Jump to content

Megachip

Members
 View Profile  See their activity

  • Posts

    166

  • Joined

  • Last visited

 Content Type 

Posts posted by Megachip

    A package with the same name has already been installed on this computer

    in ESET PROTECT On-prem (Remote Management)

    Posted

    So, since 2008 it is mostly impossible to do minor upgrades of ERA/ESS without loosing the configuration (remove ESET (or the registry key) and reinstall).

     

    Any official solution for that?

     

    Trying to upgrade 2242 to 2254 and running into the same issue. Why minor upgrades (of the same language, upgrading from german to english works fine) are blocked? 

     

    Or is 2242 fine on Windows 10?

     

    THX a lot,

    Best,

    Meg

    HIPS- "Communication with driver failed. HIPS is inactive"- after windows 10 Upgrade

    in ESET NOD32 Antivirus

    Posted · Edited by Megachip

    Hi,

     

    Sorry by the delay, attached info.

    The first 5.X version, which supports Win 10 (final) official is 5.0.2254. The windows Build number is 10.0.10240. 

    Regarding to this doc, your version should be fine.

     

    The Build number on your screenshot is from Windows8/Windows Server 2012

     

    BTW, some of our customers reported, that hips even not work on a clean 10240 installation. (No Upgrade etc)

    After server reboot agents and mdm not recognised anymore

    in ESET PROTECT On-prem (Remote Management)

    Posted

     

    /var/log/eset/RemoteAdministrator/Agent/trace.log

    2015-08-30 08:47:32 Error: CMDMCoreConnectorModule [Thread 7fa7d77f6700]: Cannot connect to MDMCore using IPv6: Net Exception, Address family not supported

    2015-08-30 08:47:32 Error: CMDMCoreConnectorModule [Thread 7fa7d77f6700]: Net Exception

    2015-08-30 08:47:32 Error: CMDMCoreConnectorModule [Thread 7fa7d77f6700]: Net Exception

    This is a known, but seems still not fixed, bug with the mdm daemon.

     

    See here and here.

    [Protoscan2] Bug

    in ESET PROTECT On-prem (Remote Management)

    Posted

    - updater ETW log created on the client (will provide instructions how to create it).

    Your right. The bug is, that clients with older virus definitions than 3-5 days can't update anymore. The update process crashed after getting the protoscan2 file.

    I've had a open ticked which was closed with the remark, that ESET had fixed the bug. It seems fixed on new created mirrors on client side.

    But seems not fixed on ERAS side.

    - the content of the updfiles folder from the client

    - the dat files from the ESET install folder on the client

    - updater ETW log created on the client (will provide instructions how to create it).

    Which one of the clients?

    [Protoscan2] Bug

    in ESET PROTECT On-prem (Remote Management)

    Posted

    It's not clear what you mean by protoscan2 bug, please elaborate. Do you mean that you have an older version of the Internet protection module in the mirror? If so, what version is there?

    A newer ;)

     

    Afaik the bug is already known and fixed? 

     

    The problem was, that protoscan2 version 1173.7 does not allow any updates for clients which updates older than some days. Clients which updates every day aren't effected. 

    Creating new update mirror or clearing the update cache did not solve the problem. (even that the official eset update mirrors didn't provide the modul, eras and clients with mirror even "create" and provide it).

     

    3 Days after discovering the problem, we see that ESET updated the modul on the pre-release mirror to 1173.9, which fixes the problem. So we switched faulty clients to a pre-release mirror for updating this module and than back to normal.

     

    since some days, it seems that ESET also removes the module from mirrors created by clients (like on official mirrors), but i'm unable to remove it from ERAS :(

     

    Is there a way to manually remove it (or upgrade it to 1173.9 except switching the whole mirror to pre-release)?

     

    THX a lot

    ERA 6 Proxy IPv4

    in ESET PROTECT On-prem (Remote Management)

    Posted · Edited by Megachip

    Looks like I've the same problem with agent/mdmcore (on the eset own appliance):

    2015-06-30 12:49:01 Error: CMDMCoreConnectorModule [Thread 7f0d9ebfd700]: Cannot connect to MDMCore using IPv6: Net Exception, Address family not supported
2015-06-30 12:49:09 Warning: [Thread 7f0d9ebfd700]: run: Exception while receiving data: Net Exception, Socket is not connected.

    Login failed (communication error)

    in ESET PROTECT On-prem (Remote Management)

    Posted · Edited by Megachip

    I get that sometimes when I try and login. Usually when my session has timed out. I just open a new windows and login. Im sure that is not your issue, but thats my experience.

    Tried several hours from several machines, same error.

    • Check ERA Server is running.
    Was running

    • Check if it is listening on port 2223.
    • Try open this port with telnet.
    I think it was listing and reachable, but didn't checkt it on Friday.

    • Look at servers trace.log after unsuccessful login, there could be more info what is worng.
    No unsuccessful logins in tracelog. Which seems logic for me, cause Web-Console reported communication error.

    ...

    ...

    Came back from weekend, login works ;)

    Install ESET Mobile Device Connector (MDC) on Appliance

    in ESET PROTECT On-prem (Remote Management)

    Posted

    Please contact ESET Support, it looks there is bug.

    But I still recommend to use era_mdm.ova, you should have less problems with it.

    ATM it seems that the agent crashes immediately after trying to connect the MDMCore on IPv6. eraagent deamon still running but isn't reachable anymore. Also it is not possible to end it via init.d.

    It does not matter eramdmcore is running or not.

     

    MDM runs fine there wile, but system is out of control without an working agent. Will try manually upgrade of the agent. Support is informed.

    Agent dies to often!?

    in ESET PROTECT On-prem (Remote Management)

    Posted · Edited by Megachip

    I've had success in the past pushing those commands as a 'Run Command' task to OS X clients.

    Do you have running 2 commands? If the Agent is dead/not running, how it could restart himself?

     

    @Marcos:

    There should be a watchdog or something, which restarts agent. Seen that the agent on Server crashed (or shut down) on 5.05... no connection since this time :(

    2015-05-05 11:02:49 Information: Kernel [Thread 7f1029511700]: Used memory after modules start-up is 49712 KB
2015-05-05 11:02:49 Error: CMDMCoreConnectorModule [Thread 7f0fc97fb700]: Cannot connect to MDMCore using IPv6: Net Exception, Address family not supported
2015-05-05 11:02:49 Error: CMDMCoreConnectorModule [Thread 7f0fc97fb700]: Net Exception
2015-05-05 11:09:15 Information: Kernel [Thread 7f1029511700]: Used memory before modules shutdown is 64728 KB

    EDIT: Looks like this interferences with the following bug. The bad thing: eraagent can't be stopped via init/systemctl and can't be run if mdm is running :/

    Agent dies to often!?

    in ESET PROTECT On-prem (Remote Management)

    Posted · Edited by Megachip

    Agent does log in UTC. Most log files, on most systems, log in UTC. Otherwise it's a nightmare to diagnose problems.

    Thats the problem. Agent log told me 10:57 but ERAS say 12:57 ... Afaik ERAS logs did not contain agent problems (e.g. no connection).

     

     

    For the agents that have dies, what's showing in the log? We don;t get any agents failing (well over 100 installs, closer to 200 probably).

     

     

    Nothing. The deamon simply not running and not connecting to server. No crash or something loggt.

     

    It logged a shutdown. Why daemon shuts down?

    2015-05-27 13:13:52 Information: Kernel [Thread 0xa06b61d4]: Started module CRDSensorConnectorModule (used 0 KB)
2015-05-27 13:13:52 Information: SchedulerModule [Thread 0xb0525000]: Received message: GetRemainingTimeByUserDataRequest
2015-05-27 13:13:52 Information: SchedulerModule [Thread 0xb0525000]: Received message: GetRemainingTimeByUserDataRequest
2015-05-27 13:13:52 Information: Kernel [Thread 0xa06b61d4]: Used memory after modules start-up is 40148 KB
2015-05-27 15:14:46 Information: Kernel [Thread 0xa06b61d4]: Used memory before modules shutdown is 41420 KB
2015-05-27 15:14:46 Information: Kernel [Thread 0xa06b61d4]: Preparing to stop
    Interesting... exact the same thing happens 5 min before on another OS X maschine. but without the message

    The users shouldn't be local admins anyway......

     

    Not possible in our infrastructure. Hope it will implemented soon as self protection.

     

     

    Does restarting the agent service make a difference?

    All ERA components log in UTC, there's no exception to this. The only explanation for that is the time on the server wasn't set correctly.

    Agent itself cannot have self-protection. Most likely we will protect it by self-defense in ESET's products in the future.

     

    Rebooting system helps ;) How to restart Agent on OS X? Tried to starting the app but did not solve the problem.

    Agent dies to often!?

    in ESET PROTECT On-prem (Remote Management)

    Posted

    Aprox 1/2 of my test clients have no recent connection to the server :( Looks like there agents died.

     

    Second problem, agents seems to log in UTC (the clientime is not utc) while server is local time.

     

    In 6.1.33 is there finally a protection for disabling or uninstalling the agent by the user?

     

    Thx for the infomations,

     

    meg

×
×
  • Create New...