terrum

I did a test last night: 1. Created two new static groups, group#1 for endpoints, group#2 for servers. 2. In ERA v6 created two new separate policies from scratch with only HIPS setting disabled (enforced), one for v6 endpoints (EEA), one for v6 servers (EFSW). 3. Assigned a policy to a corresponding group (the endpoints policy to group#1, the servers policy to group#2). 4. Picked two EEA v6 endpoints running Win7 64bit and moved in the group#1, picked two EFSW v6 servers running Win2008R2 and moved in the group#2. 5. Checked the settings on all four clients: HIPS status in Setup menu - Enabled, HIPS status in the Advanced Setup menu - Disabled and grayed out. 6. Rebooted all four clients and checked HIPS status again: HIPS status in Setup menu - Disabled 7. Checked the status again this morning (8-9 hours after): HIPS status in Setup menu is now ENABLED on all four test clients!!! (HIPS status in the Advanced Setup menu still disabled and grayed out). Of course, if I reboot a client again, the HIPS will disable, but after some time if will automatically turn back on again! So, there is certainly something fishy going on... any suggestions?

There is a predefined policy that comes with ESET RA v6 right out of the box, it's called "File Security for Windows Server - Antivirus - Real-time scanner only" - the first one in the list, you can see it on my screenshot too. A description for this policy says something like "this policy provides balanced settings optimized for use on a server", and most importantly, the HIPS setting in that policy is disabled. So, my thinking goes "if the vendor of my antivirus solution was so kind to include a policy template that is "optimized for servers", why should I NOT use it on my servers?" Anyways, we can leave that topic for another discussion, but the real problem here is why this specific HIPS setting (disable HIPS permanently) eventually gets ignored by all clients, even though I have an active policy in RA that should keep the HIPS disabled? Is there a bug in current versions of ERA or EFS or both?

I've been with ESET for over a decade. I was using every business version starting with v2 and I always felt positive about it... until v6, which looks and feels as complete ...! I posted on this forum already three separate issues and nobody from ESET replied. Back in good old days, ESET AV used to be the same version for home and for business... and it used to work good across the board. What happened now ESET? A new VP came up with a clever idea "Why pay our own QC/QA? Fire them all and use that crowd of hungry beta testers out there for free!". If no new, GA quality!! build will be offered soon, I will be switching back to v5 and will start planning for an alternative solution.

I'm using ESET RA v6 virtual appliance. I created a custom policy to disable HIPS feature on my ESET File Security v6 clients. All FS clients are members of a group and the policy is assigned to the group. When I check HIPS status in Setup menu on a client short after rebooting it (otherwise HIPS won't turn off), it says that HIPS is disabled. HIPS is also listed as disabled and grayed out in the Advanced Setup menu which is expected as I'm managing it via RA policy. However, after some time HIPS gets automatically enabled on all FS clients (HIPS status in Setup menu - enabled, HIPS status in the Advanced Setup menu - disabled and grayed out, no changes in the policy). If I reboot a client again, HIPS gets turned off, but after some time it starts back on again! Any ideas why this is happening? What I should be doing to keep HIPS turned off permanently? Thanks.

I have noticed exactly the same issue after upgrading my servers from v4 to v6. So far it seems only Office extensions plus .png files are affected, and only on Windows 2003 servers. The issue presents itself when you open a file hosted on a shared drive (Word or Excel freeze or display "opening the file from location... message for 15-25 sec or more), or in about 50% cases when you just right click on a file and waiting for the menu to show up (it opens after 10-15 seconds delay). In my environment this is happening only with files that are hosted on Windows 2003 servers and is affecting only Office and .png extensions. Users started reporting the problem next day after I upgraded the servers from v4 to v6, and was solved after rolling back the v4. It didn't matter what client version of ESET AV was installed on workstations - both v5 and v6 were affected same way. As part of troubleshooting, I tried disabling all advances features including Network Drives Scan (why this is even gets turned on by default?!), Document Protection, HIPS, Self-Defense, Anti-Stealth and the rest of the lot, keeping only real-time protection on - the problems goes away only after turning the real-time protection off in v6 or rolling back to v4 (which works with all security features on). I'm looking forward for ESET releasing a new v6 build soon with that issue fixed.

Try to enter management mode with password [eraadmin], source: hxxp://help.eset.com/test/era/6/en-US/index.html?vmware_player.htm

If username "Administrator" and the password that you entered on the config page doesn't work together, you maybe be better off to re-deploy the thing from scratch, the process takes only minutes anyways... Side question: did you enter anything in domain controller name field or you left it blank?

Similar issue here: I have a 2012 AD Domain running two Windows 2012 R2 Domain Controllers. If I enter anything in Domain Controller field, the configuration fails. If I leave it blank the appliance finishes its install successfully but then none of domain related features work. Rogue Servers detection feature also doesn’t work. I wonder if the issue occurs because more than one Service (SRV) records of an LDAP server are returned during Kerberos authentication (there are two DC's). This situation is explained in more details here: hxxp://esupport.trendmicro.com/solution/en-us/1095092.aspx Are you planning to release a new build any time soon? I agree with someone who said here that this build feels like an early beta, just not labeled as such for some reason...