bbraunstein

I've been successfully updating Agents and AV applications just by pushing a new task. The installation scripts test to see if a previous version exists. If one does, it changes to 'update' mode and preserves all the previous settings and certificates. I've done this process 100+ times and haven't had any errors or duplicate applications.

You are right. I checked my policies and found that they are set to standard cleaning. That would explain why trojans and viruses are deleted and PUAs remain. Thanks for clarifying the issue. Sorry for the strong post, I just thought things were not functioning like others.

I have this same issue. Many of my users run instances of VMWare or VirtualBox and it's super annoying that anything other than the primary IP is listed. It's rather confusing if I needed to diagnose a computer or if I was talking about it to my fellow Sys Admins.

I want to bump this up back to the top again. This is getting really annoying. I pushed out scans with cleaning to about 55 computers on Friday night. I come in this morning and the scans picked up a combined total of 451 threats on problematic computers, GREAT! But only 18 of them were cleaned/deleted... Now I have an unknown amount of infected computers with an unknown amount of infections on them and with no idea where to look on the computers. Is there something I'm missing? This is an anti-virus security program. I don't even know if these are real threats or just false positives. The scans and cleanings are failing to do what I need them to do, so why would I want to continue to use this product and recommend it other potential customers? Because of this, I want to roll back to ERA 5. Which is a shame, because I am really warming up to ERA 6 and its functionality.

I've been pushing out on-demand scans with cleaning to my users. Everything is completely under control with component upgrades of Server, Web Console, Agent, etc. But I feel like the performance of the scans just are not doing as well of a job as version 5. I'll have some computers report back to me with 75+ threats on their computers, but ESET is only telling me that about 20 were cleaned by deleting. I check into quarantine to see if there's more and, depending on the clients or what was found, maybe I'll see a handful more threats in quarantine. But that still leaves an additional 35+ threats that were not taken care of. ESET will now report there are unhandled active threats, but when I push out a follow up scan with cleaning, the scan reports back clean and the active threats notification still remain. Now I have SVP of Operations telling me I need to get these under control, but I really don't know what to tell her. I've mentioned it in other threads saying that the Threats need to be more verbose other than just saying PUA (Win32/Bundled.Toolbar.Ask.E). It would be a lot more helpful if we were given the path to the problematic file, (like the quarantine does!!). Is anyone else experiencing the same scenarios as me? I was hoping this was going to be fixed in the update, but I guess not. Maybe we can push this for the next update?

Like Jim said, it is helpful to click on the details of the error status. It will give you slightly more details on the content of the error. Especially the "subproduct" column which I sometimes found pointed exactly what the issue was. Also just to be clear, you are waiting the full time interval of the Agent-Server check-in? Sometimes in my environment, the Agent can update faster before some components kick in. My Agents check in at 10 minute intervals, so sometimes you may need to wait double the amount of time.

Okay, so big discovery incoming: Backstory: My company has three locations: I work in the HQ in one location, and there are two more located in two separate countries in the world. I was able to successfully deploy the Agent and AV upgrade to Windows clients in my location. Any local Linux or OSX computer failed during the deploy. Any computer, regardless of OS type, located in my two satellite location failed outright. Whenever a new computer without a FQDN, the hostname is just listed as its IP Address in the Web Console. I manually modify the name to something more descriptive, instead of its IP Address The logs were showing that the hostname could not be resolved for any of those problematic clients. I soon figured out that the reason the local Windows computers passed was because they were all registered in my domain. Local Linux & OSX, and remote computers failed because they are not added to the domain. . Examining how I could resolve this, I changed the name of the computers from *hostname* to whatever their IP Address is in the Web Console. I clicked on the device in the Web Console, selected Details, and simply modified the name. After this, the Agent Deploy worked successfully on all of the problematic computers. So I'm piecing together that in the backend, the Server is taking whatever value that is in the 'Name' field of the computer details and using that as its variable? Even if I manually modify the name of the computer, this value will be taken and parsed as the target. In other words, some psuedo-code of me trying to deploy to a Windows Computer: $_computer_name = potato $_target_host = $_computer_name mount -t cifs -o /tmp/some_random_string "\\$_target_host\$IPC" STDERR > Error: unable to resolve "target_host" And obviously it fails because 'potato' isn't a valid name. Now imagine this scenario with Linux and OSX computers that are not added to the domain. Now you can see why I need to manually change the names of each new device. I was able to resolve this by modifying the names of the computer from their descriptive names to their IP address in the Web Console. After doing this, all Agent Deploy tasks passed successfully.

Thanks Jim. This helped me resolve a couple of "problematic" remote clients.

I actually brought up this same point a few weeks ago. I believe I made a topic with the title, "Product Suggestion: More verbosity in logs", or something like that. How am I supposed to track down and handle virus threats if I don't know where they are or what they're coming from? Because of this, I accidentally wiped out my boss's metasploit on his computer. Sure, we laughed at it, but what if something important gets deleted from one of my developers or QAs? ERAC v5 had the path listed of the problematic file. If it was in a earlier version, then why is it not in the next release???

I'm having the exact same things on my CentOS 6.5 VM. Kind of frustrating that the Client Tasks work, but the Server tasks do not. If all these components are broken without a fix soon, I think I might as well just roll back the upgrade to 6.1.336.0. It's kind of insulting that these upgrades/updates are getting pushed out and BOTH Linux and Windows Admins are receiving the same errors.

So this is mainly meant to be a rant/compiled list of issues from a Linux Server standpoint. I did not use the OVA template to configure my server. I manually installed each component I wanted from hand. My server is installed on a CentOS 6.5 VM. Upgrade: Encountered difficulties during the upgrade process. Error: DbPrepareUpgrade: Statement execution failed. Error: [MySQL][ODBC 5.2(w) Driver][mysqld-5.6.22]Access denied; you need (at least one of) the SUPER privilege(s) for this operation. File: /tmp/tmp.RVIn5691tQ/setup/Database/MySQL/SetupScripts/1_prepare_setup.sql Resolved by logging into the MySQL server as root and entering: grant SUPER on *.* to era@'localhost' identified by 'some_pass'; ESET Remote Administrator Components Upgrade task cannot find the Server in the Reference Settings.I only have one server and it is the localhost. Server Tasks are broken, although Client tasks are fine.Agent Deploy, Static Group Sync, & Generate Report are grayed out/locked out with only the following error: Failed to load trigger types compatible with task types. Resolved: By upgrading the Web Console. Copy the new era.war file to /var/lib/tomcat6/webapps/ and overwrite the existing one. If there are more issues, and I would not be surprised if there are, I just haven't discovered it them yet. So as of now, the only remaining issue is the ESET RA Components Upgrade task not being able to reference itself in the settings pane.

Thanks rcraig! This solved my issue as well. Running a manually configured CentOS 6.5 VM.

Just providing my experience from a Linux standpoint. My environment is a manually configured, dedicated CentOS 6.5 VM: Yesterday I tried running the Server shell script without any parameters. The script knew to run in upgrade mode. I wound up getting hit with this error: Error: DbPrepareUpgrade: Statement execution failed. Error: [MySQL][ODBC 5.2(w) Driver][mysqld-5.6.22]Access denied; you need (at least one of) the SUPER privilege(s) for this operation. File: /tmp/tmp.RVIn5691tQ/setup/Database/MySQL/SetupScripts/1_prepare_setup.sql And then the server broke. Several times. I tried a bunch of troubleshooting methods, but then just reran the original Server installation script in repair mode and fixed everything. I'll just wait until you write up some documentation. I'm glad you guys are excited about pushing out your product, but the Dev team should have sat down with some QA's once or twice and prepared some documentation with it...

Any ideas on upgrading ERA Server components on a Linux server? Running CentOS 6.5 64-bit

Deploy Agent tasks are Server Tasks. You'll need to go to either Server Tasks > Agent Deployment or simply click on a client and choose Deploy Agent from the dropdown list. I tried upgrading an Agent to one of my sandbox computers but it failed due to "failure to synchronize package repository." Although, I don't know if that has to do with me NOT running version 6.1.128 yet. So I'm not going to think much about it.

Bump. Also interested in this as well. Although I would think the procedure is simple as sending a "Deploy Agent" task, but I don't want to assume.

First off, thanks to the ESET team for releasing a product that really works. I have a user that is reporting back with 700+ threats... ()) Only with quarantined objects can we see the path of the problematic file. All other threats just say what kind of threat it is without any indication where/what it is. One of my fellow Sys Admins had his installation of Metasploit deleted, but all I saw in my Console was "Java/Exploit-CVE-2011-0609.D". Afterwards, we created an exception and restored the install, but how can I better manage my network if I'm unable to see what the "threats" truly are. This also kind of stumps me as to why this feature is not available, since this available in ERAC 5.x. And one more minor (personal) annoyance: currently there are only 4 filter options in the Threats window: Cause, IPv4, IPv6, and Computer Name. While these are good filter settings, I'd also like to be able to filter only the threats that were NOT deleted. Perhaps a filter setting of "Action" to be able to specify which was cleaned, deleted, or nothing done.

It'd be neat to be able to export Reports into PDF or Excel format. I remember asking this for ERAS v5.x and was told that it was not supported. Is there some glimmer of hope on the horizon for better Report management? I usually like to wave the proof of problematic clients directly into the clients face

So I checked into what you said. Going through the "Repair" procedure showed all of my settings configured the way they should be (hostname, port, cert). Looking deeper into it, I checked into firewall settings to see if something was blocking any outbound communication. Lo and behold, the firewall wasn't even turned on in the first place! I checked the Network settings. Turns out the DNS server was misconfigured on her machine. I fixed it and the Agent checked in with the Server right away.

Glad to hear that Marcos. Any idea of an ETA when that build will be released?

So I decided to see if I could get rid of the "OS out of date" warnings by installing all the optional updates on a sandbox machine. The updates completed and I did a restart. I did a force check for updates to see if there was anything more and there were no further updates. I waited for the Agent to sync up and talk to the server and the warning was still there ! (╯°□°）╯︵ ┻━┻

Maybe about 80% of my 60 clients are all reporting some form of warning or error such as, "OS is not up to date" or "Restart required" or "Windows Security Center does not see this product as installed or functioning properly: Firewall" I have a specially modified Firewall policy set up on all of my client computers. Because of this, Windows is freaking out that the Firewall settings are not the recommended ones. Even if I disable these notifications on the clients, the Agent/Web Console is still bugging me about it. I also have tons of clients with "OS out of date" warning. I've remotely pushed OS updates AND I even hounded my users to perform updates too. The warning does NOT go away, even though Windows (and the App Store) cannot find more updates to download. I think this is because the optional updates are not being downloaded. My entire screen is filled with red and yellow rows. This is inconvenient and makes it difficult to really assess the critical warnings from just a simple warning. TL;DR: There should be a way to suppress or ignore warnings on clients.

bump. Anyone?

Bump. I totally agree. I wanted to send a task out to about 50% of my clients, which vary in OS version and location, but I had to select them all individually. I'm also running ERA6 on Linux (CentOS 6.5).

I believe I read on another comment in a different thread that if you select a client and then click on "Send Wake-up Call", it will force the client to check in with the server. Although, I do not know if it's merely updating its own information or if it performs policy/config syncs. Just be aware, sending Wake-Up Calls through the Web Console is performed by the server sending out a broadcast on the network. So it should only work if your infrastructure supports it.