Jump to content

tomha

Members
  • Posts

    41
  • Joined

  • Last visited

Everything posted by tomha

  1. Description: Performance exclusion in-path wildcard support Detail: Possibility to use wildcards for performance exclusions in the middle of the given path, not only at the end For example: Exclusion: C:\Users\*\myFolder\* Reason: Software writing to the actual users %appdata% folder is compromised by realtime scanning. Multiple users are alternately working on the computer. So we need to set an exclusion for each users %appdata% path and do so if new users are added (especially problematic in Domain environments). We agree, that such exclusions are potentially unsafe, but to exclude C:\Users\*\myFolder\* is more secure than excluding C:\Users\*, what we have to do now.
  2. You mean for example C:\Users\*\AppData\myFolder\* will work as performance exclusion. I believe to remember, that * in the middle of an exclusion path will not work.
  3. We need a possibility to exclude %appdata% respective a subfolder of %appdata% from realtime scanning for all users eventually using this computer(s). For explanation: A Software running on the computer creates and accesses temporary files in a subfolder of the users %appdata% folder and sometimes crashes when it tries to read or write the temporary files. When i set a realtime scanning exclusion for the actual logged in users %appdata% folder no more crashes occur, so it seems to be a timing issue. The error occurs very rarely(1time a week), but never occured when the logged on users %appdata% was excluded from realtime scan( We did this manually for the specific user). But the computers are in a domain environment and used by different users, so we need to set a exclusion for all domain users %appdata% folder. Any hints?
  4. Problem solved - I once again removed the Agent, rebooted and reinstalled the agent, after some minutes both agents connected to the Server. Status.html did not show any error (all green but no last replication). The trace. log showed the error i pasted in my initial posting.
  5. Two clients stopped connecting to the ESMC Server after upgrading the Agent to V7. I tried to remove the Agent and reinstall but unfortunately there see,s to be no way to get the clients to connect. There is a suspicious entry in the trace.log: 2018-09-01 08:31:03 Information: Kernel [Thread 880]: Initializing module ERAG1ClientConnector 2018-09-01 08:31:03 Information: ERAG1ClientConnector [Thread 880]: <CONNECTOR_MODULE> exception class Era::Connectors::G1ClientConnector::no_installed_product occurred at ProductOfflineConfiguration\WindowsProducts.cpp:56. Product not installed. 2018-09-01 08:31:03 Error: ERAG1ClientConnector [Thread 880]: <CONNECTOR_MODULE> No module is subscribed for message StatusLog_APPLIEDPOLICYPRODUCTS_STATUS (10405) 2018-09-01 08:31:03 Error: ERAG1ClientConnector [Thread 880]: <CONNECTOR_MODULE> Publish msg of type StatusLog_APPLIEDPOLICYPRODUCTS_STATUS failed 2018-09-01 08:31:03 Information: ERAG1ClientConnector [Thread 880]: Connector was deactivated. No tasks will be processed and no logs will be produced.
  6. sorry Marcos, i failed: Component Upgrade Task now works to upgrade Clients agents from 6.5 to 7.0 Congrats to eset for the very fast correction of this issue.
  7. I can confirm, that "ESMC component upgrade task" now, was successful to upgrade a clients Agent from 6.5 to 7.0
  8. @ Marcos: ru sure: "Agent can be upgraded by sending an ESMC component upgrade task to clients. "?? This didn't work on any client at our site. We had to create a "run command" Task to download and upgrade the agents at client side.
  9. @Marveltec: Please specify why a "run command" task mentioned in https://support.eset.com/KB6819/ "III. Agent upgrade using Run Command Client task" does not work.
  10. Yes i already upgraded the agents using "run command" tasks, Just wondering what the ESMC component upgrade task is for?
  11. Steven, i can confirm, that the Eset Plugin for Automate seems to be broken. We also cannot create or edit ERA Policies because the policy editor shows a blank screen. We are on ESMC 7.0.553.0 , Automate 12 Patch 8, Eset Plugin 2.5.2.0 The ERA Plugin logs do not show any relevant entries. We do not use the Automate Plugin often, because we manage our clients via ERA/ESMC, so i cannot tell when it got broken. Regards Thomas
  12. I did an upgrade of my ERA Server to ESMC7 which went flawless. After upgrading i tried to upgrade the agent of the Server itself and a clients agent to V7 using a ESMC Component upgrade Task. The task finished successful but the agent version stayed at 6.5.522.0. A manual execution of the agent installer msi at the server itself installed the V7 Agent. So does anyone know, how to get the ESMC upgrade task working on Client side to upgrade the agents, since updating the agents manually is no option?
  13. The Eset Support Team seems to have fond a glitch with parsing of lnk files. I was told, this problem will be solved by a module update.
  14. @ Peter Thanks for your reply. I ran Procmon while doing a startupscan and it seems ekrn.exe tries to access all entries of the systems path variable wit some "\..\" added and then the "C:\Windows\syswow64\reserver30\" added. - Screenshot attached. No clue why ekrn.exe does this, where it gets the path from and why it seems to find a file under this strange path. As you suggested i opened a ticket at the local Eset support and provided the logs. Regards, Thomas
  15. We´re running Eset FileSecurity for Windows Server 6.5.12010.0 on a SBS 2011 (technically Server2008R2). Our customer is using a software called Remote Administrator 3 to gain remoteaccess to the server. This software is reported as potential unsafe application by eset products, which we were aware of and set up the necessary exclusions. The executable "rserver3.exe" ist installed under "C:\Windows\Syswow64\rserver30\" and the path and the executable are excluded. This exclusions were working without problems for long time, but suddenly we got messages about rserver3.exe as potentially unsafe application again, FS 6.5 shows a strange path for the rserver3.exe like "\D:\AdoMed\Util\n7\..\..\..\..\..\..\Windows\SysWOW64\rserver30\rserver3.exe". The count of "\..\" varies from 5 to 6 and each entry is logged twice. The messages are logged at the startupfile scan. The folder "D:\AdoMed\Util\n7\" exists on the server, but it does not contain any subfolders, symlinks or the rserver3.exe. Does anyone know why Eset FileSecurity mixes up folders in the Servers filesystem and reports not existing files?
  16. Similar problem here. I tried an upgrade task from EAV 6.5 to 6.6 via ERA on a Win10Pro(1703) machine. The task failed several times with error 1921. Then i tried to do the upgrade manually, which failed due to eset service could not be stopped. After the manual installation EAV 6.5 was crippled(not showing up in APPS and Features anymore, left over in the context menu, eset service running, no GUI). I did a manual uninstall of EAV with the uninstall tool in SafeMode. After that i could install EAV 6.6 via ERA. Strange!
  17. When a policy with exclusions(File system paths not to be scanned by the eset security product) is distributed to the clients, with actual ERA/Endpoint Versions it is not possible to use(merge) more than on policiy. We need to create exclusion policies for different computers and software configurations and merge them at client side. For Example: Policy 1 for Server 2008 Policy 2 for Server 2012 Policy 3 for Software ABC Policy 4 for Software DEF now we can combine policy one and 3 for a Server 2008 with Software ABC installed and policy 2 and 3 for a server 2012 running software ABC. If a computer runs software DEF we want to apply policy 4. At the actual ERA/Endpoint builds we have to set all exclusions(Server 2008, Server 2012, ABC, DEF...) in one policy and apply this policy to all clients. Regards Thomas
  18. When willl we be able to merge exclusion policies on Eset Business products via ERA? When willl we be able to set local exclusion beside the exclusions applied via policy? If anyone knows about a release date for this functionality, please let us know. Thanks in advance
  19. I would like to confirm this behaviour. We never put this in relation with Eset security solutions but we can confirm seeing the black screen with mouse cursor only for minutes after logging of from Win 10. The black screen after logoff appeared by random(approx 1 of 5 Loggoffs) on 20 PCs on 4 different Networks of our customers. We never thought it´s related to eset software installed, we thought it´s a win 10 bug. Because this problem was evident when setting up the PCs and was never seen in daily use(Power-On - Logon - Power off) we didn´t investigate further. After reading your post i tried the following: At one customer location i set the exclusion rule at one Computer and tried to log off on this PC and another without the exclusion set for 20 times. The PC with the Exclusion set never showed the black screen after logoff, on the PC without the exclusion the black screen happend 4 times). Congratulations for your findings.
  20. Some of our customers have software installed which is using a postgres database. The software is installed in one single folder. This folder is named by the software vendor and is located in different places at different systems. The foldername and location can be chosen while installing the software. There is a subfolder called "postgresSQL" with another subfolder named like the postgres Version(in our case "8.4"). This folder seems to contain the postgres executable and the data. We set an exclusion for the main folder of the software installation with subdirs(PostgresSQL...) excluded, too. If your using a firewall a tcp port for postgressql should be open. In our case it is the port TCP 5432. Best regards tomha
  21. Same problem here! This behavior should get changed in further releases of Eset Endpoint, Server and ERA products. Sometimes it´s necessary to set a single exclusion on a single client. It would be better to do this on client side, instead of creating a policy for each single exclusion. In fact that policies with exclusions do not get merged on client side, in my opinion, the whole ERA policy design is not optimal to set granular exclusions on different clients. We are managing 17 client locations with one ERA Server and urgently need the functionality to merge different policies containing path exclusions. I´m hopefully to see this functionality in a future release of ESET products.
  22. The ability to assign multiple policies with different exclusions to a client is urgently needed. We need to define a exclusion policy for the server OS, then another with exclusions for installed software. And because there is no possibility to set local exclusions on the client, we need to create another policy to exclude programs installed at one client only. The fact that we have to create a policy with all exclusions for each Server makes dynamic groups useless.
  23. @Luminai: Are you using a passphrase for the certificate? if yes does it include special characters? I had problems installing the Agent vie the EraAgentInstaller.bat when the certificate had a passphrase with special characters set. Is there any log on client side?
×
×
  • Create New...