davidenco

I cannot access EBA or ECOS as of a few minutes ago. ECOS gives me a HTTP 400 error, whereas EBA logs in but then displays a spinning icon.

Status page now says maintenance window has been extended by another 4 hours.

No, this is after closing browser, clearing cookies, etc. I just spoke to technical support who say they are still seeing all cloud services unavailable and they have not been told why, even after asking head office who don't even know themselves what is going on! This is really concerning. Have you been hacked?

Do you know why it's taking longer than 4 hours and when it will be available? I cannot access our email quarantine and need to do so as a matter of urgency. Never known maintenance to be done during the working day.

Has the maintenance run over? It's 13:06 CEST and I still cannot access any cloud services.

I am now getting an error "Too many requests. Try again later. (Code: 8)"... in TWO separate worldwide locations. One location has the workstations running the Agent and Endpoint Security combined, whereas the other location is a Linux web server that only has the Agent installed. This issue is occurring on two completely separate networks and different geographical locations.

Latest status message states "503" as being the error code that your server is responding with. That's a service unavailable error. Technical support are non the wiser. I'm aware there's an outage tomorrow. Has someone decided to kick things off a full day early and just not admit to it or update the status page? Error: Replication connection problem: Received http2 header with status: 503 (code: 1) for request Era.Common.Services.Replication.CheckReplicationConsistencyRequest (id: 506da417-093f-4bc9-9783-796589e45f4d) on connection to 'host: "%hash%.a.ecaserver.eset.com" port: 443'

Now seeing HTTP 504 (Gateway Timeout) messages! Error: Replication connection problem: Received http2 header with status: 504 (code: 1) for request Era.Common.Services.Replication.CheckReplicationConsistencyRequest

All our clients last connected to the cloud console nearly an hour ago. The Agent status log says this: Error: Replication connection problem: Stream removed (code: 2) for request Era.Common.Services.Replication.CheckReplicationConsistencyRequest Error: Replication connection problem: Response for request of type DeviceSessionTokenRequest (request id: 99) was not received in time Are you having an outage?

Issue not resolved!

All our servers and clients are failing to update via ESMC. The ESMC logs are displaying a lot of HTTP 401 and HTTP 502 errors, but only since around 13:00 today. Is this a global issue that you're aware of? ESMC has been rebooted and the proxy cache cleared but to no avail. 10.1.1.51 - - [14/Oct/2019:16:00:24 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:24 +0100] "HEAD hxxp://um09.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:24 +0100] "HEAD hxxp://um11.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)" 10.1.1.85 - - [14/Oct/2019:16:00:25 +0100] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - "-" "-" 10.1.1.51 - - [14/Oct/2019:16:00:25 +0100] "HEAD hxxp://91.228.166.13/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:26 +0100] "HEAD hxxp://um02.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:27 +0100] "HEAD hxxp://um07.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 401 - "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:28 +0100] "GET hxxp://um07.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 487 "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:30 +0100] "GET hxxp://um07.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 487 "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:31 +0100] "HEAD hxxp://um05.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:31 +0100] "HEAD hxxp://38.90.226.39/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:33 +0100] "HEAD hxxp://um03.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)"

I just noticed these entries in the error_log on the ESMC Virtual Appliance. Could this be the problem? [Thu May 09 10:21:02.646568 2019] [access_compat:error] [pid 4373:tid 139798693996288] [client 10.1.1.76:3148] AH01797: client denied by server configuration: proxy:http:/repository.eset.com/v1/com/eset/apps/business/eea/windows/metadata3 [Thu May 09 10:28:07.070201 2019] [access_compat:error] [pid 4373:tid 139798954215168] [client 10.1.1.17:43234] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 10:38:17.186629 2019] [access_compat:error] [pid 4588:tid 139798836672256] [client 10.1.1.17:43748] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 10:48:27.266414 2019] [access_compat:error] [pid 4588:tid 139798777923328] [client 10.1.1.17:44598] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 10:58:37.538603 2019] [access_compat:error] [pid 4373:tid 139798794708736] [client 10.1.1.17:45206] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:08:47.586300 2019] [access_compat:error] [pid 4372:tid 139798945822464] [client 10.1.1.17:46088] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:18:57.845311 2019] [access_compat:error] [pid 4374:tid 139798962607872] [client 10.1.1.17:46702] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:29:07.926779 2019] [access_compat:error] [pid 4374:tid 139798777923328] [client 10.1.1.17:47540] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:39:08.306905 2019] [access_compat:error] [pid 4374:tid 139798719174400] [client 10.1.1.17:48080] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:49:18.604284 2019] [access_compat:error] [pid 4588:tid 139798929037056] [client 10.1.1.17:48882] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:59:28.867581 2019] [access_compat:error] [pid 4588:tid 139798836672256] [client 10.1.1.17:49616] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 12:09:29.567019 2019] [access_compat:error] [pid 4588:tid 139798735959808] [client 10.1.1.17:50608] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 12:19:32.004482 2019] [access_compat:error] [pid 4373:tid 139798761137920] [client 10.1.1.17:51794] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 12:23:40.539484 2019] [access_compat:error] [pid 4372:tid 139798920644352] [client 10.1.1.2:13054] AH01797: client denied by server configuration: proxy:http:/repository.eset.com/v1/com/eset/apps/business/ems/exchange/metadata3 [Thu May 09 12:29:33.354294 2019] [access_compat:error] [pid 4373:tid 139798937429760] [client 10.1.1.17:52960] AH01797: client denied by server configuration: proxy:hxxp:///

In ESMC v7; clicking OK despite the error works fine though, and reopening the condition to edit it shows the expression with no error, until the box is cleared and the text re-entered. Also, focusing on another field does not update the field's error state.

The message disappears when I check for an update manually (as it has already done), so doing what you've suggested isn't going to work. Any suggestions?

Did you read the entire post or just the reference I made to EDTD? This is nothing to do with EDTD, I don't even see it in the UI!

What does this mean? The last update was successful and the event log says nothing about there being a problem with the last check. This is also happening for a handful of our Endpoint Antivirus clients and File Security servers. Is this EDTD all over again?

I am creating a rule in EMSX 7 with the condition type "Message headers" and operation "Contains / contains one of" but, where I would expect to see the option to add multiple headers, instead I am being asked for the parameter as a single text entry box. Surely I should have the option of adding multiple headers especially given the fact I have selected "Contains / contains one of"?

I have now removed the EMSX policy altogether, sent a wake-up call to EMSX to unassign the policy settings, reset EVERYTHING within advanced settings to defaults and created a brand new policy manually with a very minimal configuration. Greylisted is now disabled (as per the defaults) but I have enabled the temporary rejection of unclassified email and also the option whereby rejected emails are sent to ESET for further analysis. The results now are similar to before but with a difference, as follows: 03/04/2019 09:20:10 54.240.10.218 a10-218.smtp-out.amazonses.com <MAIL_FROM> <MAIL_TO> Your Kitchen camera saw someone. antispam deferred for 12 minutes Mail was reclassified to OK by whitelisted IP (54.240.10.218) How has EMSX determined the IP address is whitelisted? If the IP really is whitelisted, why has EMSX reclassified it to "OK" and rejected it despite being whitelisted? What does "OK" even mean?

I have had to add various RBLs to EMSX (suggested by ESET Support) since it is unable to handle spam correctly having had numerous spam emails recently make it through and into mailboxes. Since adding the RBLs, spam is no longer a problem. However, false positives do occur, but even though the IP address is listed on an RBL, EMSX is then reclassifying it to OK, as follows: IP (87.253.233.130) listed on RBL service (bl.spamcop.net:127.0.0.2), Mail was reclassified to OK by whitelisted IP (87.253.233.130) Even though EMSX claims the email is now OK and no longer SPAM, the email is still being quarantined as SPAM! But why?

When adding a Server Scan client task via ESMC for EMSX 7, there's the option for "Scan targets" but no option for "Scan time limit" so when the task runs it's scanning every message regardless of age. When running an on-demand mailbox database scan or creating a scheduled task, both via EMSX, in all instances I am prompted for the scan time limit. Also, this section is displayed in ESMC but not in EMSX. Should it be?

When configuring any clients or servers using a policy via ESMC, there is no option for "Scan targets". On the client or server however, there is an option "Scan targets" under "Malware scans" and the option is greyed out with a padlock icon next to it (which pops up a tooltip saying "read-only value"). There's an option to "View" and upon clicking it, the list of drives and operating memory appear, all of which are editable but upon clicking "OK" after making changes and "OK" again to close the advanced options, going back into the advanced options and viewing the scan targets shows no targets selected.

This does not explain why it's been working for everyone, licensed or not, and then all of a sudden only a handful of clients reported a problem as ours did. I could not be bothered wasting time trying to work out why it's suddenly started happening so I disabled the option company-wide. That said, for whatever reason ESET has decided to be as unhelpful as possible when it comes to highlighting what requires an extra license, as the "i" icon currently says: "ESET Dynamic Threat Defense provides another layer of security by utilizing cloud-based technology to analyze and detect new, never-seen type of threats." Surely something like "requires valid license for ESET Dynamic Threat Defense" would be more helpful, no?

I don't know why there isn't an option to refer to X list. Seems a bit backwards that I have to duplicate information and then maintain that duplicated information because ESET has a badly designed rule system. As for the header, I have checked a number of different whitelisted emails (as in whitelisted for different reasons) but they all have the X-ESET-AS header and every email so far says "OP=CALC". What does that mean? This is really frustrating. Does ESET not have a list of headers and what they mean? As for the missing conditions (i.e. referring to pre-populated lists), is this something that can be added as an option please? I'm only having to add rules because the ESMX is letting through actual spam!!!

Alternatively, in what order are the rules executed, before the anti-spam engine or after? If the rules are executed before, can I change this to after? If they're already executed after the anti-spam engine, does the engine write a header to emails that are on an approved/ignored/blocked list? If so, I could add a condition saying if that rule exists, don't run the rule. Problem solved. I noticed this morning an email which is on the approved/ignored list has the "X-ESET-AS" header, compared to another email that does not feature on any list which does not have this header. What is the "X-ESET-AS" header?

Some domains that have been approved or ignored have *A LOT* of IP addresses/ranges. How can I be expected to copy every IP address/range into every single rule and also maintain those IP addresses/ranges. That's a really daft approach. It sounds like the rule system is flawed. Those lists are just lists; the anti-spam engine only uses them, but they're still independent from the anti-spam engine. So surely the rules should have no problem is some how hooking into them?