tbsky
-
Posts
231 -
Joined
-
Last visited
-
Days Won
3
Posts posted by tbsky
-
-
28 minutes ago, Nightowl said:
v7 has been developed without a user interface , it can be managed through your ESMC or by the commands in terminal only
v4 is based on a legacy version , which had few troubles with Chrome with version 4.093 , now it got fixed in version v4.095
I have tried to run v7 but it failed to run for some reason and I have yet to contact support for assistance , but I think for now I will head back to 95.
thanks a lot for your sharing!!
so v7 didn't have xwindow gui (then what's the egui for?), but v4 has xwindow gui. is that correct?
I need to use a version with xwindow gui, then I think I will use V4.
-
Hi:
one of our staff need to install linux version(at RHEL 7.7), so I tried to install and testing. but I need some clarify. the linux environment is RHEL 7.7.
1. linux file security => this works fine, I can create web service and use browser to manage it. but it seems have no xwindow user interface, is that correct?
2. endpoint antivirus linux 7.x => there seems have no web service for browser. I didn't see any gnome icon and I don't know where to start xwindow gui interface(is there any?). I try to run "/opt/eset/eea/lib/egui" but it just hang there and nothing happened.
3. business edition 4.x => I haven't try it. it seems an old version. should I try it?
-
4 hours ago, MichalJ said:
Thanks for the information. I will report this to my colleagues.
What you can use as a workaround is to apply a policy to a reference static group (group all) or the group, where the machine would report after being connected first time to ESMC server. Policy will be applied after first replication, so basically the same result will be achieved.
the all-in-one installer with policy is for staffs who can not connect ESMC server temporary (out of office). but as you said, the policy is not very important. the policy will be applied when they connect ESMC server.the automatic activation is important since they can not connect ESMC at the beginning. so the current situation is acceptable.
-
6 hours ago, MichalJ said:
Hello @tbsky, just to double check. Do you talk about the password to protect Endpoint from being uninstalled / from local users to access settings, or some other password (update one?).
Also, can you please state the :
- Version of your ESMC server / ESMC console and its platform (Linux / Windows)
- Version of the Endpoint that you are trying to install / activate
yes the policy is about protect Endpoint/Agent from being uninstalled.
1. ESMC 7.1 at RHEL 7.7
2. I tried several 7.x version(endpoint antivirus) but none can be activated if I apply endpoint or agent policy.
-
53 minutes ago, MichalJ said:
And if you apply policy with other settings than the password, does the problem still persist?
I try other settings and it seems fine. could you try password settings both for client and agent to see if it is the root cause? it seems the root cause for my server.
-
50 minutes ago, MichalJ said:
Hello, we have verified this by our QA, and no such behavior was detected. What are the settings you set by policy? Maybe, that can be the root cause, but without more information, we won´t be able to provide further assistance.
only client password for endpoint and agent. I didn't try other settings. maybe I will try other settings later to see if this is the root cause. if I apply client or agent or both then the installer can not be activated.
-
4 hours ago, MartinK said:
This is most probably issue of ESMC 7.1 which is offering this language even it should not. My best guess is that Japan variant was not yet "released" in this version, as it is normally released with delay. Unfortunately i cannot verify now but there will be either specific version for JPN 7.2.2055.X or only previous versions will be available in JPN language.
thanks a lot for your confirm. I try previous version "7.1.2064.0" but still failed. so I guess all Japanese versions are special.
this is the first time I need Japanese version. is there any workaround so I can make all-in-one Japanese version?
and if I remember correctly, the endpoint package I downloaded from eset website like "eea_nt64.msi" seems universal language. why all-in-one installer has different language?
-
Hi:
I try to pick some other languages like English,Chinese,Russian,Indonesian, all these can be downloaded. it seems only Japanese is effected. is it the eset server problem?
-
hi:
I try to create all-in-one installer and select japanese language as attached.
but when I want to download the package, it shows the package is not in repository as attached.
-
hi:
I try to create endpoint antivirus all-in-one-installer which can activate automatically. after try and error, I found if I include endpoint policy or agent policy with the installer, then the installation can not activate. only installer without any policy can activate automatically.
is this a known issue or I miss something important?
-
11 hours ago, MartinK said:
My best guess is there is a new (braking) functionality added into MySQL which is triggered in case both DB and driver to support it. In case of users with MySQL8 server, reverting ODBC driver helped. We will have to re-check users with older MySQL servers but it will probably end up in a state where only specific combinations that are confirmed to work will be listed as supported.
today the product list is missing again. according to your hint, I think maybe something changed at the server, so ESMC is effected.
1. downgrade mysql 5.7.29 to 5.28 => useless
2. downgrade mysql-connector-odbc 8.0.19 to 8.0.18 => useless, this makes me sad
3. upgrade all mysql component => useless
4. downgrade all mysql component => useless, this makes me panic
5. upgrade all mysql component, downgrade mysql-connector-odbc => useless
6. upgrade all, downgrade all, then upgrade mysql-connector-odbc => product list shows up again!!
somthing happened at the upgrade/downgrade procedure. if that "something" didn't happen, then old mysql + old odbc won't cure it.
now I downgrade to Mysql 5.7.28 + mysql-connector-odbc 8.0.18. my other ESMC servers are using these versions and the product list seems always fine.
-
1 hour ago, MartinK said:
If I recall correctly, problem will most probably arise once content of ESET repository is updated. Regardless of that, it seems there is a problem / incompatibility with latest drives and we will have to analyze whether there is at least workaround, which is not known for now. That is why recommended solution for now is to downgrade to older ODBC drivers that seems to work. Also documentation is supposed to be updated in upcoming days as it was prepared some time ago.
but downgrade odbc driver didn't work for me. downgrade MySQL works. although I can not reproduce it. waiting for documentations about this issue. thanks a lot for your help!
-
1 hour ago, MartinK said:
We have been recently notified of similar issue in case of latest MySQL8 ODBC driver or MySQL8 was used. Could you clarify whether this might be the reason?
according to your hint. I do some tests below:
1. downgrade mysql-connector-odbc-8.0.19 to mysql-connector-odbc-8.0.18 and reboot => useless, no correct product list.
2. downgrade MySQL 5.7.29 to MySQL 5.7.28 and reboot => bingo! the product list shows up again!!
3. upgrade to mysql-connector-odbc-8.0.19 and MySQL 5.7.29 and reboot => sadly, the product list still shows, can not reproduce.
4. create all-in-one installer and delete it => sadly, the product list still shows, can not reproduce.
so the problem seems related to MySQL, since I downgrade it and reboot then it is fixed.
but I can not reproduce it now. hope you can find the root cause and fix it.
-
23 minutes ago, MartinK said:
We have been recently notified of similar issue in case of latest MySQL8 ODBC driver or MySQL8 was used. Could you clarify whether this might be the reason?
I am using MySQL 5.7 with mysql-connector-odbc-8.0.19-1 under rhel 7.7. is there any work-around of the issue. I had setup several esmc server, but this is the first time I delete and recreate the all-in-one installer.
-
Hi:
I just install a new ESMC 7.1 server and create all-in-one installer to deploy. after testing, I found it didn't activate automatically. so I think maybe something wrong. I delete the installer and create a new one. then I am surprised that I can't find the product (endpoint antivirus) any more. only some products I don't need show at the list ( as attached). how can I refresh the product list so I can find the product I need?
-
13 hours ago, tbsky said:
Hi:
I need to uninstall endpoint v6 then install v7 to get rid of the v6 policy inheritance . I wonder what's the best command line to use in script. after searching the forum, I found the command is
MSIEXEC /uninstall X:\ESET\eea_nt64_enu.msi /qb REBOOT="ReallySuppress" PASSWORD="password"
I don't have v6 msi now. can I use v7 msi file to remove v6? is there better command to use without using the msi file?
thanks a lot for help!
just give it a try and the answer is no. you can not uninstall v6 with v7 msi files.
so what's is the correct command to remove v6 without v6 msi files?
-
Hi:
I need to uninstall endpoint v6 then install v7 to get rid of the v6 policy inheritance . I wonder what's the best command line to use in script. after searching the forum, I found the command is
MSIEXEC /uninstall X:\ESET\eea_nt64_enu.msi /qb REBOOT="ReallySuppress" PASSWORD="password"
I don't have v6 msi now. can I use v7 msi file to remove v6? is there better command to use without using the msi file?
thanks a lot for help!
-
18 minutes ago, Marcos said:
It's not possible to stop receiving new malware by email. You'd need to change your email address and use it only in communication with persons who will never get infected.
I don't know if you have heard about the virus of my case. one of our business partner was infected by some kind of malware. all the outlook email content and contacts are stolen. someone use the email content and contact address to attach the virus. they only send to specific email address in the contact, so the general email RBL won't block the infected mail server ip address soon.
and they change the virus file every day. very annoying.
-
18 hours ago, Marcos said:
Yes but it won't help in case of malicious documents. There's not much sense in using delayed updates. ESET is known for having least false positives and the risk of getting infected by new malware is much bigger that the chance of encountering a serious FP with regular updates.
For bigger clients we also offer an additional service ESET Dynamic Threat Defense which analyzes suspicious files in a cloud sandbox environment, provides the result back to the client and shares the result with other machines in the organization. For instance, EDTD enables ESET Mail Security on MS Exchange server to hold emails with suspicious attachments for a while until the attachment is evaluated by EDTD and then the appropriate action is taken on the attachment or email.
indeed ESET have very few false positives. that's what I love most. you can prevent new malware by good human behavior, but you can not prevent the damage from false positive. in fact I had zero false positive since I use delayed update. I am very satisfied with the setting.
In my current case I don't think regular update will help. since both livegrid and virustotal won't detect it. only Macfee and sometime Microsoft can detect the virus at the beginning. Microsoft is know to have high FP, I don't know about Macfee. but it detect the virus every time from virustotal engine.
you said "it won't help in case of malicious documents". do you mean livegrid didn't detect document, only local virus signature will do the work?
PS: as usual, virus from yesterday is detected by nod32 now. but today we still get new viruses, and they will be detected tomorrow. I don't know when will this stopped...
-
Hi:
I use delayed update for maximum stability. but start from last week we are attacked by some kind of phishing mails. it includes a word doc virus about invoice, and that doc file changed every day. nod32 normally detect it after one day. livegrid doesn't detect it. upload the file to "virustotal" for scan, their nod32 engine also can not detect it (but will detect it tomorrow). I wonder if the "delayed update" can co-work with livegrid?
-
On 12/3/2019 at 5:43 AM, MartinK said:
Could you please provide screenshot of password related configuration parameters in policy? Not sure what could be wrong, but reverting to defaults might be little tricky.
Also be aware that once policy no longer applies specific setting, it is reverted to previous values, but this mechanisms was introduced in 7+ versions of endpoint, so it might not work as expected in case settings were changed before upgrade to 7, i.e. in case policy was applied during 6.5 installation, even 7+ version won't be able to revert into state before original policy was applied.
Maybe configuration like this:
will helps, where "apply" indicator even next to disabled legacy setting is crucial. Unfortunately I had no chance to test it: also be aware this policy won;t make sense only for 7+ endpoints.
maybe set both 6.x and 7.x password would help, I haven't try. but I will upgrade all client to 7.x, so the policy would be strange at that time. and if someone remove the strange 6.x policy one day, the same behavior may come back.
your information is valuable: "it might not work as expected in case settings were changed before upgrade to 7".
so to prevent all these strange policy problem, I think I should uninstall all the 6.x before upgrade. I need to study how to do it.
but may I ask again last time:
is there any method to reset default policy for endpoint 7.2 without uninstall ?
-
2 minutes ago, Rami said:
They probably should come with a reply , sometimes they answer a little bit late , but an answer will come for sure , if you need an urgent answer , you can contact your local ESET support , they can assist you.
unfortunately our local ESET support can only answer general questions. when I already RTFM , I can only ask for support in the forum.
-
34 minutes ago, Rami said:
I believe you can make a default policy from the ESMC and apply it to all computers , but I don't know if that fixes your password problem , I believe I will leave that to someone from ESET Staff Team that works with Endpoints.
according to Endpoint 7.2 document, there should be a different way for policy. although I don't know what it is yet. still waitng for someone answering the forum question.
-
21 hours ago, Rami said:
It's not possible to remove the password through a policy change and then apply password for 7 ?
howto do that? I didn't set password 6.x style policy. I only set password 7.x style policy. and client shows about now password settings get improvement every time.
in fact, I want to reset all settings to 7.2 default without uninstall. is that possible?
Linux version clarify
in ESET Endpoint Products
Posted
I am a little confused. if v7 can only be controlled by ESMC, then how a normal user can use it without xwindow/web gui?