[OSX Approved Eset Kernel Extensions]

I am working on setting a policy via my MDM for OSX devices that have been upgraded to 10.13 or higher (Per https://support.eset.com/kb6512/). Is it possible to pre-approve the Eset Kernel Extension prior to pushing out the Endpoint software. More specifically what is the value for AllowedKernelExtensions that needs to be added? I'm trying to prevent issues with installing Endpoint that did not exist previously and getting errors for approval.

[Block File Type in particular local folder]

9 hours ago, Marcos said:

Do you want to protect files with certain extension in a particular folder and prevent them from being deleted?

No. I want delete a particular file type in a defined folder.

[Block File Type in particular local folder]

After some testing. it doesn't appear it will work. It blocks the files from executing, but I need something to delete existing files in the folder.

[Block File Type in particular local folder]

56 minutes ago, Marcos said:

You could use HIPS to block files with certain extensions in a particular folder. However, HIPS doesn't currently support detection of file types other than by their extension.

I can work with that. I will have to do some testing. Thanks.

[Block File Type in particular local folder]

Is it possible to block a file type in a specific folder. I don't want a system wide block just to designated local folder.

[Unable to get new Dynamic group to show clients]

It is working. I did not realize the clients had to re-check in for the group to update. i thought it wold pull from existing data on the server. It seems to be working now.

[Unable to get new Dynamic group to show clients]

I am in the process of migrating my clients from version 5.0 to version 7. I am installing the Version 7 agent first, then when they connect, they will show they have Endpoint Version 5.0 installed. I will then start to upgrade those clients endpoint software in batches. I created a new template that was fairly simple, Application Name -> Prefix with ESET and Application Version  -> Prefix 5.0. I then created a new group and used that new template, but it does not show the clients in the list with version 5 installed. Am I missing something?

[V5 to V7 upgrade not activating]

I am now working with support on this issue. It seems we had a policy that enabled Proxy communication which does not work with activation. Turning off Proxy option allows machine to activate. Unable to get proxy setting turned off remotely, but still working to see if that can be rectified.

[V5 to V7 upgrade not activating]

3 hours ago, Marcos said:

52 minutes ago, Marcos said:

There's only one "client hello" in the pcap log for SSL communication with 10.1.10.121 which is your proxy. If SSL inspection is performed by the proxy, you will need to set up an exception for communication with ESET licensing servers. For a list of addresses, please visit  https://support.eset.com/kb332/.

You mentioned that activation works after uninstalling Endpoint and installing it from scratch. Couldn't it be because you didn't configure the proxy then and Endpoint connected directly to the activation servers?

I already have those addresses allowed. I believe the same policy is applied for a fresh install. It is a packaged setup with our configuration bundled.  

[V5 to V7 upgrade not activating]

1 hour ago, Marcos said:

You wrote " On one of the machines, I manually removed the Endpoint software and did manual install and it worked. "

Does activation also work if you don't uninstall Endpoint first and try to activate it via gui -> Help and support -> Change license? If that fails, enable advanced network protection and advanced licensing logging in the advanced setup -> tools -> diagnostics -> advanced logging, try to activate the product, disable logging, collect logs with ESET Log Collector (https://support.eset.com/kb3466/) and post the generated archive here.

 

ees_logs.zip

[V5 to V7 upgrade not activating]

There is an error code of ECP.20006 which just says to contact support. 

[V5 to V7 upgrade not activating]

I have thousands of machines running version 5 (mostly version 5.0.2254). I have a new server running ESET Management Center latest version. I am pushing out management agent upgrades from the server to get machines communicating, then I initiate Endpoint upgrades form there. The clients are upgrading, however they are not activating. I try to push activation but it fails. It shows red and has an alert that says ESET Security Product is not activated and your computer is not protected.  When I view the Prodcuts installed, it shows ESET Management Agent 7.0.577.0 Up-to-date version and ESET Endpoint Security 7.1.2053.0 Up-to-date Version. On one of the machines, I manually removed the Endpoint software and did manual install and it worked. I don't want to have to do that for 3000+ devices. Any help is appreciated

[Trouble deploying ESET Remote Administrator Virtual Appliance in Hyper-V]

It looks like it may be a time sync issue. Verify your time and date on the VM are correct and synched with Domain controller. If not, you may need to turn of integrated time synchronization on the VM and then update your time and date with your DC. Anything more than 5 minutes off in an Active Directory environment will cause all kinds of problems. In Hyper-V 2012, open the settings for the VM and then select Integration services under Management on the left and then uncheck Time synchronization on the right and apply the changes. Not sure if it will require a reboot of the VM. Also not sure where the setting is in ESX.

[Possible ERA Agent Bug?]

It looks like there is a newer version. I am going to try to upgrade and see if that helps.

[Possible ERA Agent Bug?]

The ESET Remote Administration Server version is 6.1.365.0. What I discovered is that my client machine was running slow, even after reboots. After extensive troubleshooting, I found the hard disk activity was pegged at 100% utilization and the culprit was the client ERA Agent. When I would suspend the ERAAgent.exe service, my disk activity would drop. After turning the service back on, it would spike and stay at 100%. I decided to check on the ERA Server and found that for some reason the server was not responding on the network. A reboot of the server brought it back online and after a few minutes, the client was happy and disk activity normal. My issue, at this point, is not the server lock up, but that if the server is not available the client agent will hijack my machine. The speed of my machine was so slow it was unusable. Looking to see if there are any options that can be disabled/enabled that could be possibly causing this or if it by design, like most of the new settings that break things.

[Client Software Install task]

Can I re-use a software install task to push the Endpoint security to a new client? If I edit an existing one and just change the target, will it install to the new targets or do I need to create a new task each time I want to push install?

 

Thanks.

[Computer Status in ERA6 Console]

How long will it take for the status to update in the console for clients once I apply the Remote Admin Agent Policy?

[Computer Status in ERA6 Console]

I see now. I did not have a Remote Agent Policy, just a security policy. I will work on that now. Still getting used to the new ERA6. Thanks for the assistance.

[Computer Status in ERA6 Console]

I do not see advanced settings when I edit the client policy.

[Computer Status in ERA6 Console]

Is there a way to adjust the status warning that show in the Remote Administrator Console? I have some devices with error statuses and when I click on details it is telling me that Windows Firewall is not enabled. I have some servers with errors  Detection of Potentially unwanted applications is not configured. I checked the policies to verify that these messages are not displayed under the User Interface - Application statuses, but they still who in the consoles. Any info is appreciated.