MichalJ

The main difference between the online and offline activation is, that in case of online, each activate computers reaches our activation servers, gets unique SeatID, which is then paired with the license, and license file with encrypted license information is delivered. Then, the application is configured to automatically receive any updates that might happen on the license (renewal / extension / cancellation / ...). When using offline file, you do not create the seat ID instance, and you deliver the license file directly. So in case of changes, you have to ship a new file manually with the new license information. Offline files are also restricted to offline environments, so when you have activated with offline file, you have to make sure, that the computer that was activated with offline file won´t reach edf.eset.com, as otherwise ELA would reject creation of further offline files due to violation (offline files, should be used as a last resort). Most of the times, failed activation attempts using online method are related to computer not being able to reach activation servers (edf.eset.com), communicating via proxy, or not having the latest Windows updates installed.

Plase refer to efsw documentation, page 75. hxxp://download.eset.com/manuals/eset_efsw_45_userguide_enu.pdf#page75

The most probable reason why it didnt work was that installed version of ERA agent was older, than the currently available one. So running the live installer will perform "upgrade" (install new version over old one), but keep the settings. If you run it again, it will perform "repair", meaning change the config with the new parameters. So in such cases, you shoul reinstall it twice, to achieve the desired state.

Hello, First of all, we are not dropping support. Issue with not allowing to use "Windows Upgrade Client task" due to problem with changed certificates will be resolved by module update for all major (current) Endpoint versions + hotfix build of ERA 5, which is in the works now, and we do believe, it will be available shortly. Secondly, If you take a look where the market is going, there are not many vendors left, with the "native win32 console" for managing AV. Basically, as of now, it is only Sophos (which has stopped developing it, and is focusing on the cloud-based Sophos Central), and then Kaspersky (who has MSC console), who is reportedly working on a completely new, web-based application. Symantec offers Java-based application, as well as the web interface, however the Java Based console has no benefits compared to the web interfaces. Movement towards web-based interfaces is clear, and has huge benefits - they can be platform agnostic, easily adopted for cloud usage, you do not need to install anything on the "access point", etc. They also have the option to better scale to size, meaning can handle small and large loads of data. So as of now, there are no plans to get back to a Desktop Application. Documentation is being improved on a daily basis. We have doubled the documentation team resources, and since version 6.3, extended the content in the huge way (major changes are coming in next months, together with the release of new ERA 6 version. If there are documentation areas, that you consider being not sufficient, or deserving greater care, please let us know, so we can focus on them. Concerning the mirror vs. proxy topic. Proxy has many benefits, from the perspective of improving the overall security. In recent time, where there are huge campaigns of ransom-ware like cryptolocker, with new variants being discovered every day, it is essential that customers are using LiveGrid. In case of mirror, many customers have LiveGrid enabled, however their Endpoints were mis-configured and were not reaching LiveGrid, due to various reasons (Proxies, updates handled via Mirror). Proxy is able to cache installers, updates, forward LiveGrid, Licensing communication, and once configured properly, even offers better network load than the standalone mirror (documentation coming with the 6.3.50 explaining this). Mirror is still needed for the completely offline environments, for this we do have the mirror tool, and we are working on help content, that would guide customers how to use existing infrastructure components to serve updates in their network. Concerning the authentication server, we will examine options, how to provide authentication server alternative, that could be installed in Linux (integrated into appliance) environments. Thank you for your feedback.

Thanks for the feedback, however, it is pretty difficult to extract the specific problems you have experienced out of it. I would be very much interested, in understanding your pain-points and problems with ERA6. If you are willing to share the details, you can post it here, or send it to me via private message. Please describe the individual problematic areas in the product, and in the documentation. We are listening to the feedback, and working to resolve the issues. I admit, that there are differences between the products, and changes, that might not be in favor of every customer. ERA V6 represents not incremental, but generation shift, and that came at price of problematic migration / transition period. We care about our existing customers, so we value their feedback in order to make the product better for them. On the other hand, we have thousands of satisfied customers running ERA 6 world-wide, so generic "product is bad" is not going to make the product anyhow better for you.

Hello, the question you are asking are "too generic" to be properly answered. Can you please elaborate more. The only one I am sure about, is that the answer for the question 1 is "NO", as ERA is "device-centric", not "user-centric". It is possible to map relations between users and devices, however all tasks / policies are applied to devices, not to users. Only some features of our product are user-related, like webcontrol & device control (configuration takes into account logged user on the machine). For question 3 - We can have "dependency based software distribution", meaning that specific software is installed only on machines, which fulfills a specific set of criteria. But this is limited by the "dynamic group templates" creation, and data entries they can process. For question 4 - ERA does collect data about installed applications, however only the ones that are correctly registered in operating system. I am not sure, what is meant with "software center". Please provide more details for "collection-based configuration settings" and "configuration settings remediation".

It will be ESET Endpoint Antivirus 6.2 for OS X (OS X product has slightly different release cycle).

I would like to let you know, that the service release will be published online on May 31, 2016, with the update of ESET Remote Administrator repository happening in the following days past May 31.

You can define a presentation mode settings via Remote Administrator policy per the attached screenshot.

Hello, I have asked developers, whether they have any ideas, what might be causing the issue. However, they have suggested that you open a support ticket. Maybe a question to ask is to: did you configure the "reset cloned agent task" to the "base image computer" in ERA, without letting it connect to ERA? By this, you will make sure, that once the machine is connected with the old UUID, it is reset, and connects again with a new one. As of now, I am suspicious, that all of the agents are replicated to the same machine, meaning agents are connecting, but they are all connected into one "computer instance" in ERA. This is the simplified recommendation, how to handle cloned images: 1) Create the template image and install the agent and Endpoint on it. 2) Let the agent connect to ERAS (at least once). 3) Create an image of the disk. IMPORTANT: This computer (image) must not connect to ERAS again, otherwise this will execute the task and will prevent from executing it again. 4) For this computer entry in ERA, create a "Reset cloned agent" for the agent with trigger "ASAP" and no expiration so that anytime computer with the same Agent UUID connects, the tas will be executed. 5) Image other computers using the prepared image. The "Reset cloned agent" task will change the unique ID so that the server can distinguish between the clients.

Please note, that offline file should be used as a last resort of the activation troubleshooting. The main benefit of the online activation is "transparent license update" functionality, meaning that when you renew / change / update (do whatever change to your license) it will be automatically populated on the clients. Secondly, I recommend you to check ELA, as in case this machine connects there, it will disable creation of further offline license files, as offline files are intended to be used only in pure-offline environments. ECP 4099 has many potential causes, I would suggest to read the following KB Article: hxxp://support.eset.com/kb2434/#ECP4099

Destination is the computer, on which the RD sensor is installed. I will do it ideally by locating the RD sensor in the "Computers" section, using the product filter, and then using the context menu item "New Task".

What you should do, is to really run the "Rogue Detection Sensor Database Reset" task. It will basically force RD sensor to re-discover all of the computers from scratch, meaning that all no-longer existing HW won´t be displayed anymore.

Errors above has nothing to do with the activation. My question is - how you have added the license into ESET Remote Administrator? You can add license only by License Key, and by the means of "Security Admin Account". If you have any of those, you can use both for local activation of the ESET File Security. You can always contact your ESET representative, which can send you the license key, based on the Public ID, and identification of yourself.

Please note, that there are two channels, how the information about Windows Updates is reported in V6 products and ERA 6. By the product itself - to disable this, you need to disable the setting mentioned in first post of this thread By ERA Agent - to disable this, you need to configure setting displayed on the below screenshot. Please note, that we will be changing the behavior for the upcoming release of ERA in a way, that when Agent gets the info that Endpoint is installed, it will automatically suppress those notifications, and rely fully on the Endpoint configuration.

Hello, I would recommend you to consult a specific "Policies" section in Help Basically, each setting has two possible flags - apply & force. In case setting is set in "apply" it can be over-written by a policy applied later (you can have multiple policies on the same group, but even on the same client) + the policy application order also reflects the hierarchical structure of your groups. Customer can do it in a way, that he either: apply the general policy on the group "all" creates a specific static group with that 15 clients, and apply the "strict web-control policy" on this group or apply the "strict webcontrol policy" directly on those 15 clients. Dynamic groups are evaluated by agent, based on the pre-defined criteria. They can be used for automation of specific actions, and policies could be applied also by dynamic group membership. But you will have to define exact criteria, by which the computer will fit into the particular group. What is also needed to consider, that lists are currently treated as "one setting". Meaning the entire set of webcontrol rules in "strict webcontrol policy" would overwrite the set of rules in "general policy".

You need to: Stop ERA Server & Apache Tomcat Rename the "era" folder in the C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps directory to something else (era2) Unzip the ERA war to "era" folder in the C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps directory Start ERA Server Start Apache Tomcat Login to the Webconsole

The current notification output format is a CSV. Basically "Scanned / Infected / Cleaned / Status in the header equals to 164613 / 0 / 0 / Completed, so you know, that there were 0 infections and 0 cleaned files. We are planning to completely redesign the notification wizard, with granular configuration of the output parameters. This is planned for the "Winter" release of ERA 6, currently scheduled for December 2016.

This will be a new setting / feature, that will be added to the upcoming release of Endpoint 6.4. In the meantime, the setting is "harmless", as it basically sets non-existing functionality (some of the functionality will be module-dependent, so you will need to have both Endpoint 6.4 & new versions of protection module for enabling it work). What is currently missing is the tool-tip: "Advanced-sensitivity heuristics provides detection for suspicious applications that employ techniques commonly used in malware, taking to account their reputation and origin." Basically, it should bring more strict detection, with a slightly higher amount of false positives.

I get your point, but still I need to provide some more information, ERA is a agent-server based system, where agent is the one that initiates communication. Basically, when you create a task, task is created and will wait, until a next replication interval, when it i transferred to agent. Agent then starts executing the task, and will report such state back, upon next replication. If you have for example a 20 minute replication interval, it might take up to 20 minutes, until the task is delivered, and then another 20 minutes, until you get another "update". The same is valid, in case of a 1 minute interval, with the exception, that the loop is shorter. In case of the task you are mentioning, issue is, the task is delivered however server does not have a way, how to know this, as for all other events, it´s the agent who notifies. This time, there is no more agent, as the agent might already be uninstalled / is in the process of un-installation. We are seeking other possibilities for solution of this particular problem. We are working on adding the option to have the possibility to stop running tasks, but you need to take into account that ERA is not a real-time system, and all actions are delayed by the replication interval configured in the agent policy settings. Just to be sure, what you do consider as a "faulty setting" for a task?

Also, you have to create a corresponding report template, to start collecting such data. Also, please note, that only rule hits after the creation (and subsequent replication to agents) of the report template will be collected.

Is this happening for all tasks, or only for the one you have shown - stop managing / uninstall ERA agent? Issue is, that this task could not be updated, as there is no agent, to report back the progress. So once the task has been delivered, it will never ever show, if it succeeded or not. But that issue is related only to this task. Concerning your request to stop running tasks, we are tracking that as an improvement for future versions of ERA. But it won´t be done sooner, than for ERA release planned for December (and that is not confirmed yet).

The only thing I can recommend is to obey instructions in the kb: hxxp://support.eset.com/kb3671/(if you are not aware of the KB). Otherwise it would need a creation of a support ticket with your local ESET representative.

In ESET Endpoint Antivirus 5, the status message is automatically triggered after 7 days. It is not possible to configure this setting, this option was however added to Endpoint 6, and is fully configurable via ERA 6. AFAIK, ERA 5, can mark clients that have different virus signatures version, as the ones reported on server. However this has no relation with the status message displayed on the computer.

Go to the webconsole, click on the computer entry you would like to kniw this for, in the context menu click "details". And second tab shoul contain list of applied (reported by agent during last replication) policies and possibility to request/view configuration.