kurco

Hi andre.s, is it possible to install "en_US.UTF-8" locale on this machine? it should help you get rid of these errors. Kurco

Hi baran, could you please explain what does it mean corebase? you don't have access to it through ssh? and what about remote deploy you are mentioning, did it return why installation was not done? Thanks

Hi wallseat, since EFS version 8.0, every successful engine update is logged into events. Probably easiest way to obtain mentioned date is to get events log output through lslog and then filter it with combination of few commands. e.g. Regards

Hi Wallseat, lslog -d output shows only infections found by real-time protection. I can see listed malware scans on attached screenshot, so I suppose, that malicious file you are mentioning was detected during these scans. To see detections from scans you need to list scan details: 1) list malware scans with log name (using --with-log-name) 2) use log name from previous output to access scan detections (using --ods-detections=) Regards, Kurco

@linuxhitman Looks like this communication issues could be really the cause of activation fails. Please let us know, if firewall rules resolves it. If not we will investigate it further.

Hi, @Marcos sadly script from above steps is not present in EFS package (your steps are from EEA). But still there is possibility to enable ecp logging. But firstly, @linuxhitman what kind of distribution are you using? For enabling ECP logs you need to proceed according this steps: 1) stop efs service 2) edit this file: /var/opt/eset/efs/licensed/license_cfg.json (this file is created after first activation attempt, also when it fails with association) 2.1) change "Logging": false -> "Logging": true 2) start efs service 3) run again activation through lic utility 4) logs should appear in this folder: /var/opt/eset/efs/licensed/ecp 5) collect all xml files and please attach these files here, I will look if there is something suspicious on first sight. Maybe also tcpdump from activation could help, if you are able to provide it. Thanks.

Hi Mauricio Osorio, from that attached screenshot, it look like your machine doesn't have enough free space to successfully complete installation with all necessary dependencies. Look at line 7 in screenshot "No space left on device", probably issue of some of yours mount point (maybe this one /dev/xvda3, it's 100% full) There is nothing much to see in exported logs. But what I can see there, are missing installation files and incorrect permissions of installed files. Regards, Peter

Hi Robert, sorry to hear, that you have difficulties with our product. From yours screenshot I can see that our services couldn't start correctly. Could be caused by issues during installation or something is preventing them to run correctly. EFS has its own log collecting script (/opt/eset/efs/sbin/collect_logs.sh), could you please execute it and attach output? Archive you have attached in previous comment is produced by script designed for older versions of linux products. Could it be possible to generate strace of our service? it could help us identify what going on there. Before executing this command, please stop our service "systemctl stop efs" and make sure that none of efs service is left there ("ps -ef | grep efs" output should not contain any service running, if something is still running, kill it). After executing strace command, it should generate "strace_efs*" files in /tmp folder, please attach them. Are you using some other security tools on this machine for hardening? or something else that could interfere with our product? You mentioned that you tried also installation from package, during this process didn't you spot any errors/warning? Something like folder couldn't be created or similar (could be that some error occurred, but installation continued further). Thanks, Peter

Hi admin222, I can see that you are using elrepo kernel, sadly we are not officially supporting it. This is the main reason, why our real-time kernel module (eset_rtp.ko) is missing. During EFS installation we have also some dependencies, that are needed for eset_rtp.ko compilation, for centos default kernel, they are automatically installed. Now some better news, to get it working, you need to install elrepo kernel sources. This command could be used (when elrepo is not enabled from configuration) Then after this installation, restart efs service EFS will try to compile eset_rtp.ko again. After EFS is again running, check if eset_rtp.ko is loaded. Please keep in mind, that we are not officially supporting elrepo kernels, therefore I can't ensure you that everything will work correctly. Use EICAR sample (https://secure.eicar.org/eicar.com) to check if real-time events are correctly caught, it should be cleaned and reported in detections.

Hi MatthieuB, EFS web interface login name is "Administrator" and it's the only supported user for now (can't be changed locally or from ESMC). To summary it, if you are installing EFS locally by default web interface is enabled, self-signed certificates are generated and user/pass shown at the end of installation (due to security password is shown only once when generated). If you run setgui without parameters you will see the configuration, but password is hidden. Remote installation is different. Web interface is by default disabled and also self-signed certificates generation is skipped. Therefore web interface needs to be enabled and configured through policy or by executing setgui command. Regards,

Hi, If you want to install EFS without internet access, you need to install all dependencies manually by downloading their packages from centos repositories. EFS dependencies could be found in unpacked rpm package (bin installer unpacks packages when executed with -n parameter). [user@testmachine ~]$ rpm -qpR ./efs-7.1.561.0.x86_64.rpm /bin/sh /etc/cron.d /usr/bin/crontab gcc kernel-devel make perl rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 You need to install all this packages before installing EFS, but most of them will probably also have some additional dependencies. Packages are accessible from centos mirror, e.g. http://mirror.centos.org/centos/6/os/x86_64/Packages/. Peter.

Hi Mogobjah, what is the version of your EFS? Latest release contains some optimizations which maybe could help. Are there any errors is logs? especially eset_rtp timeouts, please check it. How many clients are using this web servers, if it is possible to give some number? Peter.

Hi baran, looks like an issue with encoding configuration, could you please share output of "locale" command?

Hi Markor, yes you can download it directly from eset website and install it manually, but for remote management it will work only using ESMC & Agent v7.1+ (or you can use its own webinterface, until you upgrade your ESMC infrastructure).

Hi Markor, EFS for Linux v7 is supported since ESMC version 7.1 . Looking at your Agent version, I suppose that you are using ESMC 7.0 (I see that you have also mentioned it in the first post), therefore you can't see this version in repository.