Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Bill_Pacific

  1. Hello All, I am posting this here as I am not able to post in the false positive area. My SEO team contacted me today and had this removed from their systems by ESET Endpoint Antivirus 8.1 with the latest VSDB. I am wanting to exclude this from detection as I believe this is a false positive, I also know that the nature of this software is a bit odd so I can see why it was detected. Need to know if this is a false positive or not. I have 10 SEOs who are not able to do some work due to this. Detection Log below Dir: C:\Users\user.name\AppData\Local\ESET\ESET Security\Quarantine\ 0CA732EA2C31D33CDC96B4E39E814EA7249136F7.NDF "C:\Program Files (x86)\SeoTools for Excel\SeoToolsMaster64_packed.xll" "@NAME=MSIL/TrojanDropper.Agent.FGU@TYPE=Trojan@SUSP=mod" 27.08.2021 792576 bytes Also detecting in WebAccess Hash B34B273B4F3BD8E6EEF03FB51FF69EF978C149AB Name MSIL/TrojanDropper.Agent.FGU Detection Type Trojan Object type file Uniform Resource Identifier (URI) https://releases.seotoolsforexcel.com/SeoTools_v9.7.0.1_20210727.zip Process name C:\Program Files\Google\Chrome\Application\chrome.exe Scan Scanner HTTP filter Detection engine version 23865 (20210827) Current engine version 23865 (20210827)
  2. Hello All, Windows server 2016 upgrade from 8.0 to 8.1 ESET Protect This is more of an alert with a fix. I did the upgrade to ESET Protect yesterday and have spent a bit of time trying to figure out why I was getting a 404 error trying to access the webconsole after the upgrade. I tried running a repair install and that did not work either. After digging around I found this C:\Program Files\Apache Software Foundation\apache-tomcat-9.0.35\webapps\era.new I changed the name of the folder from 'era.new' to 'era' and it all worked. I did a lot of digging on the internet and did not find anything there either so I am hoping this will help other Admins.
  3. After installing office and logging everything in the errors returned. I will start a ticket with local support. Thank you @Marcos for the quick reply.
  4. Ok I did some web surfing and ran a full indepth scan and it is still just the single error now, so as I said the suggestion from Marcos above, it did help.
  5. That seemed to help. I only get one error after reboot now. 12/4/20, 10:00:00 AM Protoscan Proxy Agent Cannot read from socket: Software caused connection abort root I am running an indepth scan as I did yesterday to double check.
  6. I am testing the latest version of ESET for Mac as well as the new BigSur update. Current specs are ESET Security Management Center (Server), Version 7.2 (7.2.1278.0)ESET Security Management Center (Web Console), Version 7.2 ( ESET Endpoint antivirus for Mac 6.10.460.1 ESET Management Agent 7.2.3261.0 MacOS BigSur 11.0.1 MacBook Pro 2016 I am seeing in the Webconsole that the OS is not supported yet but I wanted to be sure that these errors are not something else. See errors below. The network is working fine on this machine. Also is there any release date for a compatible version of ESET with BigSur?
  7. So just removing the pointer to a "Initial static group" and the install goes through. Thanks again for all of your help. Issue has been resolved. Is this something the developers are looking at? Pointing to a specific static group is helpful for some functions.
  8. Thanks Marcos I was ESET staff about 5 years ago. lol. A few things have changed.
  9. So I found that if leave the default server to connect to as the fqdn it works. If I add an Ip address so systems outside of the network can connect it fails. So for now I have them connecting to the FQDN and a policy will change to the IP address for external connections
  10. Hello Martin and Marcos I have tested on a different system (same OS) and came up with the same errors. Not sure if I am setting something up wrong like the Mac or the script?
  11. Hello Martin Thanks again for your quick responses. I am going through the script and I am not seeing anything. I do see that a majority of the script seems to be encrypted though. I was hoping maybe you take a look at the script and tell me if you see anything. The password does not have any special characters. I am installing by right clicking and "run with" > terminal. I add the password after the download completes. I have been installing the same way for all of my Macs and this is the first time I hit an issue. I am wiping another Mac now and will test on that one once it is done. I am doing this incase there is a problem with the Mac Minor update that recently went through. Was hoping that would give me an answer to that. ESMCAgentInstaller.rar
  12. Hi Martin, Thank you both for your quick responses. I will dig through the script and let you know.
  13. Hello Marcos this is the only place I see base64 if test -n "$eraa_peer_cert_pwd" then echo " <key>PeerCertPassword</key><string>$eraa_peer_cert_pwd</string>" >> "$local_params_file" echo " <key>PeerCertPasswordIsBase64</key><string>yes</string>" >> "$local_params_file" fi I found b64 in a few places as well but not in the section following "eraa_policy_data=".
  14. Hello I am attempting to install the ESET Management Agent on a Mac v. 10.15.6. I have attempted several times and wiped/reinstalled the OS several times and still keep hitting an error. Not much could be found on the internet either. ESET Security Management Center (Server), Version 7.2 (7.2.1278.0)ESET Security Management Center (Web Console), Version 7.2 ( from the install command /Users/superman/Downloads/ESMCAgentInstaller.sh ; exit; ESET Management Agent live installer script. Copyright © 1992-2020 ESET, spol. s r.o. - All rights reserved. * Hostname: xx.xxx.xxx.xxx * Port: 2222 * Installer: hxxp://repository.eset.com/v1/com/eset/apps/business/era/agent/v7/7.2.3261.0/agent_macosx_x86_64.dmg Downloading installer image 'hxxp://repository.eset.com/v1/com/eset/apps/business/era/agent/v7/7.2.3261.0/agent_macosx_x86_64.dmg': % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 41.6M 100 41.6M 0 0 4905k 0 0:00:08 0:00:08 --:--:-- 6023k Checking integrity of of downloaded package /tmp/EraAgentOnlineInstaller.G1UTb62h: OK Mounting image '/tmp/EraAgentOnlineInstaller.G1UTb62h': Password: Checksumming Protective Master Boot Record (MBR : 0)… Protective Master Boot Record (MBR :: verified CRC32 $D9F87118 Checksumming GPT Header (Primary GPT Header : 1)… GPT Header (Primary GPT Header : 1): verified CRC32 $69571CD3 Checksumming GPT Partition Data (Primary GPT Table : 2)… GPT Partition Data (Primary GPT Tabl: verified CRC32 $D7122ADD Checksumming (Apple_Free : 3)… (Apple_Free : 3): verified CRC32 $00000000 Checksumming disk image (Apple_HFS : 4)… ............................................................................... disk image (Apple_HFS : 4): verified CRC32 $20E4C25C Checksumming (Apple_Free : 5)… (Apple_Free : 5): verified CRC32 $00000000 Checksumming GPT Partition Data (Backup GPT Table : 6)… GPT Partition Data (Backup GPT Table: verified CRC32 $D7122ADD Checksumming GPT Header (Backup GPT Header : 7)… GPT Header (Backup GPT Header : 7): verified CRC32 $B580693D verified CRC32 $92EFA1D6 /dev/disk2 GUID_partition_scheme /dev/disk2s1 Apple_HFS /private/tmp/EraAgentOnlineInstaller.3Se9o4WQ Installing package '/tmp/EraAgentOnlineInstaller.3Se9o4WQ/Agent-MacOSX-x86_64.pkg': installer: Package name is ESET Management Agent installer: Installing at base path / installer: The install failed. (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance. An error occurred while running scripts from the package “Agent-MacOSX-x86_64.pkg”.) Cleaning up: "disk2" ejected. [Process completed] from the EraAgentInstaller.log 2020-Sep-02 09:53:45 Information: installationcheck: Initialized logging to /tmp/erainstall.log 2020-Sep-02 09:53:45 Information: installationcheck: Output redirected to /tmp/erainstall.log 2020-Sep-02 09:53:45 Information: installationcheck: Created temporary directory /tmp/erainstall 2020-Sep-02 09:53:45 Information: installationcheck: Package path is '' 2020-Sep-02 09:53:45 Information: installationcheck: Default location is '' 2020-Sep-02 09:53:45 Information: installationcheck: Target volume is '' 2020-Sep-02 09:53:45 Information: installationcheck: Removed temporary directory /tmp/erainstall 2020-Sep-02 09:53:45 Information: installationcheck: Output redirection terminated 2020-Sep-02 09:53:45 Information: installationcheck: Moving installation log '/tmp/erainstall.log' to '/Users/superman/Library/Logs/Eset/RemoteAdministrator/EraAgentInstaller.log' 2020-09-02 09:53:47.N Information: Installer: ******************************************* 2020-09-02 09:53:47.N Information: Installer: Initialized log file: /Users/superman/Library/Logs/Eset/RemoteAdministrator/EraAgentInstaller.log 2020-09-02 09:53:47.N Information: Installer: Creating directories... 2020-09-02 09:53:47.N Information: Installer: Created 'config' directory: /Library/Application Support/com.eset.remoteadministrator.agent/ 2020-09-02 09:53:47.N Information: Installer: Created 'data' directory: /Library/Application Support/com.eset.remoteadministrator.agent// 2020-09-02 09:53:47.N Information: Installer: Created 'logs' directory: /Library/Application Support/com.eset.remoteadministrator.agent//Logs/ 2020-09-02 09:53:47.N Information: Installer: Created 'libs' directory: /Applications/ESET Remote Administrator Agent.app//Contents/MacOS/ 2020-09-02 09:53:47.N Information: Installer: Starting install sequence. 2020-09-02 09:53:47.N Information: Installer: Checking installed version ... /tmp/PKInstallSandbox.GUNiqL/Scripts/com.eset.remoteadministrator.agent.aW2hkB/postinstall: line 555: /Applications/ESET Remote Administrator Agent.app//Contents/Helpers/CustomActions: Argument list too long 2020-09-02 09:53:47.N Information: Installer: /tmp/PKInstallSandbox.GUNiqL/Scripts/com.eset.remoteadministrator.agent.aW2hkB/postinstall: 620: Error '126' occured while checking installed version 2020-09-02 09:53:47.N Information: Installer: Performing installation rollback Any assistance is appreciated Thanks, Bill
  • Create New...