Zurd

No worry, those are all wired computers in an office :)

Thanks for the info, it definitely makes sense to add the network in the trusted zones, especially if it's a Windows domain so that everything that is remote from the server can work as expected.

Anyone has any thoughts about adding the whole network like 192.168.0.0/255.255.255.0 in the Trusted zone? It allows ping to the computer but at the same time, I wonder why you would want to put the whole network as trusted. What if a computer is infected and start attacking other computers on your network? Shouldn't the Trusted zone always be empty? https://help.eset.com/ees/7/en-US/trusted_zone.html

Indeed, an alert message coming from ESET's software is not ESET problem. The developer's of ESET never put that message there, they have nothing to do about it, this is basic computer knowledge :)

You should have posted this before or just answered my questions better and we wouldn't have wasted so much time. You should add this information about IDS exceptions of duplicate IP in your knowledge base, that will save time for others: https://support.eset.com/kb3430/?viewlocale=en_US

After some research, I just found out there is an option already in ESET in IDS to disable the duplicate IP addresses messages. You do not need to whitelist any IP which would be a bad security decision and which shouldn't be suggested by ESET's administrators. To disable those warning, go into Settings / Network Protection / Network Attack Protection / IDS Exceptions, click Edit then Add. Choose Duplicate IP addresses and set to No all of them which are Block, Notify and especially Log so you will not see those alerts in ESET RAC. If you have ESET RAC, you can create a custom policy with this and assign it to all of the computers easily.

Yes, there is a duplicate IP detected. I don't have to do this test, I believe you that there is one. That is not the issue. Like I said before, what about having an option in ESET to not warn about duplicate IP? But just those warnings without having to whitelist anything.

Yes, if I whitelist the IP range in ESET's IDS (Intrusion Detection System), I won't be notified about duplicate IP addresses. However, I also won't be notified when a real intrusion or attack occurs. We might as well uninstall ESET's firewall? Wouldn't that achieve the same goal? I don't understand why you say it has nothing to do with ESET. The warning message of duplicate IP comes from the software ESET. It has everything to do with this software. Wouldn't it be a good idea to add, in the future, an option to not warn about duplicate IP?

If we set an IDS exclusion for an IP range, doesn't that defeat the purpose of having ESET's firewall? Isn't there any other solution like an option to disable the duplicate IP message? Whitelisting IP's just for a false positive is extreme. It's actually more than just a false positive, it's just a duplicate IP, it is in no way an attack on the network.

Products used: ESET Endpoint Security 7.0.2091.0 with ESET Management Agent 7.0.577.0 and Detection Engine 19287 (20190501) Operating System: Windows Server 2016 Standard and Windows 7 or 10 computers ESET RAC: ESET Security Management Center (Server), Version 7.0 (7.0.577.0) and ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) Problem: Both ESET RAC and each computer running ESET Endpoint Security will display an alert message saying "Duplicate IP addresses on network" but there shouldn't be any message. Cause of the problem: It can be easily reproduced by logging with a VPN then with RDP. Details: Let's say you have a Windows Server with a DHCP service and also a VPN service. The DHCP range is 192.168.0.50 to 192.168.0.100. On your own network, log in with a VPN to this Windows Server. This will make the server give you an IP address, for example 192.168.0.60, you can see it by running ipconfig on your own computer, there will be a PPP adapter section. Then, log in with RDP to a computer on the network of the Windows Server, for example 192.168.0.55. At this point, the Windows Server will have in its DHCP table, the IP 192.168.0.55 as a type DHCP for the computer on it's network and also the IP 192.168.0.60 as a type RAS (Remote Access Service) which comes from the VPN and more specifically in Routing and Remote Access Service in Server Manager of the Windows Server. To sum it up, there's is no duplicate IP but ESET thinks that there is and it will report the VPN IP 192.168.0.60 as a duplicate IP. ESET's knowledge base doesn't have a solution: https://support.eset.com/kb3430/?viewlocale=en_US One solution would be to whitelist all the IP of the DHCP server but this is a dirty solution as you want to be alerted if something is not a false positive on your network. More information on whitelist here: https://support.eset.com/kb2939/ A better solution, would be to restrict the IP given out of the Windows Server of the VPN to something like 192.168.0.200 to 192.168.0.220 and then whitelist only those IP's but I would prefer not to whitelist anything.

I had the problem below while trying to push an installation on a computer. I tried to install the .MSI file manually and it worked on the computer. Eveything else was fine since I already pushed quite a few other installations. Turns out the only thing needed to make this work was to reboot the server running ESET Remote Administrator. Not sure why, maybe a Windows Update but it's all good now. I didn't see anything like this on the forum so I thought I'd share the solution. So in case it's not working, just reboot! Operating System: Windows 7 Professional x64 Edition Operating System Version: 6.1 Installation result: Setting IPC$ Connection: Result Code: 0 (The operation completed successfully.) Remote Registry Connecting (OS Info): Result Code: 0 (The operation completed successfully.) Remote Registry Opening (OS Info): Result Code: 0 (The operation completed successfully.) Remote Registry Reading (OS Info): Result Code: 0 (The operation completed successfully.) Remote Registry Connecting (ESET Security Product Info): Result Code: 0 (The operation completed successfully.) Remote Registry Opening (ESET Security Product Info): Result Code: 2 (The system cannot find the file specified.) Setting ADMIN$ Connection: Result Code: 0 (The operation completed successfully.) Copying ESET Installer: Result Code: 0 (The operation completed successfully.) Setting IPC$ Connection: Result Code: 0 (The operation completed successfully.) Registering ESET Installer as a Service: Result Code: 1460 (This operation returned because the timeout period expired.) Diagnostics conclusion: Result Code: 1603 (Fatal error during installation.)

Where would that option be? I can't find it. Will that use more bandwitdh to communicate with every clients?

After much testing everything's working! Here's some tricks that can help to troubleshoot this. In ESET RAC, in the Clients tab, there's a column for "Requested Policy Name" and "Actual Policy Name". This page helps in setting up ESET RAC: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3453&locale=en_US In the client, this option is available in: Options > Antivirus & antispyware > Real-time file system protection > Setup... > Extensions and not in: Options > Antivirus & antispyware > Exclusions by path It takes forever for the client to receive the new configuration. Here's a list of things that seems to make a difference in pushing the new policy: - Wait 15 minutes for every changes you make, check the column Last Connected to know if the new policy has been pushed or not, seems like it's being reset every 15 minutes - Multiple reboots of the client computer - Setting the policy "Default system policy" then to the custom policy and back for the client in ESET RAC - Opening ESET on the client and going to Tools (it takes forever to show this page so maybe it's getting the new configuration) - Wearing a hat and singing seems to help too

I tested the policy with another settings just for testing, the "Scan removable media", is now at No, I rebooted the client computer but this option is still checked. We only have one custom policy, we're modifying "Windows desktop v5" but I also tested with v3 and v4 but it's still not working. The client computer is using ESET Endpoint Security 5.0.2229.1

I saw in the documentation that [policy] "Rules are applied immediately after the client connects to the server" So I rebooted the computer but I still cannot see this new policy.

Using ESET RAC 5.1.38.0, in Tools / Policy Manager, I've created a custom policy where there is an exclusion of files. It is saved, I can see it. In the Clients lists, I've right-click the client, choose Set Policy and used the custom policy I have created. However, on the client, in ESET Endpoint Security, I cannot see the exclusion that I have created in my custom policy. I've waited for 30 minutes now, still can't see it, what more can I do to make this work?

We don't have computers taking a huge amount of time when running a diagnostic anymore. Solution provided by Arkasi: "Try setting the ESET ERA Server service, to logon using domain level credentials, instead of local system account." Number 5 in the list here: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN82

We found the problem. Some computers had Norton and even though we uninstalled them from the Add/Remove Programs, it wasn't enough, you need to Norton Removal Tool: https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us One other is that it still had MSE, we overlook that one. After uninstall it, we were able to do a Push install on all of them!

Running a diagnostic on a computer returns "The operation completed successfully." everywhere. But trying a push install says "Failure during the package install - exit code: 1603, description: Fatal error during installation." No other antivirus on the computer. Pushing a 64 bit ESET package on a Windows 7 64 bit. ESET RA service is running with domain administrator permission. Other push installation works. What would be the next step in solving this mystery? Thanks

Indeed there is this window which we know about. One of the computer doesn't have this window. Double-clicking on it doesn't do anything (Result Code: 1460) For the second computer, this window says everything is sucessful but still doesn't install (SC error code 15, GLE error code 0)

Ah I see, it makes sense because 2 out of the 13 doesn't show the version 9765. One of them must be turned off since I cannot even ping it, the other just return "Error: Cannot download from server". It was installed with the exact same package as all the other one so it shouldn't be a package misconfiguration.

Marcos: Yes, the Virus signature DB version shows 9765 in ESET RAC in Tools / Server options / General which is what most clients also reports. Arakasi: We do not have a mirror on our server, the clients just download it from the internet from ESET server. Maybe I haven't made myself completely clear, the "Some Old" virus signature DB state is from the server not the client. It is in the Clients tab but it shows at the top under the "Server Name" column. Actually it's in any tab, just at the top. So tThis is not a problem with clients but in ESET Server. Maybe the "Some Old" state is fine, it's probably the latest version actually, but it is showing in a RED background and it doesn't say "Latest" which is why I brought it up, seems like a bug.

The second one returned: "Could not install ESET Installer on target computer (SC error code 15, GLE error code 0)" This same one said IPC$ and ADMIN$ Connection completed succesfully like all the other tests. Doing a Diagnostic return a complete succes. Weirdly the third one just worked fine this time! I think you're right Marcos, we need to install them locally and see what's going on. I thought ESET RAC would provide more information.

Thanks for your answer! Here's what I tried. Closing ESET RAC then restarting the service "ESET Remote Administrator Server" doesn't work. Closing ESET RAC then flushing the DNS with "ipconfig /flushdns" doesn't work either. Unchecking Windows Networking (WNET) and running the search again doesn't work either. Checking only WNET return an empty list. So I created a new Search task with a range starting from 1.0 to 1.255 but after clicking Run it just spin continuously, doesn't seem to work. I created yet another Search task, from 1.1 to 1.255 with only the Ping function, still no luck, just keeps spinning giving no results after 5 minutes. However if I click stop, then it gives me the results with the right IP for the right machine. Having to wait more than 5 minutes for a simple network search is not right. While I was doing this, ESET RAC crashed: "An unhandled win32 exception occured in console.exe [24872]." Not the first time this happen by just fiddling around. Anything else I can try?? I think a programmer should look into this as this is just not working. It this working when I create a new Search Tasks with exactly the same configuration as the Default Search Task.

One of them finally finished. Took 22 minutes to perform a Diagnostics. Everything went fine except: Registering ESET Installer as a Service : Result Code: 1460 (This operation returned because the timeout period expired). Diagnostics conclusion : Result Code : 1603 (Fatal error during installation). Help would be appreciated.