PuterCare

Thanks, I will give that a try.

I have the HIPS rules enabled, but they are blocking some scripts from running. I have a script that auto-updates some applications: C:\Windows\system32\wscript.exe "C:\ProgramData\Winget-AutoUpdate\Invisible.vbs" "powershell.exe -NoProfile -ExecutionPolicy Bypass -File """C:\ProgramData\Winget-AutoUpdate\user-run.ps1"" When it is ran, it is blocked: 01/12/2023 11:01:36;C:\Windows\explorer.exe;Start new application;C:\Windows\system32\wscript.exe;Blocked;Deny script processes started by explorer; I'd rather not turn this rule off as in most instances, we do not want to let explorer start wscript etc. I have tried adding a rule but they seem to be so broad that I can allow one process to launch another, but I can't seem to be any more specific than that. Is there any way around this other than turning the rule off? Thanks

The user reported the issue returned this morning so I switched to pre-release, updated, and it fixed it so I guess it is a known Eset issue and your devs are working on it. Thanks

I will try that the next time it is reported, in this case I had to uninstall and reinstall. Is this a known issue with a pre-release fix? Another thing, I am unable to install EIS from winget, fails to match hash and also installing from the new app store in Intune fails but I am not sure why.

Strange one here, Eset Internet Security 16.2.15.0, Microsoft Edge (latest version) with Adobe PDF integration enabled. Reports from multiple separate customers, all with EIS in common, no such reports from EES customers. PDF opens in Edge and is presented correctly. When the user tries to save the open PDF, the normal save dialogue opens, when they type the filename, random characters are printed instead of what they are actually typing. These random characters are sequential in relation to the keyboard i.e. they could type "testing" and "qwertyu" will be printed, sometimes text will start from a different part of the keyboard. It is as if it is obfuscating what is typed to prevent a keylogger from being able to work. Text I type using my Teamviewer remote connection appears fine, it is only the local keyboard that is affected. Whilst the save box is open, text typed anywhere on the computer is incorrect, as soon as the save box is closed it works ok. I have found it hard to find info on this, I lost the reference but found that years ago similar behaviour was attributed to ESET so I removed ESET and it started working ok. I reinstalled and it continued to work ok. Does anyone know if this could be ESET related and a quicker fix? Thanks

I can confirm that pushing the update to 10.2.2058 from ESET Protect has fixed the issue, I see that EIS is also affected on v16.2.15 at least.

Interestingly enough, I just did a clean install of EES 10.1.2058 onto a VM using the standalone downloader on the eset site so I could edit the regkey and export for deployment, and the service is already in quotes - "C:\Program Files\ESET\ESET Security\efwd.exe" I will check what version my endpoints are using and see if this version has fixed it. I had deployed EES to two of these systems this week from ESET Protect using the agent. EDIT: The endpoints are on 10.1.2050, I am pushing an update now.

Thanks, is there an ETA for release? I imagine I will need to fix these manually as I have a lot of CE+ audits by year end.

I have just had some systems with Eset installed fail a Cyber Essentials Plus audit for this, was there any update? I can fix myself but ideally the software would have a quoted path in the first place so there is no need for manual remediation. Thanks

All sorted, I ran the removal tool, this time agent installed as did software.

I think I know why the task disappeared, in the endpoint details, task executions section, I deleted the execution not realising this deletes the task from the library rather than just the execution. Last issue remaining is why one endpoint will not deploy but now I can focus all my efforts into fixing that.

Thanks, that client was on my public WiFi, I moved it to my private LAN and now the agent has connected so I guess some of my filtering on the public network interfered with the agent connection. Do you know why my software install task disappears? All my existing tasks are present, but I add a new task, it appears but later disappears.

Update: I installed the same agent to a VM on the same LAN, agent connected fine and software install task pushed successfully. I had already tried the Eset removal tool on the system where the agent will not connect and then installed fresh but same issue.

I am having some trouble with a couple of new client devices when trying to connect them to an existing OU in Protect. I created a new agent script, using a valid ESET PROTECT certificate, install it on the endpoint but it will not connect. Screenshot below. I have another new endpoint on the same OU that has an agent that connects, but any task to push EES install fails. I tried to manually install EES as admin and that fails too "MSI.1923". Software install log attached. Does anyone have any ideas why this is happening? I rebooted the VM but it did not help. I can ping my hostname externally and see that 2222 is open, existing endpoints all seem to be connecting ok. I just downloaded another agent and installed on a VM and it the agent is connecting ok, all these devices are currently on the same LAN. One other thing I noticed which was strange, I set up a new software install task, but today that task is missing from the Protect server. software-install.log

I just removed the policies from the All group, added them individually to the OUs. Now on the OU I am working on they seem to have merged ok, so this issue seems to be when policies are assigned to the All group they will become exclusive.