tbsky
-
Posts
231 -
Joined
-
Last visited
-
Days Won
3
Posts posted by tbsky
-
-
I don't know how Eset use these certificates. I assume the "Agent certificate" was used by agent installation, so I try to export it from 3 servers:
1. oldest server: 2048 bit rsa with sha1 signature => win7 accept it.
2. server last year (eset-protect 9.0) : 2048 bit rsa with sha256 signature => win7 accept it.
3. server last month(eset-protect 9.1): 3072 bit rsa with sha256 signature => win7 refuse it.
so "3072 bit" seems hit the problem. how can I make win7/eset agent accept it? I already installed a hundred win10 machines with the certificate. I don't want to reinstall these win10 to use a new certificate if possible.
-
Hi:
the log didn't said the reason. but after simplify the procedure, I found the problem seems related to the certificate. the brand new eset-protect 9.1 will create many certificate automatically during installation. and windows 7 seems didn't like it.
I test it on a full-patched win 7. if I click the agent-x64.msi and doing a server assisted installation, it will complain about the certificate when I click "accept certificate?" (see attached picture). on the other hand, if I change the server to another upgraded eset-protect 9.1 (so the certificate was created several years ago), then the assisted installation works fine.
-
sorry there is another ip address:
> host download.eset.com
download.eset.com is an alias for download.gtm.eset.com.
download.gtm.eset.com is an alias for eset-dlm-cdn.azureedge.net.
eset-dlm-cdn.azureedge.net is an alias for eset-dlm-cdn.afd.azureedge.net.
eset-dlm-cdn.afd.azureedge.net is an alias for star-azureedge-prod.trafficmanager.net.
star-azureedge-prod.trafficmanager.net is an alias for dual.part-0011.t-0009.t-msedge.net.
dual.part-0011.t-0009.t-msedge.net is an alias for part-0011.t-0009.t-msedge.net.
part-0011.t-0009.t-msedge.net has address 13.107.213.39
part-0011.t-0009.t-msedge.net has address 13.107.246.39
part-0011.t-0009.t-msedge.net has IPv6 address 2620:1ec:46::39
part-0011.t-0009.t-msedge.net has IPv6 address 2620:1ec:bdf::39 -
maybe there many servers. the server I use is:
> ping download.eset.com
PING part-0011.t-0009.t-msedge.net (13.107.213.39) 56(84) bytes of data.> openssl s_client -connect download.eset.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte RSA CA 2018
verify return:1
depth=0 CN = download.eset.com
verify error:num=10:certificate has expired
notAfter=Jul 29 23:59:59 2022 GMT
verify return:1
depth=0 CN = download.eset.com
notAfter=Jul 29 23:59:59 2022 GMT
verify return:1 -
hi:
I want to download eset product. but browser shows download.eset.com certificate expired
certificate Validity Not Before: Jun 28 00:00:00 2021 GMTNot After: Jul 29 23:59:59 2022 GMT -
5 hours ago, Marcos said:
Since this is a very specific issue requiring deeper investigation and further logs, please open a support ticket.
May I ask what's the location of installation log? I think maybe there are some hints for what happened..
-
Hi:
I create agent+eav all-in-one installer at eset-protect 9.1.2301.0. but the package can not install at win7 (agent install error 1603).
but when I try create the same package (same agent version, same eav version) at another host (same 9.1.2301.0 version). the package installed fine at the same win7 machine.
the two host are different OS (rhel 9.0 vs rhel 8.6) and different java version (java 11 vs java 1.8). what debug/log message should I check to find out the reason?
-
1 hour ago, Marcos said:
JAVA 11 LTS is supported until September 2026. I am pretty sure eset-protect 9.1 won't be supported at that time. so please don't mark the component as outdated when its life is longer then the eset product itself. it is very strange.
-
53 minutes ago, Marcos said:
No, it's not possible to disable it since the warning doesn't come from the product itself but from a module.
that's too bad. it means currently endpoint 8.0 warning is out of control although is it still usable until November. as an administrator I know when is the good time to upgrade the product. maybe this time the mistake can not be recovered. I really hope next time Eset won't make false alarm to our users.
-
Hi:
some of our users are using endpoint 8.0. we plan to upgrade them when 9.1 is mature. but users complained that eset give red alarm about the 8.0 product will be outdated at 2022 November. I check the default notification policy and the "Product Outdated" showing is disabled. is there other policy to disable the red alarm? or I need to force the default policy to make it work? attach the default policy picture.
-
23 hours ago, Marcos said:
Hard to say without further investigation and possibly reproducing it by developers. Please open a support ticket.
Hi:
I tried to change the policy to block read/write, and this time Eset can prevent writing. that's good.
I change back to block write, then program can write normally. (windows still can not do format).
how can I open a support ticket?
-
Hi:
today I want to test device control under windows. my version is endpoint 9.0.2032.6. I set a "usb read only policy". policy applied and I reboot the pc.
I input a sd card to usb card reader, windows hint me that I need to "format the card", and Eset hint me that usb is read only. I told windows to format the card, windows told me permission denied. that's good.
than I try to use sd card write tool like sdimager to write data directly to sd card. Eset hint me that usb is read only. but the tool still write data to sd card correctly. that's not good.
is the behavior expetcted? it seems Eset device control can only control basic windows operations but not other programs.
-
On 10/15/2021 at 11:12 PM, Marcos said:
No. We provide updates only to the latest stable builds, ie. in this case to v8.1.2037.
that's strange. according to your words, v8.1.2031 at August is the latest stable build and released over a month, so it should have PCU. it seems there is "standard" release and "LTS" release. maybe for some reason ESET doesn't want to tag the life of each release. but it is a useful information for most users.
-
19 hours ago, Panagiotis Karaberis said:
BUT nevertheless, I create a new rule on my firewall (I'm using WatchGuard M470), allowing access to all *.eset.com and *.e5.sk servers, ONLY on those specific ports (TCP & UDP 53535), and by a magic way, everything was working again !
so you mean if you block Eset client to Eset servers (except port 53535), then it will work fine? that's interesting.
-
On 9/2/2021 at 4:26 AM, Marcos said:
I would add that we're going to release a service build of Endpoint 8.1 in 1-2 weeks. It will address all issues known to date, including the one when activation using an offline license file works only locally.
great news. hope we can enjoy Eset like air without feeling it soon.
-
On 8/5/2021 at 2:26 PM, Marcos said:
This will be added in the next version of EEA. Currently an on-demand scan can be launched either from terminal or from ESET PROTECT.
this is really a good news for us. although we use eset protect to manage the workstation, we can not afford that every single command can only be triggered via administrator. there should be things which belong to users. we administrator only want to do policy works. I don't mind to wait for 1 year or even 2 years. just hope that endpoint linux can be a real usable product.
-
On 8/30/2021 at 11:59 PM, baran said:
i have 300 clients in eset console,
My offline license type is endpoint security.
I have 350 offline licenses, of which only 300 are active clients.
The new installation I am doing does not accept the license. Why?
maybe you are using version 8.1? check the forum you can find similar problems with 8.1.
it seems a version strategy. this time version 8.0 is very smooth and little things changed. in fact I think it should be named version 7.9.
in contrast version 8.1 changes a lot of things so it should be named version 8.0. and we all know that we don't use X.0 software.
we are still waiting real version 8.1.
-
1 hour ago, Marcos said:
Please provide the appropriate record from the Detection log or logs collected with ESET Log Collector.
sorry I don't have time to do it now. I try firefox and chrome to download 32bit/64bit all-in-one installers . result is the same.
but if I move the file from quarantine to outside and let eset to scan the file, it reports the file is clean.
if the problem is still there after a few days, I will use ESET Log Collector and report.
-
hi:
I am using a win10 with EAV 8.0.8028.0. I try to create a new all-in-one installer for EAV 8.0.8028.0 for our new customer. I am surprised that Eset detect the all-in-one install as "Blocked object" and quarntine it.
-
On 3/19/2021 at 3:57 PM, MichalJ said:
Hello, ESET Endpoint Antivirus 7/8 for Linux do have a local user interface, however it is intended to be "managed", meaning controlled via the console, so interface gives access only to a limited set of information, as listed here: https://help.eset.com/eeau/8/en-US/?gui.html. Now, with ESET PROTECT Cloud being available, we do not see a valid reason to provide a full blown UI for the end users.
Hi:
it may work in an ideal environment which all the PCs are management centralized. but sometimes it is not the situation.
some of our customers sell specialized linux pc controllers to manage bigger machines. they have been asked to install anti-virus software before shipping to prove the system is safe. normally the machines work in a closed network. but they still require anti-virus software for the second/third defense although the virus-database may not update frequently. ESET is our friend for the situation. hope the V4 virus-db can still be maintained after 2021-August.
-
20 hours ago, MartinK said:
If I recall correctly, there are some issues with newer connectors on Linux - so it is possible that those version do actually work on Windows platforms.
Problem with linux variants is way how ODBC connectors are built, which conflicts with EP application itself.Oh. never thought about windows. I always use linux to host ERA since v6. in fact it is one of the reason I encourage our customers to migrate to ESET endpoint. it is a good thing that ESET can take care about linux environment.
BTW, it is not so good that ESET abandoned desktop gui linux version since V4. many of our customers need it. we need to find a replacement for it now.
-
Hi:
I was using mysql-connector-odbc 8.0.18 with ESMC/Protect at one server over 1 year. I didn't encounter strange things like previous ESMC versions. maybe I am lucky or maybe newer versions of ESMC/Protect fix something.
could you re-test newer version of mysql-connector-odbc? I think we should not stay at mysql-connector-odbc 8.0.17 forever as document said.
-
Hi:
ERA->ESMC->Eset Protect. maybe we should change back to the simplest ERA name.
it's not a good sign. please don't play stupid name-changing games like microsoft windows/office
-
20 minutes ago, Marcos said:
1, You can send an ESMC component upgrade task to all machines. Those with an up-to-date agent will not download it and install it again.
2, When creating a sw install task, do not use the repository but choose "Install by direct package url" and point it to the msi installer that would be shared for users. The msi is multi-lingual so it should install the same language version as the already installed one. I'd recommend trying it on 2-3 clients with different lang. versions first.
thanks a lot for the hint! although it seems strange that I need to put the msi file to some other place to make it work. I think I need sperarate 32bit/64bit versions right? what will happen when 7.3.2039.1(Japanese version) get upgrade task to 7.3.2041? I want to make sure before doing these kind of upgrade...
all-in-one-installer failed at win7
in ESET PROTECT On-prem (Remote Management)
Posted
If I double-click the exported 3072 bits certificate at win7 and try to import it, it will show "password incorrect" and can not continue.
at win10 double-click the 3072 bit certificate and there is no problem to import it.