bbahes

Apache is open source web server that, if configured, can act as http proxy/cache server, and is available for any Linux distribution, so you don't have to use Windows box. You could install Apache on ERA server and point clients via Policy to that proxy, so in a way it looks like update mirror that was used in ERA v5... Unfortunately, ESET did not include Apache for Linux in their ISO and not even on their International web site, so you are left to find out how to install it on CentOS distribution. Last time I read somewhere on this forum, they promised to fix that in next release, and include it as option in ERA installation. I have Ubuntu 14.04.2 LTS in my test environment. Since they have different package system you will have to use different commands than mine to install Apache, something like yum install httpd. But you better double check for CentOS 6.5 version.

Apache HTTP proxy replaces the former mirror feature with a more efficient and reliable way of caching downloaded files. Administration via the web console was requested by many administrators as it enables them to access ERA from any operating system and are not limited to Windows like it was with ERA v5 and earlier. Please create a separate topic for each issue so that we don't mix different things in one topic. Replacing would imply that it takes features from previous version and enhances them. You have completely removed functionality from ERA and just redirected clients to http proxy. Relying on clients to verify database integrity and authenticity? Web console should have been option, for those that want to administer security from mobile devices. For true administrators you should have left desktop application. Instead you have "moved functionality" from desktop application to web interface forcing many people to use this slow and non intuitive interface.

I have made comment regarding documentation more visible to ESET team. There is no guide (except for poor documentation) on how this new sistem actually works and no best practices to follow, you have to find it yourself, either on this forum or in ESET knowledgebase. Regarding question on certificate location for Agent, either you will have to generate pair by yourself and then put in correct location/path (username is not important at all, it just shows bad practice to use user profile to store certificates, certificates have they place in Linux distributions), or leave it as I did, for era server installation to create self signed and omit cert location in Agent installation. This is how I did install of ERA v6 on Ubuntu 14.04.2 LTS in test environment using their documentation. apt-get install mysql-server-5.6 sudo nano /etc/mysql/my.cnf max_allowed_packet=100M sudo service mysql restart apt-get install unixodbc libmyodbc sudo nano /etc/odbcinst.ini [myodbc_mysql] Description = ODBC for MySQL Driver = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc.so Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcmyS.so UsageCount = 1 sudo odbcinst -i -d -f /etc/odbcinst.ini openssl version chmod +x Server-Linux-x86_64-6.1.450.0.sh sudo ./Server-Linux-x86_64-6.1.450.0.sh --skip-license --db-driver=myodbc_mysql --db-hostname=127.0.0.1 --dbport=3306 --db-admin-username=root --db-admin-password=password1 --server-root-password=eraadmin --db-user-username=era --db-user-password=password2 --cert-hostname="192.168.1.1;eset-era" chmod +x Agent-Linux-x86_64-6.1.450.0.sh sudo ./Agent-Linux-x86_64-6.1.450.0.sh --skip-license --hostname=192.168.1.1 --port=2222 --webconsole-hostname=192.168.1.1 --webconsole-port=2223 --webconsole-user=Administrator --webconsole-password=eraadmin sudo apt-get install openjdk-7-jdk sudo apt-get install tomcat7 sudo cp era.war /var/lib/tomcat7/webapps/ sudo keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/ssl/certs/java/era_web_console.keystore -storepass password -validity 360 -keysize 2048 sudo nano /var/lib/tomcat7/conf/server.xml <Connector port="8443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/etc/ssl/certs/java/era_web_console.keystore" keystorePass="password3" clientAuth="false" keyAlias="tomcat" /> sudo service tomcat7 restart chmod +x RDSensor-Linux-x86_64-1.0.728.0.sh sudo ./RDSensor-Linux-x86_64-1.0.728.0.sh --skip-license

VPN? My guess in future ESET will offer cloud services and this problem will be gone...

Opening ports on public IP just for agents to report...really? It would be better for ESET to sort this out within product and fix reporting.

With new ERA V6 clients connect to Internet independently of ERA server. You could install http proxy on ERA server and point clients to that proxy but that's all. In my company we have situation where not small number of computers have no access to Internet at all but we do not see acceptable "solution" from ESET.

Virtual appliance is a best way to go with new ERA V6 in my opinion. I might argue their choise of distribution, but since they have support for Ubuntu I don't mind doing it all on Ubuntu distribution manually. However, here we get to part where they have poor documentation and you have to be really confident in your Linux skills to know what to put where.

Trust me, I have tested many alternatives (Symantec, BifDefender, Avira, Avast, Sopohos, Panda, Comodo, Trend Micro, Kaspersky), none of them compares to ERA V5, some are closer to ERA V6 like Comodo and some are very CPU intensive(Symantec, Kaspersky, BitDefender, Avast...). Symantec and Kaspersky have best documentation I have ever seen in security world but they have product that are so CPU intensive and nature of our business does not allow CPU waste. Seems to me we will stay on V5 line of product until license expires next year, and then decide which direction to take. Until then they said they will release two major updates to V6 so I wait, but there are no news on features and fixes yet.

Agree, but it does not look like they are going to change approach to this new concept of ERA V6.

Thank you Bbahes. And If you are going to talk it would be great if you can clear some additional questions. There may be very different set ups in our networks, which may conflict with what ESET offered. How to resolve them? I would like to see this section in their documentation. For example: - if I already have proxy running on the computer, what modifications should I made for ESET? hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3637 - if I already have Apache web server, do I need install in addition Tomcat server? And how to make them work together to accept SSL connections? hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3724 (I have not seen guide for linux distributions, however, these can be found elsewhere on the internet.) - default database for many Linux installations is Mariadb (not MySQL). There several reasons for that. How to configure ERA to make it work with Mariadb? (I made it work) It's really not problem for me to install any supported database on linux distribution. I have not seen in documentation mentioning any other database. We are living not in ideal world and sometimes we can give to eset just some resources on production server (not clean brand new installation of OS on separate computer) I understand that answers on questions like that requires more work to resolve and write several additional articles in your documentation, but people like me will appreciate this and you will have less problems in support. They should listen to their customers more. Which they say they do in this webcast hxxp://www.eset.com/us/webcasts/endpoint-security-just-got-simpler/. Give the quality of ERA V6 and people complain about it I find it hard to belive in these numbers.

Will this be true for Linux version?

This is pretty basic thing in most alternative products and it's welcome addition to ESET Business security. However, taking out completely functionality like mirror server is something that is not popular and in my opinion very questionable decision that makes me want to talk to people inside ESET for clear explanation. For example, Microsoft has WSUS, and here is clear explanation from Wiki what WSUS is: "Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment.". Was it so hard to upgrade mirror server functionality to even more manage AV updates? I really don't understand. And comments on this forum for not understanding ERA v6 concept are really not necessary. If you took time to update documentation, e.g. diagrams in Chapter 1 of "ESET REMOTE ADMINISTRATOR 6 Installation Manual and User Guide", maybe things would be clear. Until then, you will get newly registered sys admins that will complain about weard product you released.

Do you have any resource as to what areas are changed / improved?

Absolutely yes. V6 is not bad, it's just unfinished product.

May I ask how much time do you spend in ERA interface on daily basis? I spent a lot of time during the transfer of the PCs on the network. I suggest you try to learn what is new in this version and adapt, instead of complaining when you do not get another Windows console. I knew I did. First, I had problems with agent deployment - solved with GPO deploy. Second, I always used preconfigured packages - now I used polices to set up every computer. Policies and tasks are really strong concept. My thinking is that if I pay for something I have right to complain. You know, like when you pay to car mechanic for repair your car, and you notice when you drive away something is not right on car. You come back to him and complaint that he didn't fix your problem. I used to spent around 30% time of my day in ERA console for my own reasons and I don't count production deployment and test lab. I have deployed this "solution" in test lab several times on Windows and Linux platform, so I don't need lessons on "try to learn". If you tried to deploy Linux platform (and I don't talk about ERA virtual appliance) you would know how horrible and incomplete documentation is. Now I have configured syslog which informs me on threats in network, instantly and I spend less time in ERA console. But when I do, when I connect to console I know that I will get consistent information in matter of seconds. I don't have to wait for part of web page to fetch data from http server, to refresh browser page. I don't have to worry about log off (which by default can't be changed on default account, and solution to create second account just to be able to change timeout if not funny is very sad). Regarding policies and tasks, I don't know if you used previous version of ERA, but this concepts exist there. And you know that you can't export v5 policies to v6? Right? I could agree on "adapt"(accept would sound better) part of your comment, as situation stands this is the only solution to problems, people using ESET v6 product have. One of the remaining problems is the old information in web interface, I guess that will be solved in next major release. Linux deployment is hard without documentation, but can be done, as it is based on Tomcat, Apache and MySQL (PostgreSQL support needed). I cant say that I know what you need on your network, but if you need instant threat information,and there are a lot of attacks, staring at the console all the time looks like a bad option. It certainly isn't my only point of inspecting attacks. However it's one that alerts me first when there is infection or other misbehaviour on client. I will wait for major releases, then I will do test again and report back.

May I ask how much time do you spend in ERA interface on daily basis? I spent a lot of time during the transfer of the PCs on the network. I suggest you try to learn what is new in this version and adapt, instead of complaining when you do not get another Windows console. I knew I did. First, I had problems with agent deployment - solved with GPO deploy. Second, I always used preconfigured packages - now I used polices to set up every computer. Policies and tasks are really strong concept. My thinking is that if I pay for something I have right to complain. You know, like when you pay to car mechanic for repair your car, and you notice when you drive away something is not right on car. You come back to him and complaint that he didn't fix your problem. I used to spent around 30% time of my day in ERA console for my own reasons and I don't count production deployment and test lab. I have deployed this "solution" in test lab several times on Windows and Linux platform, so I don't need lessons on "try to learn". If you tried to deploy Linux platform (and I don't talk about ERA virtual appliance) you would know how horrible and incomplete documentation is. Now I have configured syslog which informs me on threats in network, instantly and I spend less time in ERA console. But when I do, when I connect to console I know that I will get consistent information in matter of seconds. I don't have to wait for part of web page to fetch data from http server, to refresh browser page. I don't have to worry about log off (which by default can't be changed on default account, and solution to create second account just to be able to change timeout if not funny is very sad). Regarding policies and tasks, I don't know if you used previous version of ERA, but this concepts exist there. And you know that you can't export v5 policies to v6? Right? I could agree on "adapt"(accept would sound better) part of your comment, as situation stands this is the only solution to problems, people using ESET v6 product have.

May I ask how much time do you spend in ERA interface on daily basis?

If I had to describe to someone what's new in latest ERA I would use these words. They said two major releases until end of year, so all we can do is wait and see...

There were indeed many requests not to report security center issues. Hence we later added the option not to report them to ERAS by agent on clients. There should be 2 major updates of ERA v6 available this year which will bring further improvements according to the feedback we've received. Many thanks for this info! Regards.

This is probably just misunderstanding of how v6 works. By default, agent reports system issues you've mentioned, howe ver, youcan disable these reports via agent's policy. If you look at the details of the alerts, you would most likely see agent as the source. Then make documentation that explains how this new system really works. Also, why would someone want to disable feature in security product, unless it's broken? Does ESET have any major update for v6 in plan?

*bump*

First example: hxxp://help.eset.com/era/6/en-US/index.html?component_installation_linux.htm Here you don't explain why "Optional components" might be useful and why. No diagram regarding where HTTP proxy fits in. I had to read many topics on this forum to learn that ESET has changed update system, and for better performance it would be best to use HTTP proxy + squid. Reading your documentation, it's not clear which component is installed and where, for this feature to work, on Linux. Also it is not clear how they interact together (http proxy + squid). I as linux user have some knowledge how this works, but what about other people? Second example: hxxp://help.eset.com/era/6/en-US/index.html?component_installation_webconsole_linux.htm Here you say: "NOTE: When you install the Web Console using the Installer, the default Web Console address is: https://localhost/era/" Which installer is this on Linux? These are just two examples of incomplete documentation. I wish I was wrong and this information is in documentation, but I have not found any evidence there is. Waiting for reply ? https://forum.eset.com/topic/4744-rogue-computers-ratio-empty/ Regards.

I have no doubts in quality of your antivirus engine but It's hard to troubleshoot something that's not documented well, and you depend on forum reply. That will force me to move to other product.

Will someone from support comment this? Is this a bug or are we doing something wrong?

I was just pointing out that some root certificates in Windows are self updateable in certain conditions. So if trusts Thawte root CA it is possible it trusts ESET root CA.