We are currently on a trial of the business edition of ESET and so far everything has been good but, today we started having a major issue which is clients which every single one of them stop communicating with the server at random, sometimes an hour other times 30 minutes. (On last connected.).
Things I noticed
- Currently have it setup to communicate every 10 minutes (Default) which it does, however at random it will suddenly stop communication (all clients not just one, however I am still connected to the Admin server when this happens and can make modifications, but we are forced to restart the service which after 10 min allows them to check back in again), such as yesterday it was working fine, when I came in today it said all 50 clients last communicated 12 hours ago.
- Restarting the service fixes the issue (When an engineer helped us setup ESET they had us use a domain admin account to run the service as) however this occurs when we run it under a local account or domain account.
- The mirror update server still appears to allow the clients to update from it even when they don't check in with the server.
- The policy's are all correctly configured and worked good until today.
- Server is installed on Windows 2008 RC2 STD.
- One quick policy question, do we have an option so that all clients are forced to connect to the remote administrator server? From a business standpoint this should always be a yes and no option should be allowed to disable it, because what happened to us is the antivirus program we are moving away from made a change to the ESET policies and changed "Connect to remote administrator server" from YES to NO so earlier last week all 50 clients had no communicated in 2 days (This occurred on a Saturday) which wasn't too bad to deal with but if we go with Eset and were to deploy it to all 1000 workstations that would cause a very serious problem for us (All other AV's we have been trying out don't have an option to disable the AV Clients from checking in to the server which is a good thing).
We have enabled the debug logging and will send in the results after this weekend so when it happens, the logs will be able to gather it (Hopefully).