Jump to content

ejmorrow

Members
  • Posts

    9
  • Joined

Posts posted by ejmorrow

  1. On 3/29/2019 at 8:35 AM, Peter Randziak said:

    Hello @ejmorrow,

    can you please collect the logs by running the collection script located at /opt/eset/efs/sbin/collect_logs.sh and send us to us to analyze it?

    Regards, Peter

    Peter,

    Sorry was out of the office for a bit.  I sent you the zip file from the log collector.  The log collector also complained that it couldn't connect to Confd.

    Eric

  2. Where and how exactly is confd supposed to fit into this installation?  It doesn't look like confd gets installed, but binaries depend on it.

    [root@server1 bin]# /opt/eset/efs/bin/odscan 
    ESET File Security BETA Error: Cannot connect to Confd: No such device or address
     

  3. On 1/22/2019 at 5:02 AM, Matus said:

    Hi EJ,

    It works a little weird due to architecture which is solved in v7. Let me explain.

    By executing OD scan in webGUI or command line "esets_scan", settings from product (esets.cfg) (or ERA policy) are not applied. You'll need to use parameters (check -h). In such case, please use following task:

    sudo /opt/eset/esets/sbin/esets_scan --exclude="/root" /root

    executing scan from ERA uses utility /opt/eset/esets/lib/esets_sci which is checking esets.cfg file and in such case it'll exclude what is defined. This is however not usable much for executing via command line as you get no output into console when you use esets_sci

    Does it make sense for you? 

    I believe so.  Adding av_excludes to esets.cfg will work for scheduled scans within SMC, but won't work for testing on the command line?

  4. Exclusions would work for us, but they don't appear to be working?  I added "/root/*" to the exclusion list.  Checked /etc/opt/eset/esets/esets.cfg and found "av_exclude = "/root/*::".  Seems correct going off the main pages for esets.cfg.  Restarted the esets_daemon (Not sure if necessary).  

    Ran: /opt/eset/esets/sbin/esets_scan /root
    Summary of scan: 
         Total: files - 1399, objects 4694

    Thought maybe it wasn't really scanning but counting.  So performed an strace and it's indeed opening files to scan them.

  5. I'm setting up client tasks within Security Management Center to handle scans of different groups of systems that we have.  I can set up the scheduled tasks fine, but when using pre-defined targets such as ${DriveFixed} nothing is scanned, it works fine when I specify by mount point.  These are mostly Linux servers if it matters.

    I am assuming the syntax is the same as ERA:  https://help.eset.com/era_admin/65/en-US/client_tasks_on_demand_scan.html

    Any insight would be appreciated.  Thanks!

×
×
  • Create New...