rgoldman

@Peter Randziak Just had to uninstall ESET AV because Outlook wouldn't open on a customers machine, they're using Comcast IMAP.

Whats the best method to have ESET not prompt clients about outdated versions? For example I had one client asking me about the AV going out of support and it was only 1 or 2 minor versions behind. As quick as you release version updates this shouldn't happen. I know of Endpoints (not managed by me) that have version 4 and 5 in use and still receive definition updates etc. There should be a better method of receiving program updates. For example, if you run a program/version update, Windows prompts no AV installed etc until reboot. And as I said as quick as you're releasing program updates it's already outdated before it reboots. Just my thoughts.

Hey @Peter Randziak Thanks Yes already tried that as I said before. Tech support and I disabled everything email related in the policy. They couldn't confirm the issue, but if I use it for more than a day or so it's really bad. I don't think it's my machines. Desktop is Intel i9 CPU with SSD, Laptop is Intel i7 with SSD (my phone doesn't have this issue). The server is sitting right next to me, it's running Xeon with SSDs under light load. But I can tell you if I uninstall ESET AV Outlook w/ IMAP is very responsive, where as it was taking 5-10 minutes (or more sometimes) to send a message or update a folder. Mailbox size is only about 2.5GB.

@Peter Randziak I'm not sure what else to do, aside from loading a machine fresh which I haven't had time to troubleshoot much further yet. I did add exclusions for the Office Directory and PST/OST files (all email security functions were previously disabled in the policy). However I'm still convinced it's ESET somehow, I mean it only occurs when ESET is installed. I had to uninstall it to get my email, that's very inconvenient. I'm determined to find out exactly whats going on just haven't had much time to work on it. I thought it might be an Outlook Addon I was using but I uninstalled it for about a week and it made no difference. Side note: I'm using Linux Mail Security 4x on the IMAP server. I'll post back any findings. Thanks

@LesRMed thanks Yes I keep thinking that. It worked fine for a couple years and all of a sudden my laptop started doing it. A month or so later the desktop. And I’ve had a couple customers with minor issues. i can uninstall AV and Outlook runs fine, reinstall and then it may be good for a few days and right back to slow. im getting real anxious now. Maybe I’ll reload a machine and go from there, but I do have a newer desktop it’s on rn. So idk. Probably something I’m overlooking or goofed up in my policy.

Also, Outlook hangs sometimes and will not close (must use Task Manager). Not just mine, my client also, but they're using Exchange.

Hi @Peter Randziak I don't think it has helped. I had to uninstall again. Just FYI I do have all the Email Options disabled in the Policy. Is there anything else I should look at it? Thanks

@Peter Randziak Thanks, I will try this for a few days and report back. I contacted support a few days ago about this and basically couldn't duplicate the issue while we we're on the phone. But I can confirm on my Laptop/Desktop it's still an issue. But I will try this and report. Thanks

Hello, Still pretty slow. If anyone has any suggestions please post here. Thanks

One thing I haven't tried is excluding OST/PST files and the Outlook directory, will that for a while.

Hello After a few weeks of narrowing it down, reinstalling etc. I've determined that IMAP is terribly slow in Outlook 365/2019 with ESET Endpoint AV installed. Even with everything email related disabled in the policy etc. If I reinstall it, it does fine a day or two, then its back to dragging. Any suggestions on how to fix this? Thanks

So theres 2 version of File/Mail security (v4) and you must install the oldest available for the policy to work.

Hi I had this figured out once but now I'm lost again. I have instaledl Linux Mail security (v4) and trying to apply a policy but it says "Product not installed/not applied" (This is the only policy for Linux v4) I'm all up-to-date. Any ideas? Thanks

Getting high memory usage (6-11GB) by ekrn Version: 7.1.12010.0 I'm trying a procdump64 -ma ekrn but getting an error 8007000D Any suggestions? Thanks

Ok so I feel dumb! I guess maybe after I rebooted the server they re appeared or something but I was viewing it wrong. They we're not in there before 🤪

I'm about to contact support. Nothing like that was updated recently. Everything has been working fine. I was in ESMC casually browsing/checking/performing tasks. When the error popped up, the page was actually idle. Thanks

All of my custom policies have disappeared. I was prompted in ESMC that, "Failed to load all applied policies" After that none my policies are there. I've restarted service, and rebooted the entire server, no change, no other errors. Any help? Thanks!

Thanks. I also noticed some abnormalities in that policy so I've started a fresh basic policy and we'll see how it goes.

logs removed

[23:52:26 PM] ESET Log Collector v4.0.2.0 (12/9/2019) - 64 bit [23:52:26 PM] Copyright (c) 1992-2019 ESET, spol. s r.o. All rights reserved. [23:52:26 PM] [23:52:26 PM] Detected product type: eea [23:52:29 PM] ============================== [23:52:29 PM] ESET logs collection mode: Filtered binary [23:52:29 PM] Number of days to collect target files and log records for: 30 [23:52:29 PM] Saving metadata to C:\Users\user\AppData\Local\Temp\elc41D3.tmp [23:52:29 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D3.tmp -> metadata.txt [23:52:29 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D4.tmp -> info.xml [23:52:29 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D5.tmp -> features_state.txt [23:52:29 PM] === Running processes (open handles and loaded DLLs) === [23:52:29 PM] Exporting... [23:52:31 PM] OK [23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D6.tmp -> Windows/Processes.txt [23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc41D7.tmp -> Windows/ProcessesTree.txt [23:52:31 PM] === Drives info === [23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc480F.tmp -> Windows/drives.txt [23:52:31 PM] Exporting volume information... [23:52:31 PM] OK [23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc4820.tmp -> Windows/volumes.txt [23:52:31 PM] === Devices info === [23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc4AA0.tmp -> Windows/devices/setupClasses.txt [23:52:31 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc4AC1.tmp -> Windows/devices/interfaceClasses.txt [23:52:31 PM] === Services Registry key content === [23:52:31 PM] Exporting... [23:52:32 PM] OK [23:52:32 PM] Adding file: C:\Users\user\AppData\Local\Temp\elc4AC2.tmp -> Windows/Services.reg [23:52:32 PM] === Application event log === [23:52:32 PM] Exporting... [23:52:32 PM] Windows event logs could not be exported in evtx format. Exporting in xml format... [23:52:32 PM] ERROR: Failed to open event log [23:52:32 PM] [23:52:32 PM] Removing temp files... [23:52:32 PM] [23:52:32 PM] ============================== [23:52:32 PM] An error occured during collection of files. See the log for more info. Updated and everything fine it seems. But when I run the collector I get an error. I tried Defaults, 1 and 30 days, same error.

Understood. I'm leaning towards policy based mode to heavily manage some devices for security. Does policy based mode use file hashes or filenames? Thanks

Can someone point me to a good and thorough resource/info on setting up HIPS. I'm testing it with a few devices in learning mode and then policy mode after that but not sure if I'm understanding right. Thanks for any info. Cheers.

Hello I have one computer that is in a group of which I have set to receive email notifications. I removed that policy and assigned new policy that has email notifications disabled yet I still receive emails. I have also "Muted" the computer and I still receive emails. What exactly does "Mute" do and should I still receive emails if I have muted a device? I read in Help that it will stop communicating with ESMC but doesn't clearly say about email notifications etc. Thanks

Thanks guys, and sorry I thought I had email notifications for replies on and I haven't checked the forum until now. @Nightowl It's been doing this a while, like before Windows 7 went out of support etc. Sorry I know I should have fixed it before now but the client is working fine, it's just reporting a date in the future as an error or something, not sure. @MichalJ Yes the time is correct on the workstation, I've checked numerous times and settings during checkout/maintenance. @Marcos Attaching a screenshot of the Endpoint itself, is that what you're asking about?

Hello I have a workstation, running Windows 7 Pro, theres always a error on it in ESMC, saying its not up to date etc. But what's weird is it under status/last occurred is always a date in the future. I don't understand. I've updated the installation multiple times, done maintenance on the OS, reset winsock, cleanup etc. and it's still doing this, any suggestions? Screenshot is attached. Thanks Reggie