kurco
ESET Staff-
Posts
96 -
Joined
-
Last visited
-
Days Won
3
Everything posted by kurco
-
Hi JimmyBK, is it possible to specify when this error occurs? is it some special request on icap server? After this error icap server doesn't handle requests anymore? Currently only option to restart it, is to disable and enable it again or directly killing icapd service (it will start again on new request). Regards, Peter
-
Hi ph4ckvv3r, yes it needs root for installation, but during that it creates new unprivileged users and group. I have seen this already before, that permissions were changed and some of our services started to fail. As you can see, many of our services are not running under root user@machine:~$ ps -e -o user:20,pid,cmd | grep eset user pid cmd ------------------------------------------------------- root 4950 /opt/eset/eea/sbin/startd eset-eea-logd 4951 /opt/eset/eea/lib/logd eset-eea-wapd 4952 /opt/eset/eea/lib/wapd eset-eea-updated 4954 /opt/eset/eea/lib/updated root 4956 /opt/eset/eea/lib/sysinfod eset-eea-licensed 4957 /opt/eset/eea/lib/licensed root 4958 /opt/eset/eea/lib/utild eset-eea-confd 4960 /opt/eset/eea/lib/confd ansible 15442 /bin/sh /opt/eset/eea/lib/install_scripts/egui_autorestart.sh --gapplication-service ansible 15496 /opt/eset/eea/lib/egui --gapplication-service root 15773 /opt/eset/eea/lib/execd eset-eea-scand 18317 /opt/eset/eea/lib/scand Our log collecting script is also gathering permissions for particular folders, if you could send me this file from logs "eea_info", I can check if everything is correct there. Regards, Peter
-
Hi social, I have tried to replicate it, but without any success, it's working for me. Could you please share with me some details? I have used clean virtual machine of Rhel 8.5. Are you using some special configuration there? some security policy? is selinux enabled? Also what version of ESS are you using? latest release 8.1.813.0? Regards, Peter
-
Hi ph4ckvv3r, I'm not sure about this, but it looks like permission issues to product components. As Marcos has written in previous comment, your Ubuntu version is not supported, but I am not aware of such a problem as you are describing. Could you please try to remove EEA once again and also Remote Administrator agent? After uninstall please check if everything was correctly removed -> /opt/eset, /var/opt/eset, var/log/eset. And then try to install EEA. Regards, Peter K.
-
Hi JensD, Server security supports only specific cases for scanning (e.g. disk storages) - supported client could be found on help page (Remote scanning help page), most probably you are using client which is not supported by our server, therefore you get 405 Forbidden. As Marcos has written in previous comment, please raise a support ticket a give us some more details about what and from which client do you want to scan. We will look at it and decide if it meets our requirements to be supported. Regards, Peter
-
ESET Server Security for Linux Web interface
kurco replied to khasanovk's topic in ESET Products for Linux Servers
Hi khasanovk, have you checked if our product is listening (by ss or netstat) on selected port? Also in browser screenshot I see the IP but not port, are you accessing web interface with configured port 9443? One more thing, I don't know what distro you are using, but please check also firewall (some distributions have it by default enabled). Regard, Peter -
Linux ESET GUI does not show up
kurco replied to Nils's topic in ESET NOD32 Antivirus for Linux Desktop
Hi, - Yes, it is possible to install Eset Protect on Linux server (Component installation on Linux | ESET PROTECT | ESET Online Help) - Yes, Agent is the communication component between Product and Eset Protect. It needs to be installed on the same machine as product and correctly configurated to communicate with EP. Peter. -
Linux ESET GUI does not show up
kurco replied to Nils's topic in ESET NOD32 Antivirus for Linux Desktop
Hi, EP has also preconfigured virtual ova appliances. Appliance could be deployed into vmware or virtualbox. Also standalone installers are available for linux. Check carefully the download page, you can switch section there. Regards, Peter -
Linux ESET GUI does not show up
kurco replied to Nils's topic in ESET NOD32 Antivirus for Linux Desktop
Hi Nils, - XFCE is the most lightweight desktop we are currently supporting. Others you mentioned aren't supported. - Yes EEA has a real-time scanner. Open, Exec, Create events are monitored under privileged user, therefore everything on your machine will be scanned. - EEA is mostly managed product right now, it can't not send other notification, than on desktop. It should be connected to ESET Protect, from this console it could be configured, all events are send into it and ESET Protect could send you mail notification. Regards, Peter -
Linux ESET GUI does not show up
kurco replied to Nils's topic in ESET NOD32 Antivirus for Linux Desktop
Hi, for now I'm not able to give you not even an approximate date. Sadly workaround isn't available, because of our incompatibility with Mate (fix requires changes in our code). Regards, Peter -
Linux ESET GUI does not show up
kurco replied to Nils's topic in ESET NOD32 Antivirus for Linux Desktop
Hi Nils, currently we are not supporting MATE desktop, therefore GUI is not working. Most probably MATE support will be added in next major release. Supported desktop environments could be found here: https://help.eset.com/eeau/7/en-US/installation.html?system_requirements.html Regards, Peter. -
Move antivirus to other server and use a newer version
kurco replied to Jefims's topic in ESET Products for Linux Servers
Hi Jefims, ESS Linux v8 doesn't not support legacy (.lic) files for activation. For offline activation you need to generate offline license file, see Download Offline/Legacy licenses | ESET Business Account | ESET Online Help. Regards, Peter -
Hi snek, please check also system logs (sudo journalctl), probably there will by more specific error about what has happened in pre-install script. What kind of ubuntu version are you using? Regards, Peter
-
Server/File Security - Command-line scanner
kurco replied to SebastianCG's topic in ESET Products for Linux Servers
Hi Sebastian, cls is currently no longer in active development and I can't guarantee you, that it will be present in further releases of ESS. I understand, that it is more convenient way, when used in scripts. But I would rather prefer executing odscan with custom profiles (containing predefined settings) and if needed parse scan logs. Regards, Peter -
Hi Nightowl, of course not, this is not normal behavior. By default on-demand scans are executed with low-priority, so they could consume high amount of cpu, but only when no other processes need it. If PC starts lagging, there is something wrong. Would it be possible to generate logs while on-demand scan is running and attach it here? Log are generated with this command: /opt/eset/eea/sbin/collect_logs.sh Thanks. Regards, Peter
-
Hi Zhopkins, I have tried to replicate your issues, but without any success. I have prepared machines with configurations as you pointed in previous comment, but it looks like, I don't have enough events for RTP. From my previous experience, I would try to exclude DB files from scanning. Sometimes this files become really huge and there are also to much events, which results into slowdowns. Regards, Peter
-
Hi zhopkins, so you are still experiencing issues with the latest Server Security release (8.1.685.0)? We have identified issues with our real-time kernel module and they are fixed in this release. Could you please somehow help me to replicate it? what kind of software are you using on these machines, if it's not a secret? maybe what file-systems are you using there, if network shares are connected? Also what about EDTD? are you using this security feature? One more thing? Your machines started to slow down or became fully unresponsive? Thanks, Peter
-
Is it possible to update modules from removable media?
kurco replied to MaxN's topic in ESET Products for Linux Servers
Hi MaxN, this feature isn't right now officially supported, but afaik, it should work. To update from a local directory, for example, /updates/eset, type in the Update server field: file:///updates/eset/ Regards, Peter. -
Hi Pablo, thanks for investigation and info sharing. Still I want to investigate this further, could you please clarify one thing for me? our support of secure boot is only manual sign with imported certificate, but no changes in kernel module, so I'm not sure how disabled secure boot could help with performance. With enabled secure boot, did you signed manually our module according to this page https://help.eset.com/eeau/8/en-US/installation.html?secure-boot.html. Disabled EDTD could be reason of better performance, EDTD is an additional layer of security, therefore it could impact performance. Thanks, Peter