [Thread 3f0]: DeactivateSeatsForComputers: Deactivating seat [ComputerUUID=150a8581-d6e7-47c4-a41c-027623b6050a, LicensePublicID=XXXXX, SeatID=1609803e-9...]. PS. I removed the LicensePublicID from the logs Any advice on how to fix this?
  22. Check the logs in your server and the logs for ESCM
×
×
  • Create New...