Jump to content

Anto33

Members
  • Posts

    25
  • Joined

  • Last visited

Posts posted by Anto33

  1. Hi,

     

    I would like to know if anyone here had this problem.  We have a policy that ask the clients to do a full system scan every wednesday at 12:00PM.

     

    The problem is that the scheduler task summary display that this task will be run at 00:28:16...  This is very strange...

     

    Since it was time related, i logged on ssh to the server and saw that there was a time problem and also that no NTPD service was running... i was hoping that an appliance would have this built-in... no ?

     

    I corrected the time problem by installing a NTPD service and configuring it.

     

    Unfortunately, the problem in the policy is still showing...

     

    If you set the scheduler policy to run a scan at 12:00PM it will say that it will run it at 00:28:16

     

    Any idea how to fix this ?

    post-0-0-12673300-1429017998_thumb.png

    post-0-0-64060800-1429017998_thumb.png

    post-0-0-06681200-1429017999_thumb.png

    post-0-0-32797800-1429017999_thumb.png

  2. If ERAS6 is using proxy config, name resolution will be made trough proxy or will be by Windows DNS Client on this server? Because nslookup is ok but there is no computer name next to IP.

     

    It seems that that ERA Agent installed on the workstation needs to be able to get a reverse lookup entry from the DNS and then he will pass this information to the ERA server.  But once it is registered to the ERA server if the workstation wasnt able to get a reverse lookup from the DNS you won't see anything else than the IP on the ERA console.  it is impossible to refresh the hostname for the moment... you would need to reinstall the local ERA agent and redo the registration process to the ERA server ( Be sure to check that your workstation is able to get the reverse lookup from himself before reinstalling everything ).

  3. Is there any way to get the ERA server to update this information ? We have enabled the reverse lookup on our DNS servers but the workstations that were registered to ERA before the reverse lookup was enabled don't display their workstation name.

     

    Is there a way to ask for a refresh of this information ??

  4. This might be related to the same subject...

    I would like to know why some workstation do not have a resolved DNS name in the list ???

    post-6605-0-38082200-1426087910_thumb.jpg

     

    Even if the information is available in the  details ( Win7-Lab2 )

    post-6605-0-07304300-1426087910_thumb.jpg

  5. I don't know if this is a coincidence but with this msi parameter, my product never gets activated by the ERA agent.  i've waited 2 hours without rebooting... then i tried rebooting if it would change anything... but its not getting activated.

     

    I have a general policy that activate all the products that connects to the ERA server...

     

     

    I have run 3-4 more simulations and the product did activate. so you may forget about this previous message.  :)

  6. That is exactly how we scripted the Zenworks installation

    1st step : Install the ERA Agent on the workstation with the certificates provided by the batchfile

    - Copy the files locally on the workstation ( modified version of the provided script because we don't want every workstation to go get the agent online )

      ( set url=hxxp://repository.eset.com/v1/com/eset/apps/business/era/agent/v6/6.1.365.0/Agent_x86.msi ) = We don't want this

    - Copy the files ( era.ca.der.b64 and era.peer.pfx.b64 on a temp folder )

    - Run this command : msiexec.exe /qr /i Agent_x86.msi /l*v %temp%\ra-agent-install.log ALLUSERS=1 REBOOT=ReallySuppress P_CONNECTION_CHOSEN=Host P_HOSTNAME=10.148.XX.XX P_PORT=2222 P_CERT_PATH=C:\tempfolder\ESET\era.peer.pfx.b64 P_CERT_PASSWORD="" P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES P_CERT_AUTH_PATH=C:\tempfolder\ESET\era.ca.der.b64

     

    2nd Step :

    After the ERA agent is installed, we launch the MSI installer of the ESET Endpoint Antivirus.

  7. The problem we have is that there is a delay before the policies are applied to the workstation...

     

    We use Novell Zenworks to deploy the ESET End Point Antivirus msi installer silently but when the setup is complete a popup is displayed on the current user session asking for a serial key to activate.

    Note that only 3-5 minutes after, the Antivirus is activated automatically with the help of the ERA agent installed on the workstation.

     

    Can we have a msi parameter that we can add to skip activation and wait for the ERA Agent to do his job ?

     

    something like this :  msiexec.exe /i eea_nt32_frc.msi /qn SkipStartupActivation=1

     

    This was for the new installations.

     

    Now for the upgraded installations :

    We would also like to tweak the upgrade process from 5.X to 6.X.

     

    When we use Zenworks to deploy the new version 6.X (msi) on the workstations that already have the 5.X version.

    The problem is that we would like to be able to deploy a configured solution.  For the moment, we deploy the 6.X and there is a time-laps of about 30 minutes before the 6.X policies are applied.

    As a result the 6.X have the old policies from the 5.X for a moment and some of them are not compatible.

     

    Any idea ?

  8. Hi Marcos,

     

    Can you explain in details the process of creating a dual profile configuration ?

     

    I don't have any wizard asking me for a primary or secondary profile...  ( Note that i use the appliance... maybe no wizard in the appliance ERA 6 )

     

    I can confirm that i can create multiples update profiles but how to determine which one is the primary and which one is the secondary ???

     

    Here's what we want to do...

     

    - Create a primary profile that will use the Appliance HTTP proxy to get the updates for the users inside our network.

    - Create a secondary profile that will get the updates through internet bypassing the proxy because it won't be available when the users are out of the office with their laptops.

     

    Thank you.

  9. Msi packages cannot be pre-configured. Simply deploy the agent on clients and use a policy for the "Lost and found group" or for the dynamic group Not activated security products that will be applied as soon as the clients appear in the appropriate group.

     

    Is there a command-line command that can be used to import an XML file post installation ?

     

    We could use this method to reduce the delay before the AV gets configured.

     

    Thank you Marcos !

  10. Hi,

     

    I am looking for a way to deploy ESET Endpoint Antivirus 6.X preconfigured with the ERA Agent.

     

    We use Novell Zenworks to deploy our bundles.

     

    For the 5.X version, we are able to create preconfigured msi installers and then use these for deployments.

     

    For the moment, i am able to install the ERA Agent with Zenworks using the batch file that was generated with the ERA 6 Appliance.

     

    Is this a downside of using the appliance ?

     

    Is this feature of creating customized msi still available with the Windows Server version ?

     

    Thank you :)

  11. Anyone ? for the 2nd concern of my topic ? DUAL Profile ?

     

    There was documentations for the 4.X and 5.X versions. I am unable to find something like this for the 6.X version.

     

    The purpose of this DUAL profile setup is for our laptop users that are not always inside our offices.  So they need to be able to get the definitions another way...

     

    Anyone have been able to this ?

  12. Hi,

     

    Just letting you know guys that i have been able to test 2 ways of getting the updates to our workstation without always going over the internet.

     

    1st way ( Thanks to Phydeauxdawg ) :

    -Open ports and allow them to pass throught the firewall run the following commands :

    iptables -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
    iptables -A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --dport 3128 -j ACCEPT

    service iptables save

     

    EDIT: i don't know why but i think eset has a script overwriting all the iptable information at boot located in /root/firewall.sh so if you put the following entries in this script it will work even after a reboot is performed :

    iptables -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
    iptables -A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --dport 3128 -j ACCEPT

     

     

    - Now that the changed are made to the iptables file you have to restart the service and save the settings in case of a reboot :

    service iptables restart

     

     

    - Now we have to start the apache service and make sure it starts when you reboot the server.

    1- start the service

    /opt/apache/bin/apachectl start

    2- Create an entry in /etc/init.d/ for the startup :

     

    touch /etc/init.d/apache2

    chmod 755 /etc/init.d/apache2

    vi /etc/init.d/apache2 (what to add is below this section)

    chkconfig --add apache2

    chkconfig --list apache2

     

    Here's the content on the apache2 file that you need to add :

    #!/bin/bash
    #
    # apache2        Startup script for the Apache HTTP Server
    #
    # chkconfig: 3 85 15
    # description: Apache is a World Wide Web server.  It is used to serve \
    #              HTML files and CGI.
    
     /opt/apache/bin/apachectl $@
    

    This was for the server part.

     

    - For the workstation configuration, you have to go to Advanced Configuration -> Update -> HTTP Proxy

    You also need to enter your proxy address and port ( no need for password unless to have enabled auth for you apache server )

     

    - 2nd way to limit internet traffic is with the mirror option.

    On the host that will hold the latest virus definitions ( Install a Endpoint Antivirus or Security product ) :

    Advanced Configuration -> Update -> Mirror

    Enable update mirror

    You can leave the default folder for the definition files and you can set a password if you want to.

     

    - In the HTTP server section below, you can choose a port for your mirror server ( i used the default port 2221 )

     

    - On the workstation ( with policies or manually, you have to configure the update server )

    Advanced Configuration -> Update -> General

    Update server :  hxxp://SERVERNAME:2221( Or the port that you specified )

     

    In the Update from mirror section :

    Enter the credentials that you specified on the host that hold the latest virus definitions.

     

    This covers most of the steps i used to get this working.

     

    Hope it helps !

  13. All I did was run "/opt/apache/bin/apachectl start"  I then checked the log files in the same location and it shows a lot of accesses from client computers for update checks as well as software upgrades (I pushed out a client upgrade).  Watching my webfilter traffic shows that there is a great reduction in the number of clients accessing eset.com.  It isn't easy to discern if all traffic had stopped as some use IP addresses instead of *.eset.com.  No idea why, must be random from the client end.

    We still need someone from ESET to create this KB article on this to determine if it's the best practice.  I haven't had time yet but from past experiences it's not difficult to create this as a "service" so it can be started on boot.

     

    Thank you Phydeauxdawg.

     

    Do you have a couple of screenshots or a couple steps to be able to get this to work... i don't really know where to start...

     

    I started the apache server on the appliance... opened the ports... but what else ?

     

    We probably need some configuration to ask the server to get the updates right ?

     

    And for the configuration of the clients ?  Where have you set the server to be used ?

     

    In mandatory section ?

  14. From what i can see in the following docs : hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3589

    ->

    Apache HTTP Proxy: This will install the Apache HTTP Proxy service, which caches and distributes updates and installation packages to client computers on your network (similar to the mirror in ESET Remote Administrator 5.x).

     

    So this feature is actually existing but for the users who install the Windows version.  Am i correct ?

    This mean that the actual appliance is not as "complete" as the Windows ERA Version which allows us to install Apache HTTP Proxy??

  15. Thank you for these articles.

     

    Can you let me know if there is a Linux (CENTOS) procedure for this Apache Proxy.

    I would like to be able to regroup everything on the ERA 6 Appliance if possible...

     

    If i understand the current method told in these documents, we need a 2nd machine running this Apache and it needs to be a Windows OS.

  16. Is there a link somewhere or a PDF documentation where i can find how to do what you are telling me ?

     

    If i understand you correctly.

     

    - I need to have a workstation running ESET EndPoint Antivirus 6 that gets the latest definition online. ( Can it be installed on the server appliance itself ?)

    - Find a way with some scheduled task to upload the virus definitions to the ERA server.

    - Install and configure Apache on the ERA server appliance manually.

    - Allow the port 2221 throught the firewall.

    - With a policy, set the update server to hxxp://SERVERNAME:2221on the client workstations

     

     

    Is there a reason why this have been complexified ?  This seems very unlikely that a respectable Antivirus Server is unable to update his own clients...  Why would he need to rely on an external ESET product ? What if the link between these two is severed... no more updates...

     

    We then need some kind of surveillance that will tells us if the definition are still being downloaded and transfered to the ERA6 server.

     

    Thank you.

     

    :(

  17. We are currently in the process of upgrading to ERA 6 but we are struggling to find a way to make the update process as it was before.

     

    Like this :

    hxxp://SERVERNAME:2221

     

    Unfortunately the current documentation lack of information about how to proceed.

     

    We don't want every workstation in our network to update from the internet as it would add additionnal bandwidth usage.

     

    We have been going around every aspect of the ERA 6 web page trying to find a way to enable this feature without success.  Can anyone here help us with this ?

     

    Another thing that we were using with Eset NOD 5.X was the dual update profile.

     

    We used this for our laptop users.  When they were in our network NOD would use the ERA server to update ( hxxp://SERVER:2221)but when they are out of our network, it would switch to online eset server update method.

     

    Again, i am unable to find documentation for this that was present for the 4.X or 5.X versions.

     

     

×
×
  • Create New...