Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by CNNS

  1. Hi there,

    one of my customers used the ESET PROTECT tasks to update a Mail Security for Microsoft Exchange and as a side effect the local Quarantine has been cleared.

    Two Questions:

    Is this supposed to happen?

    Can the quarantine be restored from Backups (Veeam)?


    System Information:

    ESET PROTECT (Server), Version 8.0 (8.0.2216.0)
    ESET PROTECT (Web Console), Version 8.0 (

    ESET Mail Security 7.3.10011.0 


    Thanks in advance

  2. DNS ...

    after looking through the log files in /var/log/eset/RemoteAdministrator/Server/trace.log I found:

    2020-05-25 14:02:48 Error: CRepositoryModule [Thread 7fe8d37e6700]: GetFile: Host 'repository.eset.com' not found [error code: 20002]

    a few months ago we retired an old DC, that was the only DNS server for ESMC. Problem is fixed by updating /etc/resolv.conf with new DNS Servers

    ty for your help Marcos and sorry

    topic can be closed

  3. Hi There,


    a customer Installation shows errors when editing Client Tasks or Trying to Update the SMC.

    ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
    ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)
    CentOS (64-bit), Version 7.6.1810

    Status Overview -> Invalid Objects -> Client tasks containing inaccessible Objects: 3 -> Client tasks that use repository are highlightet and show tooltip: "The referenced repository package is not available"
    Help -> Update Product -> Accept License Terms -> ERROR: "Failed to create task: The referenced repository package is not available"
    New Client Task -> Software Install -> Install package from Repository <Choose Package> -> (No Filters are set) shows: NO DATA AVAILABLE

    Server Settings Repository Server is set to AUTOSELECT

    I already tried changing it according to https://support.eset.com/kb6749/, but no improvement.

    Tried rebooting the Appliance and no improvement.


    I am Happy for any help on this. ty






  4. thanks for your reply.

    BTW: we are getting a report every hour, so the condition that activates this notification still seems active.

    29 minutes ago, MartinK said:

    Could you specify how you filter those threats?

    If I get your question right you want to know where we already did look for those threats.

    So here are some reports (translated from the german installation we have):


    Threats of the last 30 days grouped for action taken

    Group by (Action) Count(Action)
    deleted 37
    blocked 6
    Detected 3
    connection terminated 2
    cleaned by deleting 1

    When I change this report to show a whole year I can get this to a total of 95. Even when changing the filter to show two years, we get only 95 entries.


    In the Computers view of SMC there are no Threats shown. A few have been marked as resolved in the past days.


    In the Threats view of SMC there are no current Threats shown. I have to change the filter to show resolved. Then there are 13 entries. If i change this to show 365 days i get the 95 incidents again.


    Heading over to the Mailsecurity on our Exchange we have the following data in the logs:

    Mail-Server-Protection (filtered to show the last 24hours): 302 total, evenly distributed, so like 15 events an hour, containing spam and rules for mail-attachments, this is a normal amount, we usually have like 400 a day



  5. Hi there,

    we received the following Notification (multiple times) from ESET SMC:

    Malware outbreak alert (count per time criteria)

    Warnung zu Schadsoftwareausbruch (Anzahl über Zeit)

    This Notification is on its default settings (100 Occurences in a 10 Minute Timeframe)


    Upon checking in with ESET SMC we cannot see any actives Threats that correspond to this.

    Is this a false positive? Where should we investigate further?


    System/Network Information:

    Small Business with local Exchange and Fileserver. 20 Windows Clients.

    ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
    ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)

    CentOS (64-bit), Version 7.6.1810

  6. Hello MartinK,

    with the disk completely full the htcacheclean status didnt report anything. i removed some log files from /var/log/http to free up a little and the service is now running

    [root@ESET-SMC httpd]# service htcacheclean status
    Redirecting to /bin/systemctl status htcacheclean.service
    ● htcacheclean.service - Disk Cache Cleaning Daemon for Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/htcacheclean.service; static; vendor preset: disabled)
       Active: active (running) since Tue 2019-02-19 09:57:46 CET; 2min 25s ago
         Docs: man:htcacheclean(8)
      Process: 404 ExecStart=/usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d $INTERVAL -p $CACHE_ROOT -l $LIMIT $OPTIONS (code=exited, status=0/SUCCESS)
     Main PID: 405 (htcacheclean)
       CGroup: /system.slice/htcacheclean.service
               └─405 /usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d 60 -p /var/cache/httpd/proxy -l 10000M -i -n -t -L12000

    Feb 19 09:57:45 ESET-SMC systemd[1]: Starting Disk Cache Cleaning Daemon for Apache HTTP Server...
    Feb 19 09:57:46 ESET-SMC systemd[1]: Started Disk Cache Cleaning Daemon for Apache HTTP Server.


    After 10 Minutes of runtime there has been no additional space cleaned.

    Checking back after 4 hours there are now 35G free again. So this part worked.

    [root@ESET-SMC Server]# df -h
    Filesystem                              Size  Used Avail Use% Mounted on
    /dev/mapper/centos_ba--eraappl--v-root   41G  5.1G   35G  13% /


    This Installation has been migrated from a Remote Administrator and iirc the http proxy was indeed enabled after initial setup. Are there any settings that i need to check?

    Trace logs seem to not have been written recently.

    [root@ESET-SMC Server]# ls -l
    total 300
    -rw-r-----. 1 root root  31976 Feb  9 00:16 status.html
    -rw-r-----. 1 root root    256 Feb 12 13:39 trace.log
    -rw-r-----. 1 root root  73728 Feb  8 21:22 trace.log.0
    -rw-r-----. 1 root root 192512 Feb  8 17:22 trace.log.1

    Are there any fruther steps i have to do or configurations to check for the future?

  7. Hi there,

    i got a ESET SMC Virtual Appliance that ran out of disc space.

    I managed to find the culprit but have no idea what caused this and how to fix it. Just clearing the directory and restarting the service does not seem to work. Please advice.


    Server version: 7.0.451.0

    Agent Version: 7.0.451.0


    [root@ESET-SMC ~]# df -h

    Filesystem                              Size  Used Avail Use% Mounted on

    /dev/mapper/centos_ba--eraappl--v-root   41G   41G   28K 100% /

    devtmpfs                                1.9G     0  1.9G   0% /dev

    tmpfs                                   1.9G     0  1.9G   0% /dev/shm

    tmpfs                                   1.9G  8.6M  1.9G   1% /run

    tmpfs                                   1.9G     0  1.9G   0% /sys/fs/cgroup

    /dev/sda1                               497M  126M  372M  26% /boot

    /dev/mapper/centos_ba--eraappl--v-home   20G   33M   20G   1% /home

    tmpfs                                   380M     0  380M   0% /run/user/0


    Total disc space used:

    [root@ESET-SMC ~]# du -hsx /var/cache/httpd/* | sort -rh | head -10

    36G     /var/cache/httpd/proxy

    0       /var/cache/httpd/ssl


    Total number of files in Cache directory

    [root@ESET-SMC proxy]# cd /var/cache/httpd/proxy/

    [root@ESET-SMC proxy]# find . -type f -print | wc -l



  8. Hi there,

    i too have configured some ESET Mailsecurity Installations with rules to test for SPF records. 

    To mitigate this issue i am for the moment running a SPF-exception rule before the SPF-failure-to-quarantine rule to allow certain domains from being checked. This however covers only regularly incoming mails and requires a certain amount of management to release others from quarantine.

    Please advise how to improve this solution.

    Do we have to sign up for a feature request on this?



  • Create New...