kurco

Hi JimmyBK, is it possible to specify when this error occurs? is it some special request on icap server? After this error icap server doesn't handle requests anymore? Currently only option to restart it, is to disable and enable it again or directly killing icapd service (it will start again on new request). Regards, Peter

Hi, I have checked the CIS policy you mentioned and it adds noexec flags on some mountpoints, that our product is using. Check this page noexec, maybe this workaround could help you. Regards, Peter

Hi ph4ckvv3r, yes it needs root for installation, but during that it creates new unprivileged users and group. I have seen this already before, that permissions were changed and some of our services started to fail. As you can see, many of our services are not running under root user@machine:~$ ps -e -o user:20,pid,cmd | grep eset user pid cmd ------------------------------------------------------- root 4950 /opt/eset/eea/sbin/startd eset-eea-logd 4951 /opt/eset/eea/lib/logd eset-eea-wapd 4952 /opt/eset/eea/lib/wapd eset-eea-updated 4954 /opt/eset/eea/lib/updated root 4956 /opt/eset/eea/lib/sysinfod eset-eea-licensed 4957 /opt/eset/eea/lib/licensed root 4958 /opt/eset/eea/lib/utild eset-eea-confd 4960 /opt/eset/eea/lib/confd ansible 15442 /bin/sh /opt/eset/eea/lib/install_scripts/egui_autorestart.sh --gapplication-service ansible 15496 /opt/eset/eea/lib/egui --gapplication-service root 15773 /opt/eset/eea/lib/execd eset-eea-scand 18317 /opt/eset/eea/lib/scand Our log collecting script is also gathering permissions for particular folders, if you could send me this file from logs "eea_info", I can check if everything is correct there. Regards, Peter

Hi social, I have tried to replicate it, but without any success, it's working for me. Could you please share with me some details? I have used clean virtual machine of Rhel 8.5. Are you using some special configuration there? some security policy? is selinux enabled? Also what version of ESS are you using? latest release 8.1.813.0? Regards, Peter

Hi ph4ckvv3r, I'm not sure about this, but it looks like permission issues to product components. As Marcos has written in previous comment, your Ubuntu version is not supported, but I am not aware of such a problem as you are describing. Could you please try to remove EEA once again and also Remote Administrator agent? After uninstall please check if everything was correctly removed -> /opt/eset, /var/opt/eset, var/log/eset. And then try to install EEA. Regards, Peter K.

Hi JensD, Server security supports only specific cases for scanning (e.g. disk storages) - supported client could be found on help page (Remote scanning help page), most probably you are using client which is not supported by our server, therefore you get 405 Forbidden. As Marcos has written in previous comment, please raise a support ticket a give us some more details about what and from which client do you want to scan. We will look at it and decide if it meets our requirements to be supported. Regards, Peter

Hi khasanovk, have you checked if our product is listening (by ss or netstat) on selected port? Also in browser screenshot I see the IP but not port, are you accessing web interface with configured port 9443? One more thing, I don't know what distro you are using, but please check also firewall (some distributions have it by default enabled). Regard, Peter

Hi @acfr, As I have written in previous comment, our product is not able to catch NFS events. Some additional file monitoring could observe nfs shared folders and eventually trigger event on every new file there, which could be detected by our product. Regards, Peter.

Hi acfr, sadly currently, using only Server Security, it's not possible. Maybe some additional file monitoring on nfs shared folder could trigger events detectable by our real-time module (I haven't tried it ). Regards, Peter

Hi acfr, according to you description of upload, that is exactly that know issue we are pointing in online help. Server Security development is already tracking this issue. Regards, Peter

Hi acfr, please check our help page about some NFS issues: Real-time file system protection | ESET Server Security for Linux | ESET Online Help. Is this your case? Currently we are not able to catch nfs file operations from a client. Regards, Peter

Hi, - Yes, it is possible to install Eset Protect on Linux server (Component installation on Linux | ESET PROTECT | ESET Online Help) - Yes, Agent is the communication component between Product and Eset Protect. It needs to be installed on the same machine as product and correctly configurated to communicate with EP. Peter.

Hi, EP has also preconfigured virtual ova appliances. Appliance could be deployed into vmware or virtualbox. Also standalone installers are available for linux. Check carefully the download page, you can switch section there. Regards, Peter

Hi Nils, - XFCE is the most lightweight desktop we are currently supporting. Others you mentioned aren't supported. - Yes EEA has a real-time scanner. Open, Exec, Create events are monitored under privileged user, therefore everything on your machine will be scanned. - EEA is mostly managed product right now, it can't not send other notification, than on desktop. It should be connected to ESET Protect, from this console it could be configured, all events are send into it and ESET Protect could send you mail notification. Regards, Peter

Hi, for now I'm not able to give you not even an approximate date. Sadly workaround isn't available, because of our incompatibility with Mate (fix requires changes in our code). Regards, Peter

Hi Nils, currently we are not supporting MATE desktop, therefore GUI is not working. Most probably MATE support will be added in next major release. Supported desktop environments could be found here: https://help.eset.com/eeau/7/en-US/installation.html?system_requirements.html Regards, Peter.

Hi Jefims, ESS Linux v8 doesn't not support legacy (.lic) files for activation. For offline activation you need to generate offline license file, see Download Offline/Legacy licenses | ESET Business Account | ESET Online Help. Regards, Peter

Hi snek, please check also system logs (sudo journalctl), probably there will by more specific error about what has happened in pre-install script. What kind of ubuntu version are you using? Regards, Peter

Hi Sebastian, cls is currently no longer in active development and I can't guarantee you, that it will be present in further releases of ESS. I understand, that it is more convenient way, when used in scripts. But I would rather prefer executing odscan with custom profiles (containing predefined settings) and if needed parse scan logs. Regards, Peter

Hi Zachary, thanks for info, please let me know about your findings. I have seen this message before also on machines without our product, but logs there were really huge and it disappears after few seconds. So when our product is stopped, it works correctly? Thanks, Peter

Hi Nightowl, of course not, this is not normal behavior. By default on-demand scans are executed with low-priority, so they could consume high amount of cpu, but only when no other processes need it. If PC starts lagging, there is something wrong. Would it be possible to generate logs while on-demand scan is running and attach it here? Log are generated with this command: /opt/eset/eea/sbin/collect_logs.sh Thanks. Regards, Peter

Hi Zhopkins, I have tried to replicate your issues, but without any success. I have prepared machines with configurations as you pointed in previous comment, but it looks like, I don't have enough events for RTP. From my previous experience, I would try to exclude DB files from scanning. Sometimes this files become really huge and there are also to much events, which results into slowdowns. Regards, Peter

Hi zhopkins, so you are still experiencing issues with the latest Server Security release (8.1.685.0)? We have identified issues with our real-time kernel module and they are fixed in this release. Could you please somehow help me to replicate it? what kind of software are you using on these machines, if it's not a secret? maybe what file-systems are you using there, if network shares are connected? Also what about EDTD? are you using this security feature? One more thing? Your machines started to slow down or became fully unresponsive? Thanks, Peter

Hi MaxN, this feature isn't right now officially supported, but afaik, it should work. To update from a local directory, for example, /updates/eset, type in the Update server field: file:///updates/eset/ Regards, Peter.

Hi Pablo, thanks for investigation and info sharing. Still I want to investigate this further, could you please clarify one thing for me? our support of secure boot is only manual sign with imported certificate, but no changes in kernel module, so I'm not sure how disabled secure boot could help with performance. With enabled secure boot, did you signed manually our module according to this page https://help.eset.com/eeau/8/en-US/installation.html?secure-boot.html. Disabled EDTD could be reason of better performance, EDTD is an additional layer of security, therefore it could impact performance. Thanks, Peter