Jump to content

pronto

Members
  • Posts

    92
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by pronto

  1. Servus Community, I have run a task to upgrade the Management Agent to several Windows 10 machines in an evaluation group and now two different versions of the Agent seem to be installed on one PC. This is displayed in the Remote Management Center as well as in the Control Panel of the affected PC. The other PCs do not seem to be experiencing this problem. Is there an explanation for the behavior? What would be the best way to get rid of the obsolete version? Just uninstall it? Thx & Bye Tom
  2. Servus Marcos, Many software vendors issue guidelines for configuring virus scanners, especially when databases are involved. These should not be ignored if you want to work in a supported environment. Thx & Bye Tom
  3. Servus Community, with any update seems to have added an additional possibility to exclude files and folders from the virus scanner. Until recently, there was as far as I remember only one place to define exceptions, now there are two: Performance Exclusions and Detection Exclusions. I started a new client with an accounting software and have now configured the Detection Exclusions for it, but noticed that another, older policy with exceptions, where these two possibilities didn't exist at the time of creation, can now be found under Performance Exclusions. I don't get behind the deeper meaning of these two possibilities while reading the manual and wanted to ask what would be the right place for exceptions? Furthermore, I have to configure an environment variable that is not in the list[1] of compatible variables: %localappdata%\AGENDA [2]. If this variable doesn't work, do I really have to configure the absolute path for each user using this software individually? [1] https://help.eset.com/eav/12/en-US/idh_exclude_format.html [2] https://agenda-kunden.de/pdf/6041.pdf (Page 3) Thx in advance & Bye Tom
  4. I reinstalled the agent and deleted the resulting duplicate from the ESMC. The client is now in the remote console with the current status and a final update of the agent went through without problems. I continue to monitor the client to see if the status is now automatically updated. Thx for your attention & Bye Tom
  5. Servus Community, I have a Mac OSX client that SMC says hasn't reported to the server in two weeks, but the user is in the house every day and the status log on his local machine says that everything is fine. How can I fix this? Thx & Bye Tom
  6. Servus Marcos, Yes indeed, a server restart was enough. The warning at least about HIPS is gone... Thx & Bye Tom
  7. Ah okay but JPEGs can everyone see or are they also only visible for ESET stuff members? Anyway, here is the log collection. Thx in advance & Bye Tom efsw_logs.zip
  8. Are there any sensitiv data in the log files, is it save to publish public or can you provide me an adress where I can send the log files? The zip file has a little more than 1 MB... Bye Tom
  9. Servus Marcos, This is one of the mysteries, I didn't disable HIPS as you can see in the policy screenshot but in the computers list I got a red alert notification and in the details list I got the issues as you can see in the other screenshot. So I expect that HIPS should be enabled... Thx & Bye Tom
  10. Hi Community, I'm working on a policy with reduced security level for a Windows server operating system. There is no email scanning and no web protection necessery, so I'm going to disable this features in the client policy. But now I got plenty of warnings in the remote console and I'm searching for a possibilty to disable al this warnings. Furthermore there is a warning for a disabled HIPS feature, which isn't disabled in the remote console, so normaly I expect an active and configured HIPS feature on the server but it isn't. Can anyone help to work through this two issuses? Thx in advamced & Bye Tom
  11. Servus Community, I have conflicting information here in the ESET Security Management Center and in the local console of some clients. I have a client task running to install the latest Endpoint Protection product on Windows and for some clients the status in the task list in the Executions tab of the SMC is: "Task failed, try to install software manually". But if I look at the client itself, everything is fine and the latest Endpoint Protection product is installed. Where do these differences in status information come from and how can this be turned off? Thx & Bye Tom
  12. Servus Community, last week we installed two Apple Mac OSX test systems with Eset Endpoint Antivirus in Standard Policy and today we had the problem that internal websites as well as at least one external hosted web site were no longer reachable. There was no error message from Eset, only a timeout from the browser. After we turned off Web Protection, everything worked again, even after the Web Protection was turned on again. Is there any indication why the web sites were rejected? Do we really have to whitelist the wen sites according to the try and error principle or can we set the filter less strict? Any best practice settings for Mac OSX available? On Windows we doesn't have those problems... Thx & Bye Tom
  13. Servus Michalj, perfect, thanks a lot :-) Bye Tom
  14. Servus Community, we installed now the first Mac OSX agents with endpoint anti virus and recieve on Macs, who are not running the latest version of Mac OS, a warning that "The Operating System is not up to date", both on the client system and in the Security Management Center console. For Windows clients we can disable this notification in the client policy but we don't find a corresponding setting in the policy for Mac OSX clients. There would be some settings in the User Interface section of the policy (Note attached screenshot), but I fear to disable important notifications about virus alerts also and there are no settings regarding to this benign notifications about the Operating System. Is this not possible to disable on Mac OSX? Thanks in advanve & Bye Tom
  15. Hi Community, we generate a daily report in PDF format and would like to change the font size. We have searched in the Server Task in the Print Format Options but there you can set all kinds of options but no font size. Is that not possible or do I have to look somewhere else? Thx & Bye Tom
  16. Servus Community, we configured the access to the local mirror server now over HTTP and this works as expected. Thx & Bye Tom
  17. Servus Community, we solved the issue with creating a static parent group and moved all user defined groups into this parent group. We are now able to configure the parent group in the server task. It could be that easy... 😉 Thx & Bye Tom
  18. Servus Marcos, okay, i've now setup these settings: The product 'ESET File Security' is installed on the server. Created a group for the ESCM server Created a policy that configures the Update Mirror Policy applied to the group of the ESCM server The directory created on the server for the mirror files is already filled, so far everything should be in place on the server now. Now the client policy is missing. I have now compared our policy template with the manual[1] and can't reproduce it word for word, now I'm a bit unsure whether I'm in the right place. We want to distribute this through a Windows share and the manual says so: But this path does not exist in the client policy. (See screenshot). There is no Update - Profile - Mirror tab in the template, but an Update - Profiles - Update Mirror tab. Furthermore, there would be no setting Provide update files via internal HTTP server, but only an activation or deactivation of the HTTP server. Either we are using a different version or the manual is inconsistent or I am in the wrong setup. Thanks in advance & Bye Tom [1] https://help.eset.com/eea/7/en-US/idh_config_update_mirror_advance.html?idh_config_update_mirror_advance.html
  19. Servus Marcos, >1, Using an http proxy (recommended, will save a lot of traffic) The trainer means that using a HTTP roxy server isn't necessary for our environment (about 60 Clients), so he did it elswhere. >2, From a local mirror created by the mirror tool or a v7 product that's more likely but I had to search for a while now until I found this configuration menu at all. It's not in the ESMC, as expected, but I found it on a client in the Endpoint Security settings. Since we want to use our server as our primary local server, I first have to install the Endpoint Security application there (which hasn't happened yet) or I misunderstood. Is the mirror tool to be used the option marked in the screenshot below in the Endpoint Security configuration menu? Somehow this seems strange to me... Thanks in advance & Bye Tom
  20. Servus Community, yesterday, during a short introduction to ESET Security Management Center 7.x, we created a server task that releases the license for clients that have not responded for more than 60 days and removes the client from the configuration. Unfortunately, I can only specify a single group in the task settings, where the task searches for such clients. We don't want to use the All group because we fear a lot of false positives. Now we had the idea to create a dynamic group and then set it as group in the server task. But we weren't shown how that works. The question is whether the idea makes sense and how to create such a dynamic group. Thanks in advance & Bye Tom
  21. Servus Community, yesterday we had a short introduction to ESET Security Management Center 7.x and learned that by default clients download their definition updates from the online ESET server from the Internet. We were briefly shown how to change that clients using the local server as default and ESET's online server as fall back server only. Unfortunately, I can't remember necessary setup. There were several steps to set. Can someone briefly tell us the necessary steps and/or give us the KB articles for the new ESET Security Management Center. I don't find them either. Thanks in advance & Bye Tom
  22. Servus MartinK, for you also the information, that a client restart solved the issue and I will monitor the behaviour of the client connectivity in the next few days. If you have further informations about the error messages, I'm still interested 😉 Thx & Bye Tom
  23. Servus Marcos, >Please check the last connection in client details and make sure the client has recently connected to the ESMC server. How can I perform a connectivity test to determine if the client is connected or not? Anyway, a restart of the client solved the issue for now. I will monitor the behaviour of the client connectivity the next few days, maybe I figure out what's happend. Thx & Bye Tom
  24. Servus MartinK, there is actually something logged but I can't deal with the error codes: 2018-11-19 06:20:54 Warning: CPushNotificationsModule [Thread 1708]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) 2018-11-19 07:03:41 Error: CReplicationModule [Thread 1550]: InitializeConnection: Initiating replication connection to 'host: "VM-NET-SRV-2.DOMAIN.local" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "VM-NET-SRV-2.DOMAIN.local" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: OS Error, and error details: 2018-11-19 07:03:41 Warning: CReplicationModule [Thread 1550]: InitializeConnection: Not possible to establish any connection (Attempts: 1) 2018-11-19 07:03:41 Error: CReplicationModule [Thread 1550]: InitializeFailOverScenario: Skipping fail-over scenario (stored replication link is the same as current) 2018-11-19 07:03:41 Error: CReplicationModule [Thread 1550]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "VM-NET-SRV-2.DOMAIN.local" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "VM-NET-SRV-2.DOMAIN.local" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: OS Error, and error details: Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: VM-NET-SRV-2.KASTNER.local:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 8ea39442-1013-435d-8574-158cf7524b02, Sent logs: 0, Cached static objects: 49, Cached static object groups: 9, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] 2018-11-19 13:32:22 Warning: CPushNotificationsModule [Thread 2a20]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) 2018-11-19 19:35:01 Warning: CPushNotificationsModule [Thread 21c4]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) 2018-11-20 01:37:29 Warning: CPushNotificationsModule [Thread 27a8]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) 2018-11-20 08:24:50 Warning: CPushNotificationsModule [Thread c90]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) 2018-11-20 13:32:50 Warning: CPushNotificationsModule [Thread 2b20]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) 2018-11-20 20:24:44 Warning: CPushNotificationsModule [Thread fdc]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) 2018-11-21 02:27:19 Warning: CPushNotificationsModule [Thread 135c]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) 2018-11-21 08:27:24 Warning: CPushNotificationsModule [Thread 18cc]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) 2018-11-21 14:27:29 Warning: CPushNotificationsModule [Thread 574]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) You may have more information about the error messages. There is nothing special in the status log. Thx & Bye Tom
  25. Servus Marcos, ah, excuse the stupid question, that's exactly what it says. Now it's about the warning in the remote console, because the client hasn't been connected for two days. It should actually do this, especially since it has also downloaded a current virus definition today. Is it possible, that under certain circumstances, a client downloads the current virus definition from the Internet, without the knowledge from our server? Thx & Bye Tom
×
×
  • Create New...