Jump to content


  • Posts

  • Joined

  • Last visited

About GregA

  • Rank

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. We have about 1500 end points. Since we don't know which one/s will have the issue next, would it hurt to enable Diagnostic for all end points for a while and leave other settings as the default, or would it create super huge logs and cause an issue?
  2. Windows 7 and Windows 10. ESET A/V version 7.3.2032, 7.3.x, ESET Agent version 7.2.1266.0 I am seeing various random users complain their ESET is out of date and they are then blocked from connecting to our Corp network VPN as it checks to ensure A/V is up to date. This is random. I don't know how long this has been an issue since we just started looking into it. Looking at the remote Workstation or Laptop ESET tools, log files, Events.. it shows the updates just stopped running at a certain date. No errors after that date and no tries as far as the log shows. What would cause the auto updates to randomly stop at the remote workstation client? Example attached where the log just stopped. The image was taken on 2/25/2021 and as you can see the event log stopped showing updates on 2/15/2021. Having user reboot computer seems to get auto updates running again on most of the ones that have been reported.
  3. Update... The file C:\windows\system32\slmgr.vbs actually exists on the system that I was looking at. Even though it shows in the Quarantine on both the local ESET GUI, and in the ESMC.
  4. Ok, I went to one of the computers and pulled up the ESET End Point Security GUI. Went to tools, quarantine, restore, enter the ESET GUI password, yes allow UAC, restore file from quarantine failed. File attempted to restore: C:\windows\system32\slmgr.vbs
  5. What do you mean by manually restore? ESMC is not manual and that is the only method I have been trying because it is multiple computers. I go to ESMC, Quarantine, Find the all computers with the hash causing the issue, try restore, one computer at a time, or multiple computers, same issue as described above in my post. So no, it does not work. Task log... Task failed: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges. This is a little concerning as an admin. If ESET can't restore a system file like this, what would happen if ESET nuked an even more important file that the systems need on a ton of computers (hundreds, thousands) and ESET can't restore the file to computers? Is there a problem with the agent on these computers? We currently have over 1,500 computers and ESET quarantined slmgr.vbs on only about 14 of those computers it looks like.
  6. That is not the case however. Try restore this... file://C:\windows\system32\slmgr.vbs And get this.... Task failed: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges. Am I in the wrong forum? Should I be posting this in Remote Management section instead since it's multiple computers?
  7. How do you define fix? People are not able to restore these from quarantine. Will the restore work after the fix rolls out?
  8. Same here, luckily only about 30 computers. But the files are fairly important, as they are used to add the Windows 7 extended ESU license each year. C:\windows\system32\slmgr.vbs C:\windows\sysWOW64\slmgr.vbs Task failed error: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges.
  9. Will there be any version of ESET endpoint available that will work on Windows XP after the end date for the older products?
  10. This is one of the screens I very much dislike in ESET. It is poorly worded and honestly, doesn't make sense. Step #1 Why would ESET make this so difficult? Step #2 This step removes the agent, but only if the agent doesn't have a password (see step #1). Why doesn't it just say "uninstall Agent" (because that is what it does) in plain language? Who wrote this? Step #3 Remove Computer from database. Apparently putting a check mark also removes the license. But it doesn't say that is what it does. Who wrote this? If you do can figure how to do the above steps with the poorly worded descriptions it would remove the ESET agent but still leave the ESET A/V package installed on the removed computer. I would think most people would want to remove both. I would purpose a better way of removing a computer is to make two uninstall tasks that can be pushed to computers. One uninstall task for the agent and one uninstall task for the A/V package. The two different tasks allow you to use an uninstall password so you don't need to do step #1 above. Once you have the two tasks created, you run the uninstall ESET A/V task on the computer first. After that completes, you next run the uninstall ESET Agent task. Wait to see the computer no longer connects to the ESET server. Now you have completely removed ESET from the computer, not just the agent. Then you can remove the computer from the database using step #3 above. I would also strongly recommend using the the EBA portal the tech recommended. Without that you are running blind on your license use count since that is where ESET counts your license usage and you can remove old computers there or make an automatic rule to remove ESET licenses from computers that haven't talked in XX days.
  11. I created a GPO or SCCM script when the agent version was still 7.1.717.0. This is the one we have been using. But it still seems to be installing 7.1.717.0 agent even though 7.2.1266.0 is the current agent version. To clarify, does the GPO or SCCM script remember the old version it was built with and keep installing the old version until you recreate the .bat file, or is it supposed to automatically know what the new version is when the new version comes out and install the new version?
  12. Dynamic groups show computers as soon as a computer ESET agent talks on each machine, assuming your Dynamic template rule is working. So active talking computers will show as soon as they talk to the ESET server. Offline computers won't show in the dynamic group.
  13. You can also sync your computers from AD with a static group Sync task.
  14. This is why I was concerned about going with the Cloud Administrator from any of the A/V vendors when we were doing demos. They were all pushing for the cloud admin. We instead went with the on-prem ESET Administrator and it has been up and working while the cloud admin has been having issues.
  • Create New...