MichalJ

In general, best practice is not to run 2 security products at once. So as of now, the only supported way would be to ininstall SCEP, reboot and install ESET. Alternatively, you might try to remove SCEP not by the AV remover (uninstall 3rd party product) but instead enable reporting of all apps in agent policy and the try to remove SCEP by "choose application from list" option. For next release (6.5) we will adjust AV remover behavior to not remove ESET product.

I would suggest you follow the instructions in this KB article hxxp://support.eset.com/kb3671/(in case you are installing ESET Remote Administrator 6).

You can install standalone apache http proxy using the all-in-one installer. That should ease the installation process for you. We are also evaluating an option to provide fully manageable (installable / configurable) apache http proxy instance for the future releases of ERA (however, as I have stated above, not for the upcoming 6.5 release).

This is really a weird behavior as the tasks are executed by ERA agent, not by ERA server, and their are executed as soon as all of your agents connect and get the task to be executed. So, even if you execute the task on 100 computers, as soon as all of those 100 computers have connected, they should start executing the task all at once (or be randomized within the 20 minutes, as each of the clients connects within the 20 minutes). I assume that is your replication interval. What is the replication interval of your agents? How many agents are connecting to your server? Isn´t your server overloaded (not accepting connections)? Also, what is your era server / era agents versions used?

Can you please confirm if you do not have policies assigned to group all that are forcing clients to communicate via apache http proxy? (proxy server is configured in "Tools" / "Proxy Server" ? If you have installed your ERA server in default configuration with those settings enabled, all clients are forced to communicate via HTTP Proxy. Is the computer on the internal Lan (has it access to the proxy server) or it is connected directly? If this is the case, create a new policy, that will have the "use proxy server" setting disabled, and try the activation again.

We are currently analyzing the option to backport the Anti-ransomware protection to Endpoint 6.5. Feature from consumer is "interactive" which might not work well in environments when users are not having administrative privileges or, they are managed by ESET Remote Administrator. If not added to 6.5, it will be for sure added to Endpoint 7 next year.

As I do understand correctly, this is related to "tagging" computers for rapid identification of the ones, that are serving as update mirrors. Custom fields were removed, but for the next major (however not the upcoming 6.5 release) we are planning to introduce advanced tagging options, that will resolve this problem.

An important info to be asked is also which version of ESET Remote Administrator 6 you have been testing (you can locate the version info in the "about" section of the ERA V6 webconsole).

Hello, No, this is not possible as of now. What problem you are trying to solve? Do you want to explicitly identify, which clients are used as a mirror server?

In case your agents are the same version as the ones you will be newly installing, the only thing needed is to redeploy the new agent to connect it to the new server (with new connection info / certificates). In case your agents are not the same version as the ones you will be newly installing, you have to execute the remote deployment twice (fist one will only upgrade the ERA Agent, won´t change the connection info / certificates).

Hello, This module is automatically installed to Windows Server 2012, 2012R2 and 2016 This module is not installed on Windows Server 2008 / 2008R2 due to the issue described above by Marcos You can specify installation parameters into the Software Install task command line, to install EFSW with all modules, and it will install it also on 2008 / 2008R2 Parameters to enter: ADDLOCAL=WebAndEmail,EmailClientProtection,MailPlugins,ProtocolFiltering,WebAccessProtection,_Base,ShellExt,HIPS,SERVER,_FeaturesCore,RealtimeProtection,DeviceControl,WMIProvider,Scan,Updater,DocumentProtection,CLUSTER,GraphicUserInterface,eShell,UpdateMirror,SysInspector,SysRescue,OnlineHelp,OfflineHelp

Helllo, Gateway mac address is unknown to ERA agent (there is no way, how it could determine it) which evaluates dynamic group membership. So such expression won't work.

Hello, Once ERA agent is deployed, you can install the EES using the "software install task". If you want to use SCCM to also deploy EES, procedure is the same as in case of V5, however, you will have to activate the clients using "product activation task" after deployment.

Hello, this is a confirmed bug that the development is looking at and should be fixed in the next service release.

Hello, First of all you should convert your license to the new format using ESET License Administrator (ELA) conversion page. Then, you can install ERA 6 and either deploy the ERA agent to the few existing Endpoint clients and then upgrade them to V6, or you can create couple of fresh machines with V6 directly. Our licensing won't report overusage from this perspective as only V6 clients (or V5 clients activated via ERA agent) are evaluated (counted) into the new licensing system consumption. ERA V6 install won't use any license quantity forvitself.

Hello, the "logged user field" will be added to "client details" in the ERA 6.5. Just out of curiosity, which problem you are trying to solve, by showing this information?

How were the licenses added to the ESET Remote Adminstrator? By license key or by security admin account? You should login to the License Administrator console, with the License key and ELA password. Then you will be to "deactivate" the seats you want. You can check the ELA documentation: hxxp://help.eset.com/ela/en-US/index.html?faq.htm

Hello, Are all of those entries "unmanaged" or is one of the entry "unmanaged" (result of the AD sync task) and one managed (result of the connection of ERA agent)? It might happen, that the name is not resolved correctly upon first conneciton, however then the "rename task" on Lost and Found group is executed, so the computer is renamed. However, if the another synchronization with AD won´t be run, with proper collision handling set to remove duplicate entries the duplicates will remain.

What is the version of the Mobile Device Connector? Was it upgraded to version 6.4 ? Please provide details about the MDMCore version, as this issue was present on the version 6.3 and older, however should not happen on the latest version.

Hello, the "read locks" mean, that the settings are set by ERA policy. You need to remove the policy flafs "apply/force" from the specific settings, or unassign policy from the client (group) in which the client is located.

What is needed to do, is to perform the "stop managing / uninstall ERA agent" with the target set to the entry of the no-longer existent Android machine. After the task has been executed, you would be able to remove the device, and it should not reappear.

Hello, This issue will be resolved in the next release of ERA 6 (6.5). After carefully considering all aspects of the issue, we have not considered its severity to be at level which would require a rollback of the agent to version 6.3, or release / including upgrades of completely new agent. Till today, it was not reported as critical outside this thread. After analysis, it might generate up to 3MBs per day, with default replication interval. The benefits of newer ERA agent are still higher, than this issue. We are sorry for any inconvenience caused by this on your side.

Hello, for Endpoint V5 please do the following: Enable dumping to protoscan pcaps by importing the appropriate xml configuration (dump_to_pcaps-enable-endpoint.xml) Replicate the problem, note the time (with time zone information) when the problem occured (e.g. 16.10.2013 at 16:14:30 UTC +0900). Disable the dumping (dump_to_pcaps-disable-endpoint.xml). Include: the files EsetProxyInner.pcapng and EsetProxyOuter.pcapng (located in "c:\ProgramData\ESET\<product name>\Diagnostics") time from step 2 any error messages that were displayed description of the problem OS, ESET product and protoscan versions All other ESET modules (from about section) Can you also check, if the driver "epfwwfpr.sys" is running? (sc query epfwwfpr). Thank you, Michal dump_to_pcaps-disable-endpoint.xml dump_to_pcaps-enable-endpoint.xml

Hello, it seems to me, that your ERA agents are not connecting to the server, in case they are connected via VPN. That would explain that nothing gets applied, and that they are not visible on the dashboard + when they are synced from AD / imported they are seen as "unmanaged" (unmanaged = without ERA agent). What you should do, is to check the "status.html" located in ESET RemoteAdministrator folder of Program Data / ESET. The error should tell you, what is the issue with replication. My guess would be, that a wrong "public" hostname was entered, or your "public" hostname is not correctly set in your server certificate.

What we will ideally need is a full memory dump, so our devs could analyze what is locking your system. Have you tried to uninstall ESET? Was the issue occurring then? Also, what is the status of Windows Defender? Is it switched off completely?