bbraunstein

Do you still have Windows Defender enabled and running ? Often, when there are two (or more) instances of running AV, it can cause some issues. hxxp://windows.microsoft.com/en-us/windows/turn-windows-defender-on-off#turn-windows-defender-on-off=windows-7 Disable it, restart, and then check what is reporting.

When I originally set up my AV infrastructure, I deployed to all my clients manually by IP address. After some time and tweaking, I configured AD sync and have a subgroup of all the domain computers on my network. The computers in that subgroup are listed as Agentless, even though the computers had the Agents deployed via IP. The one Agentless group is listed as computer-name.domain.com and the current connected devices were all deployed via IP. I had to manually update the names of those clients from IP to their hostname. All of the computers connect and report to the ERAS without issue, but it would be nice if I could merge the devices without losing all the task history and past threats. I tried redeploying the Agent to one of the agentless devices, but a conflict prompt comes up with a duplicity warning.

I just want to follow up on my previous post. I originally said it affected only my clients that have OS X 10.11, but I'm having users with 10.10 installed that are affected as well.

I understand the desire to push out a production ready release, especially when the previous versions haven't received a lot of positive feedback, but there are a number of issues that should be addressed. Maybe I'm in the minority here, but I feel like these major releases involve way too many features at once. They draw attention away from the preexisting issues in the earlier versions by drowning them out with a massive, shiny changelog. Unless their QA game has been stepped up, there's too much fluff added in which makes the major releases bigger, postponed further back, and at risk for yet more bugs that would be harder to localize and resolve. What I want, as an ESET consumer, getting this product back on track on a level where it functions as it should be. Then, once that's completed, let's add the cool and fun stuff. ERA 6 has completely overhauled how the entire system works and there are a number of outstanding issues that have yet to be resolved. First we heard beginning of December, then we are told mid-January, and now this response: tells me that there's no nearby foreseeable release date. I'm not trying to kick and scream here, if that's how you're reading this, just venting some thoughts and frustrations. I work alongside Developers and Project Managers and I know what the divide of 'what can be done vs. what is wanted to get done' is like. Plus, there are a large number of us who feel the Support team (both forum and business support) is distant and unhelpful, which doesn't help our perspective of the company either. Not answering gives the impression that ESET doesn't know or doesn't care or both. With the previous releases, there are long periods of months that went by with no talk or information of upcoming releases. I've felt in the past that issues that came about in the product were sometimes met with a response, "it will get fixed in the next update" and then nothing more is said. You know what would be cool? Transparency. I think it would be really awesome if there was more communication to the consumers about upcoming updates and features. Many big software companies usually host a blog of some sort where they post their updates there. Anyone hear of the video game Kerbal Space Program by the Dev team Squad? They host a 'Dev Note Tuesday' on their blog where each developer posts about the project their working on. If I could see (and interact) more directly on the the issues and features they're working on, I'd be a lot less anxious and bitchy for an update. Let us know what's being fixed, what's being added, and what sort of timeline is being looked at, it would be a lot more informative for the public. I digress and this is extremely long winded, so I'll end it here. TL;DR: (╯°□°)╯︵ ┻━┻, more info is cool, m'kay?

@Marcos, @TomasP, @Timos, @MartinK anything... ?

So I spent some time researching and learned that 10.11 has this new thing implemented called "System Integrity Protection", which essentially puts restrictions on root and limits which system-level directories can be modified. Disabling SIP is super easy (Boot into Recovery Mode and run 'csrutil disable'), however there were no changes. I tried restarting, reinstalling both AV and Agent, but no changes either. I've also tried removing cache, deleting cookies, disabling Prefetching, using alternate browsers, flushing DNS, and more. I don't want to point fingers, but it seems no matter what I do, once I disable Web Access Protection, I can hit all the websites I want. In this case, one of the problematic sites is codepen.io. And yes, I also checked my implemented policies in ERAS and there is nothing enabled that would blacklist this particular website.

I'm having this issue on a handful of my OS X clients. It seems to only affect computers with OS X 10.11. I have ESET Endpoint Antivirus (EEA) 6.1.12.0 and ERA Agent 6.2.166.0 installed on these clients. For some reason, on one computer, I was able to resolve by disable Web Access Protection, however on another, the issue still persists. Disabling the esets_proxy daemon seems to kind of resolve it for now but I need a more stable fix. Has any progress been made on this? It's been two months since the last ESET mod followed up.

Thanks for the fast response. You are correct, I am using 6.5, but I am not using the ERA Appliance. I installed and configured the components by hand using the .iso. Hence, my difficulty locating the 4.8 Qt4 libraries...

Hey, @MartinK, I've been trying to resolve an issue with PDF report generation on my CentOS ERAS. According to the Installation docs: " Qt4 WebKit libraries - Used for printing reports to PDF and PS format (must be version 4.8, not 5). All other Qt4 dependencies will be installed automatically. NOTE: In the case of CentOS, there may be no package in the official repositories. You can install it from a third-party repository (for example EPEL repositories) or compile it yourself on a target machine. " However, I've been having a really hard time hunt down the Qt4 WebKit libraries that are compatible. I've added the EPEL repositories but the only installed version I have is 2.1. At most, I've managed to tweak the libraries by hand to successfully perform .CSV generation, but PDF and PS formats fail every time. Do you have an unofficial "ESET-supported" third-party rpm I can pull from ?

Hey BrentVIP, My ERAS is on a CentOS 6.5 server. I have a number of Linux and OS X clients and some of them suddenly stop reporting. Here's what I usually do: ps aux | grep eset Are all your eset components running ? Most importantly, is ERAAgent running? If it isn't, run service eraagent restart . (Sometimes I find it helpful to have another terminal with tail -f /var/log/eset/RemoteAdministrator/Agent/trace.log to observe the behavior as it kickstarts. netstat -a | grep <eras server hostname> Is there an established connection to your ERAS server? Do you have open sockets ? Sometimes it is helpful to run the built in DiagnosticAgent tool to snapshot information and logs on the Agent. This is found in /opt/eset/RemoteAdministrator/Agent/ Frequently I see the local SQLite database will break so I'll rerun the Agent installation to repair. This may not be the case with you since you've already reinistalled the Agent. If you give a little more info/background on what you find, I can probably give a hand. There's also a couple of other Linux Admins on this forum who can probably jump in.

Anddddddd the Windows repo is back up. No notice that it was back or any explanation why it was gone. Solid support, guys. A+

BUMP. No word on this? Nearly 24 hours later and windows repository is still inaccessible to me. Can anyone else confirm ?

I am still running ERA Server 6.1.530. Deploying Windows EEA & EES products still function normally via Remote Push Install tasks.

I'm trying to deploy ERA 6.2.2021.0 to a new Windows laptop I just received but the Package Repository is not found. The Windows package does not show up in the list and I am unable to hit the repository link manually either. The same was also for generating Live Agent Installers too: no option for generating a Windows Agent installer. Is this a mistake or did ESET intentionally remove this package? Luckily I keep backups of the Live Installers on hand to deploy to this machine. See the below screenshots.

Or you can use the .dll that rekun posted above too.

Hey CMS, This is a known issue with ERA Agent 6.2, see here: https://forum.eset.com/topic/5935-era-agent-62110-causing-computers-to-freeze/ There's a hotfix available that you can push out, but it's not available via Windows Update. You'll need to roll it out using a GPO or install manually on each machine if you do not have a domain.

After speaking to one of the Engineers at ESET, he told me that the Dev team is currently working out the kinks for 6.3 and it should be released within the first two weeks of December. I still have not upgraded to 6.2 yet and he also casually mentioned that from "looking at the changelogs, it would be worth waiting for 6.3" and that there are significant changes. No official release date is planned, but I think we can all be on the lookout for a newer version in the next 2-3 weeks.

I have devices that do this. It doesn't really impact my work or reporting, but it is kind of annoying. I only have this on OS X devices running 10.11.1 (El Capitan) and version 6.1.16 of EEA and 6.2.166 of ERA. I only have three OS X devices that upgraded to El Capitan and it only affects these three devices. Older versions of OS X report fine and it does not affect Windows or Linux at all either.

Hey, @j-gray. I asked your question to the Engineering team and he only gave me one option: create a Windows or Linux VM on those networks and install RDS on there. Currently, there does not exist any support for searching unmanaged devices across subnets. The only way to pull in devices to your ERAS without the use of a RDS is if all the devices were part of a domain and AD Sync was enabled. These options seem rather simple to implement, but given your varied and large intranet, I can see why you couldn't use these approaches. I asked if there was anything in the pipeline for OS X support and he was not able to give me an answer. According to my conversation with him: " We don't really have a specific project plan in place. We're basically releasing upgrades bit by bit and playing the development by ear according to Clients' feelings" I wish I was making that up.

30 minute heads up guys. Anything you want me to escalate to the Engineering team?

I misread the title and thought it was a newer version of ERA I was halfway through downloading the all_in_one.iso before I realized the changelog didn't look any different... Good luck on the upgrade dlaporte.

No problem, @j-gray. I'm meeting with them tomorrow at 3PM EST. So if I don't update following, you'll probably hear from me on Monday.

I'm meeting with a Sales Engineer. Is there anything in particular you guys would like me to ask? I will follow back on this thread with the responses.

I've arraigned a meeting/training with some team members from ESET. I have a handful of my own questions that I want to ask, but I figured I'd reach out to you guys and see if there's anything in particular you'd like to know. I'm not sure if I'm meeting with an Engineer or just someone else higher up in Support, but I'll update once I find out. So, if you were meeting team members from ESET, what kind of questions would you ask?

You don't really provide a lot of information. What are you deploying on vSphere, VMWare, Hyper-V, Virtualbox? Because if you followed the link I sent, you will see that it provides assistance on how to deploy the ERA Appliance to any of the listed hosts. It also lists on how to configure the MDM Appliance after you've deployed the ERA Appliance to any of the listed hosts. Where are you stuck?