MichalJ

Hello, what is the installed product / version & what is the operating system used? Is it ESET Endpoint Security / Antivirus V5, or after deployment of ERA agent, you have also upgraded ESET Endpoint Security / Antivirus to V6? ERA agent itself should not interfere with V5 in no other way, than to adjust its configuration to connect to ERA agent instead of the ERA V5 server, and then enforce the policies assigned to that computer by ERA V6 server. Couple of questions: Are there any policies applied to the computer via ERA 6? Is the issue occurring after computer restart? can you please send us Pcap log? Open Advanced settings of ESET product. Go to Network - Personal firewall - IDS and advanced options. Open Troubleshooting (click on plus button in the tree) and check check-box for Enable advanced PCAP logging, save advanced settings. Simulate problem with network. Stop pcap loging in advanced settings. Log from pcap: "c:\Users\All Users\ESET\ESET Smart Security\Diagnostics\". Also please specify the versions of modules used by your product (located in about section of ESET product).

Hello, just to let you know, it was confirmed by our QA, and tracked as a bug. I will try to get you more details during next week.

Hello, basically you need to create a report template which will include computers and functionality problems, and filter only the problems, that are listed in the dynamic group template. What I do recommend, is (in order to get more accurate / strict results) to play with the settings of the product, as currently, the "virus signature database is out of date" alert is triggered after 7 days. I will recommend adjusting this, via policy (screenshot also attached). But you can also use the solution for MartinK

Hello, which product version are you using? (it is located in the "help & support section").

Hello j-gray, What do you mean by "immediate policy refresh"? You mean, that when you have performed some changes in the policy, you want the agent to connect to ERA, and start using the new settings? As of now, a wake-up call is the way. We are planning some changes to how wake-up calls are performed + for the feature we are planning to move towards a push-notification service, meaning the changes would be reflected quicker. Just a note how it works as of now: As the communication is initiated by client in ERA, agent by default connects every XX minutes, as configured in the policy. Policy will be pulled upon next sync interval. To override the sync interval, you can use the wake up call, but the machine needs to be reachable for a network broadcast.

How you are uninstalling the agent? If using "Software Uninstall" this task works in a way, that Agent connects MS API, and triggers silent removal of ERA agent, by OS itself (like if you have initiated the uninstall from "control panel / programs and features". If the agent is uninstalled, there is no way, that it will report "success", so the task status will switch to "failed" after some time (AFAIK, ERA server waits 24 hours to get confirmation, if it won´t come, it will time-out / fail). So if you are expecting a "finished", you won´t ever get it, as client task status is reported by Agent, and there is no Agent, to report "finished" status. Basically the same is valid for "Stop Managing / Uninstall ERA agent task".

According to the documentation you should use one of the following: Click <Choose package> to select a installer package from the repository or specify a package URL. A list of available packages where you can select the ESET product you want to install (for example, ESET Endpoint Security) will be displayed. Select your desired installer package and click OK. If you want to specify a URL where the installation package is located, type or copy and paste the URL (for example file://\\pc22\install\ees_nt64_ENU.msi) into the text field (do not use a URL that requires authentication). hxxp://server_address/ees_nt64_ENU.msi - If you are installing from a public web server or from your own HTTP server. file://\\pc22\install\ees_nt64_ENU.msi - if you are installing from network path. file://C:\installs\ees_nt64_ENU.msi - if you are installing from local path. hxxp://help.eset.com/era_admin/64/en-US/index.html?client_tasks_software_install.htm

Hello, the date/time will be added to ERA 6.5. Other adjustments (list of computers indicating the current status, most recent error / update status) is a bigger request and will have to be evaluated for the future versions.

You need to have your previous Certification Authority, and Server certificate backed up (exported). If you do have them, you can import them (CA + ERA server certificate) and configure server to use this old ERA server certificate. Then the agents will start "trusting" the new server, and everything will work normally. This documentation part gives you the steps to take: hxxp://help.eset.com/era_install/64/en-US/index.html?clean_installation_same_ip.htm The best way would be to try to reconnect to an existing (backed-up) DB, as everything is in the DB, including the certificates.

Quarantine is stored on each EVS appliance. Upload quarantined item is not supported in case of ESET Virtualization Security, only quarantined management, per this section of documentation: hxxp://help.eset.com/evs/1/en-US/index.html?tasks.htm What kind of a problem you are trying to solve, by attempting upload of a quarantined file? What do you want to do with the file?

Just to give you an update, the Firefox issue should be resolved in the next release of ESET Endpoints / ERA / standalone AV remover, as it was handled by OPSWAT. Concerning the other one, that the task removes also ESET, Concerning the removal of ESET, we are looking into that issue.

As of now, we should finish the coding / QA process in December 2016, with the subsequent release during Q1/2017.

Hello, this option (creating of installer packages) is as of now available only for Endpoint Antivirus & Security for Windows. Possibility to select also File Security is scheduled for the next release (6.5).

Hello, how is the task triggered? Issue with OPSWAT is, that current implementation does not have an explicit "whitelist" for ESET applications. It is intended to be executed before ESET products are installed. Concerning the FF removal, we are trying to solve this with Opswat, as it is a false positive.

Hello, You have to open a standard support ticket with your local ESET representative. Communication concerning API is handled via support.

As you can see, the build number is not changed, only the last suffix. Installer was repacked, with a little change in the installer, to support local installation on macOS Sierra, which was having issues due to gatekeeper. That was the reason, for not keeping two (basically same) versions of mac product in repository. In case of the last month rollout of server products, we have kept all of the older versions, and we are planning to do this in the future as well.

What package version you were rolling out? It might happen that it was replaced, due to reported issues with the macOS sierra installation. Was it 6.3 already?

Please check the era documentation concerning proxy chaining. It is supported, but only in case your proxy does not require authentication (bottom of the page). hxxp://help.eset.com/era_install/64/en-US/index.html?http_proxy_installation_linux.htm

As the mentioned RedHat distributions are older, they are not longer tested with the product. Only the version 6 is supported officially (tested). However, it should work without major issues, as the latest LInux product is based on the V4, which is a bit older too from the perspective of the compatibility. Please consult the documentation: https://download.eset.com/com/eset/apps/business/es/linux/latest/eset_efs_45_userguide_enu.pdf where are more details.

Hello, the "remote administrator port", is the port, on which ERA server listen for communication with ERA agents. ERA API available for V5 is not compatible with ERA V6, as ERA V6 is a completely different product architecture. ERA V6 has its own API, which listen on the port 2223 as it is the same API, that is used by Remote Administrator Webconsole. Documentation with examples is published here: hxxp://help.eset.com/era_install/64/en-US/index.html?era_serverapi.htm

Hello, please open a standard support ticket with your local ESET distributor. We can´t troubleshoot this issue through our community forum.

Hello, ERA 6.5 is not available as a beta yet. It is still under development. We are currently evaluating beta release for December 2016 and GA for Q1/2017.

@Jim, As of now, we do understand the "Administrator account" to be the one, that should be "stored safely into the safe" and to be used for standard logins, but only as a fallback. Basically, you should specify a extremely safe, one-mile long password, and not use it at all, unless needed. We are however evaluating changing the current behavior in a way, that it would be possible to disable the "Administrator" account totally, and simply keep using normal created accounts, with admin privileges, secured with 2FA. Would this be sufficient for you?

Hello, @slansing, Thank you for your feedback. At the beginning, just a couple of words trying to explain the differences between client tasks, and server tasks: server tasks are executed by ESET Remote Administrator server (server sends reports, server pushes agents, synchronizes with AD, etc). client tasks, are executed by ESET Remote Administrator agent, on managed computers In the very beginning, the interface for both was looking the same, and was providing the same kind of information (the same kind of results were shown as for the server tasks). Based on the customer feedback, it was changed for the ERA 6.3, where the new client task interface with more granular status reporting was provided. Please note, that we will perform some minor adjustments, so for example filtering by latest execution time will be added in upcoming release. Also, from the long-term perspective, we are planning to remove the separation to server / client tasks, and basically what is called "server tasks" will be evenly dispersed into the different sections of the webconsole. I am fully aware of the capabilities of Sophos interface (you have not mentioned if you were referencing the Cloud, or on-premise console, but I have figured out that you were referencing the Cloud). I do agree, that among the competitive products, it´s definitely the one, which is very straight-forward, and simplified for daily operation. To address some of the problems you were reporting: - you can view all of the tasks, simply by clicking each of the options in the context menu (failed/running/planned) and remove the filter on the top of the list (I will examine the option, to make this more straight forward for the future release). - sorting by the time of execution will be improved into the coming version - ERA 6.5 - side menu, is basically a "main" (5 buttons - dashboard / computers / threats / reports / admin) and 2nd level menu for "Admin" section. The main menu is dynamically expandable. You can freeze the panel, so it won´t pop out. Navigation is going to be improved in the next release as well. @bbahes: Possibility to change the administrator account timeout is working OK (at least in my ERA 6.4), filters and search is being added to more and more parts of the webconsole (on most of the screens, you can however use the browser based search). I am not going to please you out, with promising the offline mirror is coming back in ERA 6.5, as of now it is not planned. But there are several improvements being considered to improve also the user experience with updating our products. But to sum it up, we are always listening to feedback from every customer, and are doing our best, to improve the user-experience with our products.

Basically, what it is telling you, that a module, that is superior (mandatory to be switched on, for webcontrol operation) to Webcontrol is not functional. You can see that there are three errors reported in the "setup" pain of your Endpoint Security. So what we would recommend is to check what issues are there. As Marcos has stated, basically, protocol filtering needs to be enabled, in order to allow webcontrol to work.