Jump to content

GregA

Members
  • Posts

    28
  • Joined

  • Last visited

Everything posted by GregA

  1. We have about 1500 end points. Since we don't know which one/s will have the issue next, would it hurt to enable Diagnostic for all end points for a while and leave other settings as the default, or would it create super huge logs and cause an issue?
  2. Windows 7 and Windows 10. ESET A/V version 7.3.2032, 7.3.x, ESET Agent version 7.2.1266.0 I am seeing various random users complain their ESET is out of date and they are then blocked from connecting to our Corp network VPN as it checks to ensure A/V is up to date. This is random. I don't know how long this has been an issue since we just started looking into it. Looking at the remote Workstation or Laptop ESET tools, log files, Events.. it shows the updates just stopped running at a certain date. No errors after that date and no tries as far as the log shows. What would cause the auto updates to randomly stop at the remote workstation client? Example attached where the log just stopped. The image was taken on 2/25/2021 and as you can see the event log stopped showing updates on 2/15/2021. Having user reboot computer seems to get auto updates running again on most of the ones that have been reported.
  3. Update... The file C:\windows\system32\slmgr.vbs actually exists on the system that I was looking at. Even though it shows in the Quarantine on both the local ESET GUI, and in the ESMC.
  4. Ok, I went to one of the computers and pulled up the ESET End Point Security GUI. Went to tools, quarantine, restore, enter the ESET GUI password, yes allow UAC, restore file from quarantine failed. File attempted to restore: C:\windows\system32\slmgr.vbs
  5. What do you mean by manually restore? ESMC is not manual and that is the only method I have been trying because it is multiple computers. I go to ESMC, Quarantine, Find the all computers with the hash causing the issue, try restore, one computer at a time, or multiple computers, same issue as described above in my post. So no, it does not work. Task log... Task failed: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges. This is a little concerning as an admin. If ESET can't restore a system file like this, what would happen if ESET nuked an even more important file that the systems need on a ton of computers (hundreds, thousands) and ESET can't restore the file to computers? Is there a problem with the agent on these computers? We currently have over 1,500 computers and ESET quarantined slmgr.vbs on only about 14 of those computers it looks like.
  6. That is not the case however. Try restore this... file://C:\windows\system32\slmgr.vbs And get this.... Task failed: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges. Am I in the wrong forum? Should I be posting this in Remote Management section instead since it's multiple computers?
  7. How do you define fix? People are not able to restore these from quarantine. Will the restore work after the fix rolls out?
  8. Same here, luckily only about 30 computers. But the files are fairly important, as they are used to add the Windows 7 extended ESU license each year. C:\windows\system32\slmgr.vbs C:\windows\sysWOW64\slmgr.vbs Task failed error: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges.
  9. Will there be any version of ESET endpoint available that will work on Windows XP after the end date for the older products?
  10. This is one of the screens I very much dislike in ESET. It is poorly worded and honestly, doesn't make sense. Step #1 Why would ESET make this so difficult? Step #2 This step removes the agent, but only if the agent doesn't have a password (see step #1). Why doesn't it just say "uninstall Agent" (because that is what it does) in plain language? Who wrote this? Step #3 Remove Computer from database. Apparently putting a check mark also removes the license. But it doesn't say that is what it does. Who wrote this? If you do can figure how to do the above steps with the poorly worded descriptions it would remove the ESET agent but still leave the ESET A/V package installed on the removed computer. I would think most people would want to remove both. I would purpose a better way of removing a computer is to make two uninstall tasks that can be pushed to computers. One uninstall task for the agent and one uninstall task for the A/V package. The two different tasks allow you to use an uninstall password so you don't need to do step #1 above. Once you have the two tasks created, you run the uninstall ESET A/V task on the computer first. After that completes, you next run the uninstall ESET Agent task. Wait to see the computer no longer connects to the ESET server. Now you have completely removed ESET from the computer, not just the agent. Then you can remove the computer from the database using step #3 above. I would also strongly recommend using the the EBA portal the tech recommended. Without that you are running blind on your license use count since that is where ESET counts your license usage and you can remove old computers there or make an automatic rule to remove ESET licenses from computers that haven't talked in XX days.
  11. I created a GPO or SCCM script when the agent version was still 7.1.717.0. This is the one we have been using. But it still seems to be installing 7.1.717.0 agent even though 7.2.1266.0 is the current agent version. To clarify, does the GPO or SCCM script remember the old version it was built with and keep installing the old version until you recreate the .bat file, or is it supposed to automatically know what the new version is when the new version comes out and install the new version?
  12. Dynamic groups show computers as soon as a computer ESET agent talks on each machine, assuming your Dynamic template rule is working. So active talking computers will show as soon as they talk to the ESET server. Offline computers won't show in the dynamic group.
  13. You can also sync your computers from AD with a static group Sync task.
  14. This is why I was concerned about going with the Cloud Administrator from any of the A/V vendors when we were doing demos. They were all pushing for the cloud admin. We instead went with the on-prem ESET Administrator and it has been up and working while the cloud admin has been having issues.
  15. Update: One of our techs was working on this over the weekend and he says that he found the old Kaspersky A/V agent (our previous A/V provider) was still installed and after uninstalling the old Kaspersky A/V agent the "ESET Management Agent is outdated" message went away. He did this fix on about 30 workstations.
  16. I have the latest ESET SMC server version and I see the same issue suddenly happening over the weekend. On the main computers screen it says "ESET Management Agent is outdated" on some computers but if I drill down to one of those computers from the dashboard and view it's installed applications, the ESET agent version (7.2.1266.0) says it is "Up-to-date version". So it seems to be a bug since one part of ESET says the agent it is up to date and another says it is out of date. I am going to call support later today to have them sort it out.
  17. I'm curious, what does the ESET agent version report as when you look at one of those computers (SMC, computer, show details, installed applications). I have a group of computers incorrectly showing on the main console computer list screen as "ESET Management Agent is outdated" but when I drill down to the installed applications for that computer, the correct 7.2.1266.0 is showing installed and says it is "Up-to-date version" installed. So something is wrong on my Security Management Center reporting, as it says agent out of date on one screen and agent up to date on the other. I will call support Monday if it persists. This happened after I rolled out version 7.3.2032.0 A/V update to most of our computers over the weekend.
  18. How long did you wait? It takes about 10-30 minutes after an upgrade before the database is ready and it lets you log in. That is normal.
  19. I would recommend a new thread for agent reporting issue since that is not the topic of this thread and your upgrade worked.
  20. Create a Dynamic Group template for the older ESET version, to find your computers with the old version installed. Example template values below. Then create a Dynamic Group that uses that template to find the computers with the old agent. You could even create an agent install task to run in that dynamic group daily. Or just push the new agent install version to all or some in that group manually. You can create a similar dynamic group for the newer agent version to see the computers with the new version installed. Installed software . Application vendor = ESET, spol. s r.o. Installed software . Application version contains 7.2.2
  21. Kill the ERAServer.exe in task manager when it gets to that point in the install and hangs. Then the install should proceed. At least that's what I had to do when we upgraded.
  22. You need to open the ESET agent communication ports on your firewall to allow external computers to report in.
  23. I had issue exporting to QRadar. After we upgraded the Security Management Center to 7.2.1266.0 Qradar could read the logs. So it was apparently a bug that got fixed in the newer Security Management Center. My settings.. Port 514, Syslog, TCP, Choose Verbosity, Export syslogs, LEEF format.
  24. Deleting recommendations doesn't help improve the product.
×
×
  • Create New...