Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by stevemaser

  1. Is there an ETA on the next service release? We've been waiting for a fix for the "Restart Computer" issues for what feels like 6 months now...
  2. I believe it's P8DQRXPVLP You should be able to run this command to get a list of the values: sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "SELECT developer_name,team_id,bundle_id,allowed from kext_policy"
  3. OK -- we figured out how to do this. If anybody else is interested: Two preinstall steps: sudo killall esets_gui sudo launchctl unload /Library/LaunchDaemons/com.eset.esets_daemon.plist Install the application (in our case either Office 2016 or 2019) then two post-install steps: sudo launchctl load /Library/LaunchDaemons/com.eset.esets_daemon.plist open -a “/Applications/ESET Endpoint Antivirus.app” Not the best solution -- but Office installs are taking *at a minimum* 4 times longer with 6.7.900, so we had to do something...
  4. This is related to my Office vs. 6.7.900 issue. Is there a command-line way to disable the Real-Time scanner and then another command to re-enable it? That would be a better (and faster) short-term solution we might be able to push out to our 8000+ system fleet to address the problem with 6.7.900
  5. Yeah, I've already started that process, but wanted to know if this a "just us" thing or not.
  6. Hey all... We just pushed out ESET A/V 6.7.900 to our fleet and Microsoft Office installations are now taking significantly longer (like going from 8 minutes to 30-60 minutes) Anybody else seeing similar?
  7. Well, it seems to handle the uninstall properly, but doesn't seem to pick up any of the customized SCEP settings. So you still need to craft a comparable set of preferences and export/import that for ESET to be useful
  8. Description: For the Mac version of ESET, the "alert" settings should be global settings and not per-user settings. Details: We are one of the orgs moving from SCEP to ESET for now and *not* using the ERA (as we would prefer not to have to spin up yet-another-server for this.) Apparently all the Preferences --> User --> Alerts and Notification settings are stored within a ~/.esets/gui.cfg file. This is a problem -- especially for the "Protection Statuses" Alerts. We need to be able to turn those off globally -- especially for computer labs where local student accou
  9. We ended up deploying without advanced heuristics because of one of the issues documented here: https://forum.eset.com/topic/4086-three-bugs-two-serious-with-docx-files-on-mac-os-x-server-eset-60140/ FWIW...
  10. We have a ticket open with Microsoft about this behavior with SCEP (since it's their branded version of ESET) -- as it seemingly only affects MS Word (at least the non-duplicate bugs do...) I did submit the above bugs to ESET support, but basically just got a "thanks. don't call us, we'll call you" response to these bugs -- which was a bit disheartening. ALSO -- FWIW -- I did try setting exclusions to .docx extensions -- but that made no difference (and I thought it would...) I can not exclude the path as that would vary from end-user to end-user.
  11. Why all these issues are associated with .docx files -- is probably a good question for Microsoft. I tried a .doc file -- and could not reproduce any of the three problems (same with .xls/.xlsx and .ppt/.pptx files...) Whatever the problem is with Word, ESET is not handling these files correctly and causing deleting/hanging/degradation.
  12. Full disclosure -- we are attempting to use Microsoft's SCEP -- which is based on the ESET engine and discovered two bugs with it -- so we decided to check the current trial version of ESET to see if the two bugs are there -- and they are.... Using ESET on Mac OSX 10.9.5 and 10.10.2 clients connecting to Mac OS X Server (both 10.9.5 and 10.10.2 server tested...) SERIOUS BUG 1 -- Default install of ESET will delete saved Word 2011 .docx files on server when connected to server via SMB To reproduce: 1) Default installation of ESET on Mac 10.9.5/10.10.2 clien
  13. Is there a way to temporarily disable the Real Time File System Protection from the command line (and then reenable it?) sudo launchctl unload <something> for example? Thanks!
  14. Our overall goal here is to be able to generate a report on multiple machines to see what viruses are being detected on each of them, but not having to parse a system.log file that would rotate every day (which is still doable, but...) We had hoped we could block of the logging to system.log and read the logs that the *application* is still displaying, but it seems not...
  15. Yeah, those are not world-readable, unfortunately. It seems like those might be the files, though... But maybe not. I don't see the timestamps on anything change if I download "eicar.com"? We'd probably have to filter against the system.log file...
  16. Which is the specific log file that correlates with what is visible in Tools --> Log Files, though?
  17. So, I thought that might be the case, but based on this thread: https://forum.eset.com/topic/2324-how-to-disable-systemlog-logging/ I currently am running things intentionally disabling all logging to /var/log/system.log (because the default logging is *much* too chatty...) But Tools --> Log Files still shows logged events (such as downloading eicar.com), so *that* information is being read from somewhere (maybe not a readable text log file...) to display it. That's what I'm trying to find out -- Logging must be done in multiple locations -- where is the logging done that To
  18. I know I can look at Tools --> Log Files to see activity, but are these log files written to a readable file on the Mac somewhere that will show me what the RTFSP detects? If so, where? Thanks! - Steve
  19. Should this be expected to work on *all* versions of Cyber Security? Or just the current 6.0 version? Or only under 10.9 (vs. 10.8?) Can you clarify? (The reason I ask is that when I tried this under SCEP 4.5 -- which I fully understand is Microsoft's licensing of your product-- the computer will kernel panic after restart (over and over) and I had to comment that line out of "scep.cfg"...)
  20. This made no difference for my testing. I have the same results as above -- where running the two commands adds a: #syslog_class = "none" line to my esets.cfg file I am running 10.9.2 and of the trial version of "Cyber Security" (as seen by what comes up in the "About" screen...)
  21. So, right now, I have the value set to: syslog_class = "" This has *greatly reduced* the logging -- but has not eliminated it. I am still getting these: Apr 24 11:23:11 <myhost> esets_daemon[275]: summ[01130c00]: vdb=18016, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv800016q/C/com.apple.internetaccounts/mds/mdsDirectory.db_", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 24 11:25:48 <myhost> esets_daemon[275]: summ[01130b00]: vdb=18016, agent=fac, name="/private/var/folders/n1/zbk
  22. So, in relation to my previous post about excessive default logging in /var/log/system.log with ESET 6, I was directed to modify: /Applications/ESET\ Cybersecurity.app/Contents/etc/esets.cfg To add these lines: [syslog_class] syslog_class = "error:warning:summ:part" This greatly reduces the number of esets_daemon lines logged to system.log, but it does not eliminate them. From what I can see in an old ESET 4 user guide, there are these logging parameters: ESETS provides system daemon logging via syslog. Syslog is a standard for logging program messages and can be used
  23. It's been another week (actually over two weeks since the initial post) -- and nothing? I have to say -- if this is how users are supposed to get support for the product -- it's underwhelming and not very confidence-enducing...
  24. Just to confirm: This is not an SCEP issue. This also happens with ESET 6.0: Here's an example of just one minute of using my mac as normal and what gets logged (if I grep "esets_daemon"...) Apr 3 08:50:08 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130700]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/C/com.apple.mail/mds/mdsDirectory.db_", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:11 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130c00]: vdb=17707, agent=fac,
  • Create New...