LocknetSSmith

I'm not sure if this helps or not, and it may be a mute point, but we were experiencing BSODs as well with ESET Endpoint AV - particularly on Windows XP Pro machines, but also at least two Win7 Pro computers that I was made aware of. When ESET released a version update in the middle of July, I released that the installers we were using did not include this patch (they had been created the month before) - also ESET Endpoint AV by itself wasn't downloading this product update by itself. So I obtained new installer (for us, using our EMU) and built new installation .msi's using the ERAC and went to work removing ESET from the machines that had experienced Blue Screens, and re-installing with the new installers. To date, they have not Blue Screened again. The version we're running now is 5.0.2126. Hope that helps somewhat.

If you create this policy on an endpoint that has the app you want blocked installed, and then export the policy as an .xml, can you import that .xml to your ERAC so that, even if your ERAS doesn't have the app, it will still push the policy using an SID or something like that?

I was informed a couple of months ago that the ESET Mobile Security (specific for Android) was not yet compatible with the MSP ERAS - is there any way of finding out if/when this compatibility will be added, or the licensing added to the ESET MLS website? Cheers,

Does anyone know of a way to brand the reports that the ESET RA generates? Meaning, a way to automate the process of adding your company logo to the reports generated by the ERAC? As an MSP, this is extremely important to us. Any feedback would be appreciated!

Thank you for the clarification - leave it to Microsoft to leave a bug.

I'm sorry I'm not understanding this answer? I'll reword this question to see if that helps - Will Document Protection work if you leave the policy as is in the Remote Administrator Policy Editor? - the default setting has "Enable Document Protection" set to YES, and System Integration set to No. I would like to understand what the difference is between these two settings as well

This is probably clear to everyone else in the world but I'm not seeing the answer in the File Security or Remote Administrator Console user guides so here goes. In the Remote Administrator (version 5.0.511) Policy editor, I have, under the following path: Windows Server v4.5 -> File Security 4.5 for MS Windows Server -> Computer Protection -> Document Protection I have two options that I'm hoping to get clarification on - Enable Document Protection - which is set to YES by default System Integration - which is set to NO by default. I understand what Document Protection is, and what it does, but what about these two settings? To me, if Document Protection is enabled, then it is integrated into the system. Is this not the case?

Hey Patrick - thank you for your assistance on that I was hoping someone might have come up with some type of excellent VBA or Power shell script that automates the process in some manner, but that was a shot in the dark! PDF Creator is my friend in the meantime.

This is more of a question for the MSP ERA model, or those of you using a MySQL database due to having greater than 1500 endpoints managed through the ERA. Has anyone come up with any type of clever way of extracting the ESET Reports and converting them into a .pdf format? By default, the ERA outputs the reports as a series of individual files - index.html and various .png/.jpeg etc. for the various charts and graphs. You can also set the ERA to output the reports to a .csv format, but this is highly un-formatted and not friendly for an reporting scenario. So until ESET adds .pdf as an output option, I'm trying to consider clever ways of automating this process - just to be clear as well, I did submit this request to ESET Business support, and they were great about following up on the idea, but understandably couldn't confirm or deny if or when this would ever be implemented. Any ideas? Cheers

Just FYI ESET Support is assisting me with this issue -

I actually presented a similar question on the Malwarebytes.org forums - specifically I asked about MBAM's Heuristics abilities with their Real-Time protection, but also how MBAM's RealTime works with existing AV. I didn't mention ESET by name and please keep in mind I use the business editions of ESET, but here is some of the feedback I got from the forum admins: In reference to performance:

I am troubleshooting a problem wherein my Notification Manager is not firing off the associated Threat notification when a Level 1 Critical Event is detected. ESET Partner Support indicated this may be due to the "Frequency" setting, which is currently set to "Once." In our initial training for the ESET RA, we were advised this setting should be Once as the report is only meant to be used if the Notification Manager detects a Level 1 Critical Threat. If changing this setting will fix this problem, what is the proper frequency to use then? My choices are: - None - Once - Daily - Weekly - Monthly - Yearly

When building your exclusions in the Remote Administrator Policy (whether for Windows Desktop v5 or for Windows Server v4.5) are wildcards and other syntax special characters accepted/recognized? For example %systemroot%\system32\GroupPolicy\registry.pol for instance?

We also use the MSP Utilities - for what it's worth, if the MSP Utilities detect any "foreign" licenses (in License Manager) when the EMU Spike occurs, it will blow the license out. Foreign licenses being (as far as I can tell) any license not available through the ESET MLS website - We had this problem when we attempted to add a license for ESET Mobile Security for Android to our MSP ERA - everytime the EMU Spike would occur, it deleted the license. As far as uninstalling the MSP Utilities, I had to do this once (just have to uninstall/reinstall) - it went smoothly for us Hope that helps somewhat!

Thank you - this is perfect.

I apologize if this is the wrong forum to post this question in - we are working with a client who is migrating to a full VDI environment - all end-users will have thin clients; all running virtual desktop OS and all the servers will be virtual as well. I see on the ESET Endpoint Products page that in Sept. 2012: ESET Endpoint Security received the VMware Ready certification, which ensures that ESET is fully compatible with the VMware environment. I also see that McAfee (and some other AV vendors) built "specific" AV products for a full on VDI environment, such as McAfeee Move. Is there a way to confirm if currently ESET Business solution products will function properly in a VDI environment?

I see - that answers my question then - I just assumed that because I was enabled this feature in the ESET RA policy that it would generate the dump in some sort of ESET directory, like C:\Program Files\ESET or something to that effect. Thank you though.

I wasn't sure if I should post in this in the Remote Admin forum, but it's a good place to start. In the remote admin policy for several of our clients that have reported Blue Screens on older Windows XP computers running ESET Endpoint Antivirus, I enabled Diagnostics in the ESET RA policy For instance: Windows Desktop v5 -> Kernel -> Settings -> Diagnostics I marked this policy and set the "Application Memory Dump Type" to "Complete Memory Dump." I did this because I haven't been able to capture a full memory dump that may help in getting to the bottom of this - only minidumps which ESET Support already indicated did not contain enough information to determine how the crash occured. That all said, I have had this policy in place for several weeks, and today a Windows XP computer one one of our managed clients locations Blue Screened, but I cannot find that .dump file anywhere. Does anyone know where this dump file would be generated?

I guess I was hoping that Microsoft might make these sorts of things available to certain vendors (like AV vendors) in some form of a Dev Kit prior to their official release. Either way though, I'm sure ESET will be on top of it.

The product listing for ESET File Security for Windows Server indicates compatibility for the following operating systems: Required Operating Systems for Windows Server Version: Microsoft Windows Server 2000, 2003 (32 & 64 bit), 2008 (32 & 64 bit), 2008 R2, 2012 Microsoft Windows Small Business Server 2003, 2003 R2, 2008, 2011 Can I get a confirmation on whether or not ESET File Security for Windows Server will work on Server 2012 R2? Thanks!

Peter, I have an open case with this issue with ESET Partner Support - I didn't think it wise to post the case # in a public forum, but if you would like it, I can send it to you via private message - either way they are aware you are assisting and have deferred to your expertise. Here is an update - As I mentioned I was unable to obtain a ProcDump. When I tried to run this in Normal Mode, the computer was so frozen up that I could not do anything, literally. I rebooted the PC into Safe Mode, which allowed me to at least run SysInspector (I have submitted this to ESET Support under the given case #. In order to get the computer functioning again, I did run the ESET Uninstaller in Safe Mode. I then tried to install ESET Endpoint AV using a fresh download from eset.com. I attempted to check the endpoint into my MSP Remote Administrator, but before I could do this, it appeared ESET started a scan once again, and the computer froze up once again. I then hard booted and went into Safe Mode, ran the ESET Uninstaller again, and restarted into Normal Mode. Next I downloaded and installed ESET NOD32 Business Edition. The computer began functioning properly at this point, and as of 20 minutes ago when I spoke to the client, is still functioning fine. I was able to check it into my MSP Remote Administrator - when I found that installing NOD32 resolved the issue for this computer, I followed suit on the other six Windows XP computers that were freezing up. Even though I emailed the SysInspector snapshot to ESET Support, I would be happy to send it to you as well if you like, or I can upload it to SkyDrive and provide you a link to download if you prefer. This is very mind bending! I literally have ESET Endpoint Antivirus deployed to hundreds of Windows XP computers. This particular client with these specific 7 Windows XP computers are the only ones that froze up like this.

This absolutely answered my question - thanks much!

Thank you for getting back to me Lesley F. I think I may have mis-stated my question however. When I tried to create specific security users and groups within the Device Control setup, it calls up a window from Active Directory, asking for the usernames of those I wish to add to the group. In order to create a global Device Control policy, I understand I could probably do that from any computer or server on the network, as long as it has access to Active Directory, and the users that I wish to add to the Groups. I could even create a Group in Active Directory and link ESET's Device Control to it I see. My question is, once I have Device Control configured and working on a network, if I export the settings to an .xml file, and merge that .xml file to the client's policy on the MSP RA, will Device Control continue to function remotely from the MSP RA, even if the MSP RA server no longer has access to the client's Active Directory? I hope this makes sense - I can't think of how else to word it.

Nevermind, I see what is happening - the ekrn process is not running in Safe Mode. When I run ProcDump via command line I get the following: C:\>procdump.exe -ma ekrn ProcDump v6.00 - Writes process dump files Copyright © 2009-2013 Mark Russinovich Sysinternals - www.sysinternals.com With contributions from Andrew Richards No process matching the specified name can be found. Try elevating the command prompt or using PsExec to make one as SYSTEM. psexec.exe -s -d -i cmd.exe procdump.exe -accepteula ... C:\>

Having some troubles with this - The PC, in normal mode, is so jammed up that I cannot run or download anything. I attempted to even send procdump to the PC via FTP, and it fails. Of course this means I also cannot open the Internet to download the program. I also cannot open SysInspector. I have rebooted into Safe Mode, and generated a SysInspector file, but I'm not sure if it will contain the information you require as I have ran it in Safe Mode - I am trying to run Proc Dump in Safe Mode as well with the following: Start -> Run and entered the following C:\procdump.exe -ma ekrn A command line interface appears for a moment, and then dissappears. Should I run a different command? I'm assuming I have to pipe in a command that will output the data to a .txt file or something of the sort?