bbahes

This is what I see in /var/log/httpd/error_log file: [Mon May 06 09:16:32.930991 2019] [proxy_http:error] [pid 29607] (70007)The timeout specified has expired: [client 192.168.224.8:49679] AH01102: error reading status line from remote server update.eset.com:80 [Mon May 06 09:16:32.931042 2019] [proxy:error] [pid 29607] [client 192.168.224.8:49679] AH00898: Error reading from remote server returned by hxxp://update.eset.com/ep7-dll-rel-lb/mod_049_horusdb_4350/em049_64_l0.dll.nup [Mon May 06 09:29:08.351585 2019] [proxy_http:error] [pid 4953] (70007)The timeout specified has expired: [client 192.168.224.8:50128] AH01102: error reading status line from remote server update.eset.com:80 [Mon May 06 09:29:08.351623 2019] [proxy:error] [pid 4953] [client 192.168.224.8:50128] AH00898: Error reading from remote server returned by hxxp://update.eset.com/ep7-dll-rel-stop1/mod_049_horusdb_4350/em049_64_l0.dll.nup [Tue May 07 09:07:03.708265 2019] [proxy:error] [pid 4185] [client 192.168.224.8:49861] AH00898: DNS lookup failure for: i3.c.eset.com returned by hxxp://i3.c.eset.com:80/ 192.168.224.8 was client that had problem with update on monday. Also I see many (not too many) messages about DNS lookup failure. Is this something I should look on my side, ISP side? cat error_log | grep -o "DNS lookup failure" | wc -l 64

Still...I would be nice to know what really happened. Maybe you could anonymize trace file with https://www.tracewrangler.com/ and share it...

Any comments? https://www.bleepingcomputer.com/news/security/hackers-selling-access-and-source-code-from-antivirus-companies/?fbclid=IwAR3EqbEHNpG3iKSyMA58JsURtKtewSUfqJmRaGwBFaGClDf0Lai5cOdRl64

This was only on one new client. After I logged in as Administrator it downloaded module updates correctly. Proxy policy is same for all clients in company. All others working fine.

I had similar problem minutes ago. Maybe it's similar problem?

I don't know does this matter, but I've logged in as administrator on client PC and started module update manually:

Hi! Deploying EES 7.1 further to new clients. On latest we have problem: Agent is connecting to ESMC:

You are right! Default filter is to filter resolved threats. In this case, JS/AdWare.Agent.AF was resolved on client by connection termination so it did not show up in Threats page. Thanks @MartinK

Hi! After deploying EES 7.1 to 50 clients we have one reporting (notification to e-mail for Malicious file detected (trojan / worm / virus / application) enabled in Notifications) "Malicious file JS/Adware.Agent.AF was detected on computer ..." However, I don't see threat reported in THREATS page in ESMC, but neither on client details > alerts page. We are using default policies and have only 3 that Append firewall rules: Is there something else we need to configure ?

Did you apply both Proxy policy for Agent and Product?

Not siding with ESET support, however, this is basic networking knowledge, not ESET endpoint problem.

If I do this now, what steps would I need to take in order for current clients to communicate correctly with ESMC? Second question, why is this not on by default? Maybe you could make checkbox in initial wizard to ask during deployment for protocol TLS 1.0, TLS 1.1 or TLS 1.2 ?

I see there is column REMOTE HOST that shows VPN IP's. I will try and use information from that column.

Hi! I think this was posted before, but I can't find post. We are deploying EES 7.1 clients and we have problem with IP address column in ESMC . It displays IP address of network adapter that is connected to LAN. However, some of our clients use VPN connections. In ERA v5 we got updated with this information as this is address that client uses to communicate on Layer 3. Is there a option to show/update all IP addresses from clients in ESMC interface?

Hi! We are deploying ESMC 7.x and EES 7.1 to our environment. I have created static group MyGroup under main static group All. I have assigned some default policies to MyGroup. Below MyGroup I have created first department group MyDepartment. Under Policies of MyDepartment I don't see policies I have assigned to MyGroup. Do I have to check some option in order for static group inherit policies from parent group? Thanks!