Jump to content


ESET Staff
  • Content Count

  • Joined

  • Days Won


Everything posted by MichalJ

  1. Hello, you are using unsupported MySQL version (5.5) which is no longer supported in ESMC 7.1. The only option is to upgrade your database to the one supported by ESMC 7.1 or downgrade ESMC back to 7.0 till you are able to process the upgrade.
  2. Also, your machine seems to not be connecting for a pretty long time. I would troubleshoot that first
  3. Hello, Yes, the suggested steps would be: Upgrade your license to ESET Secure Business Cloud Setup your ECA instance via ESET Business Account Generate agent only installer and install it on the machines where the Endpoints are installed to connect them to Cloud Administrator Regards, Michal
  4. Hello @mhorbul What was the DB in use before the upgrade? It might be related to the usage of MariaDB, or other unsupported DB type. Only MySQL DB is supported on Linux.
  5. @pps Sorry, I am unable to help you. @Marcos Can you move this to the corresponding thread, maybe our Endpoint guys will be able to help / suggest something.
  6. You have two options to test: when configuring the two custom rules, click on "show predefined rules" in the list, and then with "shown" set the list of rules to "replace" or you can "append" with the "local list", as the list of predefined rules is considered "local"
  7. Hello, Just to double check, is this the notification sent directly from the application? I want to follow up with the respective colleague. AFAIK, it´s being parsed by the mail protection plugin, and the information in the notification is coming from message header. Does that e-mail basically show as TO: Undisclosed recipients when opened in outlook? Thanks, M.
  8. There are two possible reasons for the license removal: Computer is removed from ESMC after a long time of inactivity, using "delete not connecting computers" task with the option "deactivate products" selected Someone manually deactivated them from either ESET License Administrator, or ESET Business Account (depending on which system you use to control / manage your lciense). As stated before, we will need your public license ID for proper troubleshooting, as there should not be any valid reason for license being "suddenly" deactivated. Also please provide the type and version of the applications your are activating.
  9. The error you have passed is not from the failure of the particular component upgrade task, rather from the failed replication attempts. How is your repository configured in both agent policy and server settings? Did you configure it for autoselect, or you specified a specific repository address ?
  10. I would check why the client task is failing. My assumption is, that either the clients do not have connectivity to the servers, or the license is not valid for the particular application you have installed. We would need details about the license used (PLID XXX-XXX-XXX), product installed (we see only version 7.1.xxxx.x), client task execution history results, (reason for the failure), and ideally agent trace log from one of the agents on the affected system.
  11. Hello @solas, Do you refer to "updates" (module updates of products) or to "upgrades" (installation of a new version of agent / endpoint). As package repository is needed only for the second one. Thanks, Michal
  12. @schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510
  13. Was the machine recently rebooted? As the number of replications is relatively low. If you could eliminate network connectivity issues, and change in HW / replication to a new entry in the ESMC server, I would attempt to reinstall the agent. This will generate a new computer entry in ESMC, but you will be able to verify whether the machine is correctly connecting.
  14. Hello @PReid You can create a dynamic group with specified condition for entry based on the installed app, or create a report which will include both "application name" and "computer name".
  15. Hello, If you are using the old ESMC 7.0 VA, it uses the Samba/Winbind to synchronize domain groups. It´s possible that this part is not correctly synced with AD. You can execute a command "wbinfo", if the user is corrently referenced in the domain: wbinfo --user-domgroups <username SID>”. This command will return the SIDs of groups where the user belongs. If it returns the old list, problem will be here. In the upcoming ESMC 7.1 (to be released in mid-November), we have adjusted the way how domain users are authenticated, where Samba/Winbind will no longer be used. That would be the recommended solution. Regards, Michal
  16. I would recommend to contact customer care. They might be able to help you with your request. I would try "re-provisioning" of the user.
  17. @Bill Lyons As of now, there are still two "mixed" concepts in ESMC. And that´s Resolved/Unresolved threats, and "Active" threats. I would recommend to not use the "active threats" for the dynamic group creation, as that works only for the AV related detection type, therefore the "count" of computers in that group would not match up (would be smaller as other detection techniques are not counted as "matching criterion". The count of "unresolved" detections column in "computers" pane should reflect the filtered view of "threats" pane for a particular computer. You can verify by going to "computer details", where there is a tab called "Threats". Only threats reported by "Antivirus" are being "marked as resolved" automatically, the other ones, regardless if they were blocked or not, are not automatically resolved. As stated in the post above, this is something to be eventually changed, but intention of "showing them" is that they might indicate some problem, that should be checked by the security staff. resolving of threats on a computer by running a scan (that covers path of that particular threat) works only for AV detection type reported threats. To clear content of the "active threats" DG, you have to execute an in-depth scan, with strict cleaning enabled, covering "all disks".
  18. @CCross I would try to respond to your question: No, the "auto resolving" applies currently only for detections reported by "antivirus" module. Detections by firewall / hips / and other modules needs to resolved manually. We are tracking improvement for it (internal reference "IDEA-872") It´s not currently possible to track ones that were "resolved automatically" and "resolved manually". Such functionality is currently available only inside our EDR product, Enterprise Inspector. We are as well tracking improvements for both adding the field about who did it (P_ESMC-13329), and also more complex incident workflow management. (IDEA-663) Regards, Michal
  19. Have you modified permission sets for default Administrator account?
  20. The best thing would be to do it via a ticket. But as you stated that customer care has issues with troubleshooting, I would include @MartinK to this topic. Me personally won´t be able to help you, but he might be the right one to at least outline some potential course of action.
  21. MDM Core is activated (although it does not consume license seat, activation is done only for the purpose of getting the valid update credentials for receiving module updates). Each mobile device needs to be activated separately, using the "product activation task" targeted towards the particular mobile device entry.
  22. This table is "filled in" only after the first successful login of each of the group members. When you login, do you login in the format DOMAIN\user.name and make sure that the checkbox "login to domain" is selected? If yes we will need a trace-log from the unsuccessful domain login attempt.
  23. @GrantMG If you have a "dead seat", you can remove it using either ESET Lciense Administrator or ESET Business account. Just search for a particular computer in the list (you can sort by the last connected time). The same functionality is available for home products, inside my.eset.com portal.
  24. No, this option is not possible, and not planned to be added. In general, the "VSDB version" is a bit of a "legacy", Currently, where majority of detections are coming via ESET Live Grid cloud reputation system, or by other behavior based modules, info about your virus signatures lost its relevancy. Also, Endpoints do have more than 20 modules in them, which means that just info about VSDB (detection engine) would not tell you whether the client really is updated. If you want to be alerted, you can configure Endpoint setting to trigger red status when modules have not been updated in longer time frame than a day. Also, the information could be added to a dedicated report template, that you can put on dashboard + you can see it in "client details".
  • Create New...