Jump to content


ESET Staff
  • Content Count

  • Joined

  • Days Won


Everything posted by MichalJ

  1. The error you have passed is not from the failure of the particular component upgrade task, rather from the failed replication attempts. How is your repository configured in both agent policy and server settings? Did you configure it for autoselect, or you specified a specific repository address ?
  2. I would check why the client task is failing. My assumption is, that either the clients do not have connectivity to the servers, or the license is not valid for the particular application you have installed. We would need details about the license used (PLID XXX-XXX-XXX), product installed (we see only version 7.1.xxxx.x), client task execution history results, (reason for the failure), and ideally agent trace log from one of the agents on the affected system.
  3. Hello @solas, Do you refer to "updates" (module updates of products) or to "upgrades" (installation of a new version of agent / endpoint). As package repository is needed only for the second one. Thanks, Michal
  4. @schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510
  5. Was the machine recently rebooted? As the number of replications is relatively low. If you could eliminate network connectivity issues, and change in HW / replication to a new entry in the ESMC server, I would attempt to reinstall the agent. This will generate a new computer entry in ESMC, but you will be able to verify whether the machine is correctly connecting.
  6. Hello @PReid You can create a dynamic group with specified condition for entry based on the installed app, or create a report which will include both "application name" and "computer name".
  7. Hello, If you are using the old ESMC 7.0 VA, it uses the Samba/Winbind to synchronize domain groups. It´s possible that this part is not correctly synced with AD. You can execute a command "wbinfo", if the user is corrently referenced in the domain: wbinfo --user-domgroups <username SID>”. This command will return the SIDs of groups where the user belongs. If it returns the old list, problem will be here. In the upcoming ESMC 7.1 (to be released in mid-November), we have adjusted the way how domain users are authenticated, where Samba/Winbind will no longer be used. That would be the recommended solution. Regards, Michal
  8. I would recommend to contact customer care. They might be able to help you with your request. I would try "re-provisioning" of the user.
  9. @Bill Lyons As of now, there are still two "mixed" concepts in ESMC. And that´s Resolved/Unresolved threats, and "Active" threats. I would recommend to not use the "active threats" for the dynamic group creation, as that works only for the AV related detection type, therefore the "count" of computers in that group would not match up (would be smaller as other detection techniques are not counted as "matching criterion". The count of "unresolved" detections column in "computers" pane should reflect the filtered view of "threats" pane for a particular computer. You can verify by going to "computer details", where there is a tab called "Threats". Only threats reported by "Antivirus" are being "marked as resolved" automatically, the other ones, regardless if they were blocked or not, are not automatically resolved. As stated in the post above, this is something to be eventually changed, but intention of "showing them" is that they might indicate some problem, that should be checked by the security staff. resolving of threats on a computer by running a scan (that covers path of that particular threat) works only for AV detection type reported threats. To clear content of the "active threats" DG, you have to execute an in-depth scan, with strict cleaning enabled, covering "all disks".
  10. @CCross I would try to respond to your question: No, the "auto resolving" applies currently only for detections reported by "antivirus" module. Detections by firewall / hips / and other modules needs to resolved manually. We are tracking improvement for it (internal reference "IDEA-872") It´s not currently possible to track ones that were "resolved automatically" and "resolved manually". Such functionality is currently available only inside our EDR product, Enterprise Inspector. We are as well tracking improvements for both adding the field about who did it (P_ESMC-13329), and also more complex incident workflow management. (IDEA-663) Regards, Michal
  11. Have you modified permission sets for default Administrator account?
  12. The best thing would be to do it via a ticket. But as you stated that customer care has issues with troubleshooting, I would include @MartinK to this topic. Me personally won´t be able to help you, but he might be the right one to at least outline some potential course of action.
  13. MDM Core is activated (although it does not consume license seat, activation is done only for the purpose of getting the valid update credentials for receiving module updates). Each mobile device needs to be activated separately, using the "product activation task" targeted towards the particular mobile device entry.
  14. This table is "filled in" only after the first successful login of each of the group members. When you login, do you login in the format DOMAIN\user.name and make sure that the checkbox "login to domain" is selected? If yes we will need a trace-log from the unsuccessful domain login attempt.
  15. @GrantMG If you have a "dead seat", you can remove it using either ESET Lciense Administrator or ESET Business account. Just search for a particular computer in the list (you can sort by the last connected time). The same functionality is available for home products, inside my.eset.com portal.
  16. No, this option is not possible, and not planned to be added. In general, the "VSDB version" is a bit of a "legacy", Currently, where majority of detections are coming via ESET Live Grid cloud reputation system, or by other behavior based modules, info about your virus signatures lost its relevancy. Also, Endpoints do have more than 20 modules in them, which means that just info about VSDB (detection engine) would not tell you whether the client really is updated. If you want to be alerted, you can configure Endpoint setting to trigger red status when modules have not been updated in longer time frame than a day. Also, the information could be added to a dedicated report template, that you can put on dashboard + you can see it in "client details".
  17. @Mindflux You are right. If you have not selected the setting during VA setup, setting in server settings won´t enable it. You have following options: Install HTTP proxy on a dedicated windows box, ideally using all in one isntaller Add it to the VA. AFAIK this steps should work: https://help.eset.com/era_deploy_va/65/en-US/enable_apache_http_proxy.html
  18. If you will update to ESMC V7, you will have the option to use "precise date filter", that was added in ESMC V7. There were also several performance improvements done, that should make it a bit better. If I read correctly, you have 18+ million (!) threats reported, which might indicate some more serious misconfigurations. How many clients you have connected to your ESMC server?
  19. maybe @MartinK can then comment, as I am out of any ideas.
  20. When you click on "client details" of the "domain-server", what is listed as the "FQDN" ? AFAIK FQDN is displayed in generated reports. You can execute "rename computers" server task, that will update the computer listing name to "FQDN".
  21. What might be a problem is, that there might be a pending feature update. I am not sure, if those could be installed using standard commands.
  22. What do you mean, that the server name is not correct? Can you post some details, like a screenshot of generated report, and the name of the server where ESMC is running?
  23. No, in this case, the pack actually means 5 devices of the type "desktop" (Windows / Mac / Linux), 5 devices of type "mobile" (Android / iOS) and 1 device of type "server". So in general you can protect up to 11 devices. And yes, you can easily protect multiple locations, there is no limitation in this.
  24. @OllyOrc sorry for the confusion. What was the previously installed version of EFSW? That was my original question.
  • Create New...