tbsky
-
Posts
231 -
Joined
-
Last visited
-
Days Won
3
Posts posted by tbsky
-
-
On 11/26/2019 at 6:30 PM, MichalJ said:
I will ask our QA department to verify this behavior, as it´s meant to work in a way that when you remove the particular setting (change "apply" to "not apply") it will return the previous settings back to the state "before the policy was applied".
any update for this? I don't see difference between 6.x and 7.1 "not apply" policy. I wish to understand what I missed.
-
On 11/24/2019 at 4:34 PM, Marcos said:
Correct. How do you update the offline clients? Do you transfer the mirror folder on a USB flash or whatever and point them to update from that folder?
will this be fixed next version? or we need to fix it at configuration or mirrortool ? maybe the mirror from mirrortool didn't give enough files so client want to contact "repository.eset.com" ?
-
17 hours ago, tbsky said:
that's strange. official tomcat 7 can not work when I upgrade to ESMC 7.1. I will download 7.1 Appliance and take a look.
I download ESMC 7.1 appliance and take a look. indeed it is using mysql 5.6 and tomcat 7. however it seems a tricky setup, if I do "yum reinstall tomcat" then system become broken even I put back ESET modified web.xml and server.xml . with tomcat 9 I don't need to modify any configuration file, it works by default. maybe that's why document said ESMC 7.1 need at least tomcat 9.
thanks again for your information!!
-
1 hour ago, MichalJ said:
The policy works in the way, that only if the setting has "apply flag" it will be actually applied on the client. Meaning, if you have set just the setting for password protection, all of the other settings will remain as before, meaning if the 6.4 was configured somehow, the settings will retain as that is how the old configuration of client is interpreted.
I will ask our QA department to verify this behavior, as it´s meant to work in a way that when you remove the particular setting (change "apply" to "not apply") it will return the previous settings back to the state "before the policy was applied".
thanks a lot!! the document warns behavior change between 6.x and 7.x about "not apply" flag. but I don't understand what is it. so wait and learn from your confirm.
-
Hi:
I tried to use all-in-one installer made by ESMC to upgrade endpoint 6.4 client. the all-in-one installer include a minimal policy with only password set. I assume the minimal policy will brings endpoint client to its default. it is true for new computers. but for some old computers, after upgrade with all-in-one installer, I found the "potentially unwanted" and "potentially unsafe" are enabled. so it seems some old policy brings to new after upgrade. if I uninstall endpoint and reinstall again, then everything is normal.
so I wonder I still need force many default policy like ERA 6.x? I found the sentence below at document, but I don't understand what it means. I was thinking client will use default if not apply:
Important
ESET security products version 7:
Not apply flag turns individual policy settings to the default state on client computers.
-
7 minutes ago, MartinK said:
Yes, official CentOS7 packages are used, which means Tomcat7 + OpenJDK 1.8, but we have encountered issues on Windows where certain versions of tomcat7 stopped working, but it might have been related to Java -> OpenJDK changes which also required latest builds.
that's strange. official tomcat 7 can not work when I upgrade to ESMC 7.1. I will download 7.1 Appliance and take a look.
-
11 hours ago, MartinK said:
It highly depends on what is behind your questions but:
- In case you are asking for most reliable and verified components, I would recommend to stick with configuration as near as possible to ESMC Appliance (CentOS 7 + MySQL 5.6 + official Tomcat7). Reason is simple = it is preferred solution for most of Linux users of ESMC. As of MySQL 5.7 I am not aware any significant downsides, it is not used in ESMC Appliance just because of changes in tooling which complicates automated deployment.
- If you are asking for solution that will be possibly supported longest time, latest components might be best choice, but as you suggested, there might be problems encountered - especially with MySQL 8 which has few bugs that are affecting ESMC directly and future versions might be not working at all.
- If you are after performance, I would recommend to consider SQLServer for Linux as database, especially in case management of >10000 devices is expected. This combination is probably not officially supported, but solution is used internally.
what I mean best is most reliable and verified. thanks for your clarification.
but I have tested tomcat 7 and it is not working. document also said ESMC 7.1 need tomcat 9. do ESMC 7.1 Appliance actually use tomcat 7?
document said SQLServer for Linux is not supported. if it is supported maybe I will give it a try. although I always prefer MariaDB. MariaDB is linux standard these days(I understand ESET may never want to support it).
-
2 hours ago, Peter_J said:
See the supported MySQL (and ODBC connector) versions here:
https://help.eset.com/esmc_install/71/en-US/database_requirements.html
may I ask which mysql version is best? I now stay in 5.7. in ERA 6.x time, ESET support 5.5,5.6,5.7, but 5.7 has problems.
now ESET support 5.6,5.7,8.0. I assume 8.0 will have problems but I am not sure.
-
Hi:
I just upgrade from 6.5 to 7.1. and I want to make sure I use the same component with Eset.
linux: 64bit is a must now. that's fine since rhel7 already abandon 32bit. rhel7 or clone is best since Eset virtual appliance use it?
tomcat: tomcat7 is not working anymore. that's unfortunate. ESMC 7.1 need at least tomcat9, and since there is no tomcat 10, tomcat9 is the only choice. BTW, ESMC 7.1 installation document is full of tomcat7 example, I think it need to be modified for tomcat9.
mysql: ERA 6.x has problems with mysql 5.7, so at that time mysql 5.6 is the best choice. now mysql 5.5 is not working anymore, I assume mysql 5.7 is the best choice now? or mysql 8.0 is better?
-
6 hours ago, Marcos said:
Correct. How do you update the offline clients? Do you transfer the mirror folder on a USB flash or whatever and point them to update from that folder?
we use mirrortool to mirror update and point client update to mirror(of course the mirrortool is updated version for 7.x). it was working file for endpoint 6.x. in fact it is working fine for 7.2 unless you click "check update" manually. if you didn't click, the scheduler update is working fine at background and shows no warnings.
it seems if you click "check update" when there is no new update at mirror, the client will try to connect internet and show failed message.
-
Hi:
just upgrade to endpoint 7.2. I have some offline clients. when I click "update" at client GUI the client try to connect "repository.eset.com". and it shows failed after that. I assume this is a bug since offline client can not connect to internet.
-
1 hour ago, Marcos said:
Dual update profiles are needed in cases when users may roam and update in networks with and without a proxy server for instance.
I know that. I mean why windows version make this work so complicated? why not like Mac/Linux version, just set primary server and secondary server in policy? it's very stupid to set dual profile and schedule to roam.
-
Hi:
I just upgrade ERA 6.5 to ESMC 7.1 to mange endpoint 7.2. there are many problems. but I can't understand why I still see dual profile method to update for windows. Linux/Mac can define primary/secondary update policy. why windows still need dual profile and schedule to finish such easy job?
-
17 hours ago, igi008 said:
Hello tbsky, thank you very much for your post, don't worry, we plan to release mentioned versions in the middle of November. Stay tuned!
that's a great news. we are waiting for it. thanks a lot!
-
On 10/22/2019 at 4:23 PM, MichalJ said:
@schuetzdentalCB (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future.
Previously ESMC 7.1 / Endpoint 7.2 was planned for 19H2. but since there are no beta out yet, I assume the plan was canceled/delayed?
-
19 hours ago, MichalJ said:
@tbsky We are not planning to add mariaDB support. Due to our journey to the cloud and also multi-platform compatibility, we will most likely work on the support of MySQL 8 for next major release of ESMC
Hi:
I think mariaDB is multi-platform compatibility also. few people like Oracle/MySQL, but it is better than nothing. at least we can install ESMC at linux
-
-
On 2018/2/14 at 3:04 AM, Marcos said:
Yes, you can. What matters is the version number 6.6.2072. The latest version 6.6.2072.4 is important for new installations since it contains the latest modules to prevent BSOD if Meltdown patches are installed. Already installed versions should have all modules updated.
I didn't install 6.6 yet. but since 6.6.2072.2 with latest update is equal to 6.6.2072.4, why the administration panel show warning about outdated version? it should not show this kind of warning..
-
hi:
today I saw new version of endpoint 6.5 released. but I am confused since there is already version 6.6. is this normal or just an exception?
I am still at 6.4 and wait for 6.6 to become mature.
-
2 hours ago, Marcos said:
If you open the main gui, what expiration date is displayed?
Endpoint v6.4 is supported and cannot expire because a new version of the program is available. As for offline mirror and Endpoint 6.6, if you create a mirror with EPv6.6, the mirror will contain update files for both older and newer versions of ESET products.
hi:
you are correct. the computer time of the PC is wrong, and it haven't update virus signature for 2 days. after fix the time issue and update virus signature, windows 7 won't complain anymore.
-
hi:
we are running eset endpoint 6.4.2014.2 and we are satisfied with the version. we have tried eset endpoint 6.6 but it can not use offline mirror so we can not use it.
today I notice the windows 7 message center warning about endpoint 6.4.2014.2 announce itself expired and need to update.
I am shocked about the message. how can I use the old good version before eset fix offline mirror? I really don't want to try 6.5 since I know I will upgrade to 6.6 eventually.
-
1 minute ago, Marcos said:
Since malware changes rapidly, I would personally never use deferred updates, maybe with the exception of highly critical systems.
You can leave LiveGrid disabled if you use critical systems where you cannot afford having latest detections. Normally we strongly recommend keeping LiveGrid enabled in order to be protected against recent malware.
hi:
thanks for the quick reply. before the arriving of ransomware, the biggest problem we face is not virus, but the false alarm by anti-virus software. so we are happy when we have options for delayed update.
now the biggest problem is ransomware, but I am not sure the benefit/trouble caused by LiveGrid. maybe we should try it on some computers.
-
Hi:
I always use delayed update mode since endpoint V5. and I am very satisfied with the result. there is no critical false alarm for several years.
I never enable Live grid. I wonder if the logic of Live grid is conflict with delayed update mode, since Live grid is the newest detection method?
-
On 2017/8/29 at 1:52 AM, MichalJ said:
It is completely OK to manage EP 6.6 with ERA 6.5 (and even older). Concerning the mirror tool, we will post approximate release date / timeline next week.
sorry I didn't see the timeline post. is there any url to check?
Endpoint 6.5 keep old style password after upgrade
in ESET Endpoint Products
Posted · Edited by tbsky
Hi:
I try to upgrade several endpoint 6.5 to 7.2. the old policies are left in upgrade installation, which I need to reset it. but there is one strange setting: password protection. I have setup new 7.x style password policy. but every time endpoint start-up, it will show information about "password setup changed". it seems never forget 6.x style password inside.
if I uninstall 6.5 and install 7.2 then everything will be fine. but that's seems stupid. is there method resetting everything to 7.2 default when upgrade?