kurco

Hi Jefims, ESS Linux v8 doesn't not support legacy (.lic) files for activation. For offline activation you need to generate offline license file, see Download Offline/Legacy licenses | ESET Business Account | ESET Online Help. Regards, Peter

Hi snek, please check also system logs (sudo journalctl), probably there will by more specific error about what has happened in pre-install script. What kind of ubuntu version are you using? Regards, Peter

Hi Sebastian, cls is currently no longer in active development and I can't guarantee you, that it will be present in further releases of ESS. I understand, that it is more convenient way, when used in scripts. But I would rather prefer executing odscan with custom profiles (containing predefined settings) and if needed parse scan logs. Regards, Peter

Hi Zachary, thanks for info, please let me know about your findings. I have seen this message before also on machines without our product, but logs there were really huge and it disappears after few seconds. So when our product is stopped, it works correctly? Thanks, Peter

Hi Nightowl, of course not, this is not normal behavior. By default on-demand scans are executed with low-priority, so they could consume high amount of cpu, but only when no other processes need it. If PC starts lagging, there is something wrong. Would it be possible to generate logs while on-demand scan is running and attach it here? Log are generated with this command: /opt/eset/eea/sbin/collect_logs.sh Thanks. Regards, Peter

Hi Zhopkins, I have tried to replicate your issues, but without any success. I have prepared machines with configurations as you pointed in previous comment, but it looks like, I don't have enough events for RTP. From my previous experience, I would try to exclude DB files from scanning. Sometimes this files become really huge and there are also to much events, which results into slowdowns. Regards, Peter

Hi zhopkins, so you are still experiencing issues with the latest Server Security release (8.1.685.0)? We have identified issues with our real-time kernel module and they are fixed in this release. Could you please somehow help me to replicate it? what kind of software are you using on these machines, if it's not a secret? maybe what file-systems are you using there, if network shares are connected? Also what about EDTD? are you using this security feature? One more thing? Your machines started to slow down or became fully unresponsive? Thanks, Peter

Hi MaxN, this feature isn't right now officially supported, but afaik, it should work. To update from a local directory, for example, /updates/eset, type in the Update server field: file:///updates/eset/ Regards, Peter.

Hi Pablo, thanks for investigation and info sharing. Still I want to investigate this further, could you please clarify one thing for me? our support of secure boot is only manual sign with imported certificate, but no changes in kernel module, so I'm not sure how disabled secure boot could help with performance. With enabled secure boot, did you signed manually our module according to this page https://help.eset.com/eeau/8/en-US/installation.html?secure-boot.html. Disabled EDTD could be reason of better performance, EDTD is an additional layer of security, therefore it could impact performance. Thanks, Peter

Hi Pablo, Could you please clarify what do you mean by "EEA Agent"? do you mean Management Agent? But Eset Endpoint Antivirus does not need anything else to by functional. Also I'm not aware, that Eset Endpoint Antivirus installation needs reboot. From that screenshot you have attached, only thing that is clear, is that our scanning service is overloaded by events from eset_rtp kernel module. But most probably paths seen on that screenshot are only a fraction of events. Also what about container you have mentioned before? all of them are starting automatically after boot? have you tried to add performance exclusions on path used by containers from management console? I have suggested it some time ago in one comment. Thanks, Peter

Hi Pablo, thanks for investigation. I will try to setup new VM with encrypted LVM and follow your steps. One more question, are you using EDTD feature? is it enabled in your product? Regards, Peter

Hi Fred, change to "REQMOD" is not possible, our ICAP server feature supports only "RESPMOD". Regards, Peter

Hi ph4ckvv3r, Firstly, thanks for noticing documentation inconsistency about secure boot, we will fix this right away. I understand, that it's really hard to generate logs, when machine is constantly freezing. Probably the best way is to disable RTP, this can be done during boot in Grub, you don't need to edit it and update, when OS is already running. Check this, it's documentation for EFS, but it's the same on EEA: https://help.eset.com/efs/8/en-US/disable-realtime-protection-at-boot.html?zoom_highlightsub=eset_rtp What kind of container are you using? Docker? Maybe they could be the source of extensive events sending into our scanning core. Perhaps you could try to add some "Performance exclusion" on paths, where containers file-systems are located and events generated there will be ignored by our scanning services. I have deployed an Ubuntu 21.04 virtual machine and installed EEA. No timeouts occurred, but I will try to install docker there and also some other software, to see if I can replicate somehow yours issue. Regards, Peter

Hi ph4ckvv3r, as mentioned in previous comment, there is no official support for Ubuntu 21.04. But still it could be caused by something else, not necessary by unsupported distribution. Are you using some specialized software on your machine? something that generates huge amount of events? Linked issue you are mentioning is about Eset File Security, both products are sharing the same scanning core. efs is not a binary, but product name. Scand can't be executed manually, because it only reacts on requests from other authorized services. Correct link for supported distributions for EEA: https://help.eset.com/eeau/8/en-US/?system_requirements.html Is it possible to collect logs and attach them? thanks, Peter

Hi andre.s, is it possible to install "en_US.UTF-8" locale on this machine? it should help you get rid of these errors. Kurco