tmuster2k

More detailed info on failed installs can be found in >>C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\ from the affected workstation. There may even be a install log here or you can just go to trace log and scroll towards bottom or when this push failed to see if there are details on this failed push install.

using the Notification "managed clients not connecting alert" sent to email. On Notification template we modified it to >> Computer, Not Connecting % to greater than 1 and Computer relative time interval to = Between 2 days ago and future. I confirmed in ERA that only 1 machine has not checking in a day out of 99 systems but still getting notification daily sent to email " At least 1% of all managed clients have not connected for more than 2 days. " I modified to between 99 days and 2 days ago and still getting email alert right after finishing notification edit. tried greater than 99 and same - confirmed no unmanaged systems in ERA.

just set a settings password in the User Interface section of the policy. They may see option but would need to authorize pause via a password for it to go through. Other than that option you could set GUI to Silent mode.

ERA 6.5. Created permission set group called "company a". Created native user and assigned to newly created permission group and home group called "company a". The only thing I don't want this permission group to have access to is "server settings". I created an agent peer cert called "company a" and assigned the access group of "company a" to it. I logged into newly created native user account that only has access to "company a". When going to create agent live installer the newly created cert is assigned properly but when clicking on "get installers" I get "Failed to get installers: Access denied for certification authority". Is it only possible to create agent live installers with native admin account? Also the certificate authority does not have a passphrase applied and no passphrase was applied to newly created agent cert for "company a". I

customer was just curious about removal. Sometimes if operating system memory malware hits, it creates many duplicates in "detected threats'

thank you. This is the customers request and not mine.

Is there a task that can be run from ERA 6.5 that will remove log files from the endpoint that show up on >> Tools >> Log files >> ? for ESET ENDPOINT AV's workstations (windows OS)

Does the initial first scan which you say improves subsequent performance is this only for On-demand scans? Most IT guys deploy in the middle of the day so having that scan run with end users working causes performance degradation when its scanning the whole computer and external devices if plugged in. I have isolated the issue on 2 different environments. Also, even though the client shows the base policy I have assigned why doesn't it carry over the " Automatic first scan" entry back to the client. When I bring up EGUI and go to tools>> Scheduler it is not listing that item at all which shows in the policy. And why is the date set to >> "Task will be run only once on 1969 Dec 31 at 16:00:00"? I can almost guarantee if you run this in your testing environment you will reproduce this issue.

Working with customer who is installing ESET ENDPOINT AV for windows out to new machines (out of the box) so first scan does not need to run and currently causing slowdowns with machines. Scan has to be stopped manually on endpoint. Was able to test on new system so I created a base policy for ESET ENDPOINT for windows. In this policy I confirmed that "Automatic first scan" is unchecked in "Scheduler". Interesting to note that the launch time is "Task will be run only once on 1969- First Scan Dec 31 at 16:00:00.". Question>> why is it showing this date? I wasn't even born then. lol. During creating of the all-in-one installer I pointed to that policy that confirms that Automatic first scan is unchecked and I even forced the item. After installing All-in-one and after it updates the Automatic first scan starts and has to manually be stopped. I tested this same issue on a whole different environment and even tried just the push install VIA era with same policy confirming automatic first scan is unchecked and the automatic first scan still runs. Can anyone else please test this out or if there is another option to not allowing this first scan to run. NOTE: I did confirm that in "Show Details" and "Applied Policies" that policy in play which confirms "Automatic first scan" is unchecked but when going local to endpoint and tools >> scheduler that "Automatic first scan" is not even listed. Last item is "System startup file check" This was the same in two different environments with 2 different ERA installs.

dont use the migration tool. what you can do is leave 1 ENDPOINT V5 or ESET FILE Security 4.5 system up and deploy the ERA 6.x agent to it. After it checks in then go into configuration from the details and do "request configuration". Do a couple wake up calls and then it will appear. Once it shows in the configuration area then click "convert into policy". You can now create master policies for endpoints and servers and keep your previous configuration. Be aware that if you were using the Mirror update to go into the update section and turn that off otherwise they will not update. If you are not using 500 nodes are more you do not need caching proxy.

you will create a temp agent policy on the old server to get them to check in for that initial time to grab the new address of server. After they have got new policy and no longer checking into old server you will then apply your certificate to these computers. You can use this link as a guide >> https://support.eset.com/kb6492/

But you missed the point of my reply. in Windows 2016 Server specifically, ESET does not automatically disable Windows Defender and that was proven in my testing.

I have some updated information on the windows defender being enabled in 2016 Server with ESET enabled.If you are installing on Windows Server 2016, Microsoft recommends to uninstall Windows Defender Features go to >> https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016and section >> Install or uninstall Windows Defender AV on Windows Server 2016>> removal windows defender from "roles and features" and reboot confirmed that the service of >> WinDefend was gone. Marcos. Could I suggest in the next build of ESET FILE SECURITY that we warn customer that Windows Defender is enabled and needs to be removed via roles and features?

recently noticed that after installing ESET FILE SECURITY (latest build) that the windows defender service is still running which is the opposite of what takes place for windows 10. Are there any specific details anyone can provide on this forum as to why its in this fashion? This is the WinDefend service >> "Helps protect users from malware and other potentially unwanted software"

Not sure why your too bogged down with this. ON-demand scans should be run off hours when end user is not at computer. ESET has one of the best real time scanners around. Reactive (On demand scan that your doing) AV is dead. Please check out info on this link for detail on whats going on in the background. Most of the time when you run on demand scans its going to find some PUA. https://www.eset.com/int/about/technology/

Did you install ESET INTERNET SECURITY on top of ESET Smart Security? If so then re-install the program using the removal tool in safemode to ensure all remnants are removed >> https://support.eset.com/kb2289/?locale=en_US . Clear windows temp files. then >> After reboot from safemode, then install EIS again >> https://download.eset.com/com/eset/tools/installers/live_eis/latest/eset_internet_security_live_installer.exe

I believe this may be bug. If you choose the option to disable webcam within ESET does this not work when you use any app that accesses camera?

no problemo.

Are you referencing a windows login password? As long as the ESET agent is on the target computer you can go to Admin >> client tasks >> Run Command and use a reset command like >> net user useraccount newpassword . Might be different for Domain login

this is a false positive from the ESET intrusion detection system. You will need to add these IP's into the Trusted zone and addresses excluded from IDS. You can use this KB for a guide >> https://support.eset.com/kb2933/?page=content&id=SOLN2933 which is similar to what you will see locally with ESET ENDPOINT SECURITY or via policy. In the policy it will just say "Firewall" instead of personal firewall. I usually just add the whole network like >> 192.168.0.0/24 but you can just do those specific ip's if you want. Any ARP attack coming from the internet will be flagged regardless of the internal exclusions you are putting into ZONES.

Customer is getting this message after he installed locally using All in one package installer. none of these were activated using a offline license file. Not all machines are doing this but on about 4 different machines we RDP'd into they had it. These machines do not show up in the dynamic group "Computers with outdated modules" so you can only tell my remote desktop on checking locally on the ESET GUI. I have sent out a activation task and update task to no avail. Update locally using "Check for Updates" does not work. Had system rebooted and same. Current policy has them getting updates from the Cache proxy. They are all on the latest version of 6.6 and console is at latest as well.

Hold down the windows key + R on the keyboard to get to the run command and type: cmd >> enter for the command prompt. From the command prompt type >> shutdown /l and enter. From your Windows 10 login screen. do you now see your main windows login?

Yes. It is sent out after renewal. Not "cash" in the clear sense. This is for your records. If you renewed the same product then your license information will stay the same so there is no user intervention needed as the license will update itself.

Marcos. Would excluding that URL from filtering cause a security hole or would other ESET protective measure be able to step in?

Been having more sporadic issues with Outlook since 6.6 came out. Current customer's Outlook 2010 is crashing when "Integrate into Microsoft Outlook" is checked in advanced settings. With this item enabled, right after you click on outlook shortcut icon it goes to "Outlook has stopped responding" and you have to go into task manager to get rid of the window. When you uncheck ESET integration Outlook is normal. Windows 7 OS. I have Procmon logs at your request.