tomha

The file is part of an old version of Intel Active System Console. It has been there for years and never has been detected by FileSecurity 4.5. Here is the excerpt of the Log: <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Zeit">07.12.2015 19:23:06</COLUMN> <COLUMN NAME="Prüfung">Echtzeit-Dateischutz</COLUMN> <COLUMN NAME="Objekttyp">Datei</COLUMN> <COLUMN NAME="Objekt">C:\Program Files (x86)\Intel\ASC\bin\PROCESS.EXE</COLUMN> <COLUMN NAME="Bedrohung">Win32/PrcView potenziell unsichere Anwendung</COLUMN> <COLUMN NAME="Aktion"></COLUMN> <COLUMN NAME="Benutzer">xxxxxxxx</COLUMN> <COLUMN NAME="Informationen">Ereignis aufgetreten beim Versuch, die Datei zu öffnen durch die Anwendung: C:\Windows\explorer.exe.</COLUMN> </RECORD> </LOG> </ESET> We would like to keep this file in place and set FileSecurity to ignore this file, but that does not work.

Eset FileSecurity V6.2.1.2007.1 detects a suspicious file. When asked for action on this file, i select to ignore this file and select no action. But the file is shown as potentially unsafe again and the checkbox to ignore the file is unchecked again. How to exclude a potential unsafe file when it is a false alarm?

Thanks for your Reply. The client i wanted to install FileSecurity is not in the same network or domain as the ERA Server. I tried to install FS via WAN. So the Agent should start the download of the FS installer file and start the installation after downloading. Since the http download is initiated by the agent their should not exist any blocking from the firewall. The Agent got the installation Task from the ERA Server but did not seem to download the FileSecurity.msi. After speaking with local Eset support the culprit was agent service running under Local System account. After changing the service credentials to a Domain Admin Account the installation was successful. Unfortunately i install the ERA Agent via Labtech Agent, deploying and executing the EraAgentInstaller.bat which seems to install the Agent Service under the Local System Account.

I tried to initiate a remote install of FileSecurity 6 using ERA 6. The Client(Server 2012 R2) is communicating with the ERA Server without any problems. When i try to push FileSecurity 6 to the client the task fails. The error message is:Task error - Try to install the software manually ( I translated from German) On the clients the trace log the error is: Software installation failed: GetFile: Error reading HTTP response (0x4e2a) Any Hints?

The db backuo is on your ftp server. There was no manipulation of the database. At the time the error occured i had to do some heavy servicing of the server. Its a Windows Server 2012 R2 and due to installation of other software i had to uninstall Parallels Plesk, DotNet, IIS and IIS configuration was reset to default. Accidently i uninstalled the Servers GUI and ended up with Server 2012 Core Installation. I reinstalled the GUI, ASP.NET, DotNet and IIS. Plesk was not reinstalled,. because it is not needed. The Database was not touched intentionally. Best Regards

Server log: 2015-09-13 07:08:54 Error: CReplicationModule [Thread 1180]: CStepTx: Data processing failed with: Object 8fdeca83-1041-4730-a096-02fb2fda6c71 was not found (LoadComputer: Computer does not exist) 2015-09-13 07:08:54 Error: CReplicationModule [Thread 1180]: CStepTx: Received unexpected message of type 205 (step: 'MetadataStaticObjects', phase: Failed) 2015-09-13 07:08:54 Error: CReplicationModule [Thread 1180]: CStepProcessor: Replication slave failed to process network message of type 205 with: CStepTx: Received unexpected message or step is not in expected state (phase) 2015-09-13 07:09:14 Error: CReplicationModule [Thread 1180]: CStepTx: Data processing failed with: Object 8fdeca83-1041-4730-a096-02fb2fda6c71 was not found (LoadComputer: Computer does not exist) 2015-09-13 07:09:14 Error: CReplicationModule [Thread 1180]: CStepTx: Received unexpected message of type 205 (step: 'MetadataStaticObjects', phase: Failed) 2015-09-13 07:09:14 Error: CReplicationModule [Thread 1180]: CStepProcessor: Replication slave failed to process network message of type 205 with: CStepTx: Received unexpected message or step is not in expected state (phase) 2015-09-13 07:09:34 Error: CReplicationModule [Thread 1180]: CStepTx: Data processing failed with: Object 8fdeca83-1041-4730-a096-02fb2fda6c71 was not found (LoadComputer: Computer does not exist) 2015-09-13 07:09:34 Error: CReplicationModule [Thread 1180]: CStepTx: Received unexpected message of type 205 (step: 'MetadataStaticObjects', phase: Failed) 2015-09-13 07:09:34 Error: CReplicationModule [Thread 1180]: CStepProcessor: Replication slave failed to process network message of type 205 with: CStepTx: Received unexpected message or step is not in expected state (phase) 2015-09-13 07:09:54 Error: CReplicationModule [Thread 1180]: CStepTx: Data processing failed with: Object 8fdeca83-1041-4730-a096-02fb2fda6c71 was not found (LoadComputer: Computer does not exist) 2015-09-13 07:09:54 Error: CReplicationModule [Thread 1180]: CStepTx: Received unexpected message of type 205 (step: 'MetadataStaticObjects', phase: Failed) 2015-09-13 07:09:54 Error: CReplicationModule [Thread 1180]: CStepProcessor: Replication slave failed to process network message of type 205 with: CStepTx: Received unexpected message or step is not in expected state (phase) 2015-09-13 07:10:14 Error: CReplicationModule [Thread 1180]: CStepTx: Data processing failed with: Object 8fdeca83-1041-4730-a096-02fb2fda6c71 was not found (LoadComputer: Computer does not exist) 2015-09-13 07:10:14 Error: CReplicationModule [Thread 1180]: CStepTx: Received unexpected message of type 205 (step: 'MetadataStaticObjects', phase: Failed) 2015-09-13 07:10:14 Error: CReplicationModule [Thread 1180]: CStepProcessor: Replication slave failed to process network message of type 205 with: CStepTx: Received unexpected message or step is not in expected state (phase) 2015-09-13 07:10:34 Error: CReplicationModule [Thread 1180]: CStepTx: Data processing failed with: Object 8fdeca83-1041-4730-a096-02fb2fda6c71 was not found (LoadComputer: Computer does not exist) 2015-09-13 07:10:34 Error: CReplicationModule [Thread 1180]: CStepTx: Received unexpected message of type 205 (step: 'MetadataStaticObjects', phase: Failed) 2015-09-13 07:10:34 Error: CReplicationModule [Thread 1180]: CStepProcessor: Replication slave failed to process network message of type 205 with: CStepTx: Received unexpected message or step is not in expected state (phase) 2015-09-13 07:10:54 Error: CReplicationModule [Thread 1180]: CStepTx: Data processing failed with: Object 8fdeca83-1041-4730-a096-02fb2fda6c71 was not found (LoadComputer: Computer does not exist) 2015-09-13 07:10:55 Error: CReplicationModule [Thread 1180]: CStepTx: Received unexpected message of type 205 (step: 'MetadataStaticObjects', phase: Failed) 2015-09-13 07:10:55 Error: CReplicationModule [Thread 1180]: CStepProcessor: Replication slave failed to process network message of type 205 with: CStepTx: Received unexpected message or step is not in expected state (phase) These Errors are repeating all the time. It seems the client computers are not recognized anymore

All prior working clients cannot connect to the ERA Server anymore. The status log displays under Last replication: Error: CStepProcessor: Replication slave stopped replication during initialization Excerpt from the Agents trace log: 2015-09-13 07:39:31 Information: Kernel [Thread 1718]: Used memory after modules start-up is 19456 KB 2015-09-13 07:39:31 Error: CEssConnectorModule [Thread 1378]: Starting of HIPS failed because of exception: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges. 2015-09-13 07:39:31 Error: CEssConnectorModule [Thread e50]: CNodcommChannel: ESERVER_BROADCAST size is bigger than available broadcast 2015-09-13 07:39:31 Error: CReplicationModule [Thread 146c]: CStepProcessor: Replication slave stopped replication during initialization 2015-09-13 07:39:31 Error: CReplicationModule [Thread 146c]: CReplicationManager: Failure of scenario (type=Regular, task_id='00000000-0000-0000-7005-000000000001', link='Automatic replication (REGULAR)' (00000000-0000-0000-7007-000000000001), current_step= [], current_step_phase=, remote_peer=host: "localhost" port: 2222, remote_peer_type=3, remote_peer_id=21df66e3-ec38-4147-b3ce-8edb341f8333, remote_realm_id=) 2015-09-13 07:40:31 Error: CReplicationModule [Thread 146c]: CStepProcessor: Replication slave stopped replication during initialization 2015-09-13 07:40:31 Error: CReplicationModule [Thread 146c]: CReplicationManager: Failure of scenario (type=Regular, task_id='00000000-0000-0000-7005-000000000001', link='Automatic replication (REGULAR)' (00000000-0000-0000-7007-000000000001), current_step= [], current_step_phase=, remote_peer=host: "localhost" port: 2222, remote_peer_type=3, remote_peer_id=21df66e3-ec38-4147-b3ce-8edb341f8333, remote_realm_id=) This problem exists on all clients in this example the client is the server itself, therefore it is connectimg to localhost. The other clients are connecting to the server by its name of course. Any Hints to get the clients connected again.

Update: After upgrade to ERA 6.2 Live Installer works as expected.

Thanks for your help. I looked at the logfile and this section seems to show the problem, but i do not understand the meaning since there is no network password used Then i tried to export the certs and installed the agent manually. This worked and the agent service is running. But it does not connect to the server. The tace.log shows this:

I tried to install ERA 6 Agent to a client using the Live Installer script. The Agent msi file gets downloaded and executed but after the Status message: Setting Server Connection into configuration A Rollback is executed and the ERA Agent does not install. I tried this on different Clients with same result. Any hints, how to troubleshoot this issue Thanks in advance Thomas

@nhesetnod32: There is no option to "run as administrator". EEAV is startet at system start. @marcos: yes we can add a policy for this computer with the needed exclusions an then create a group for this computer. But imagine 100 PC´s with the same exclusions and 10 PC´s which need another special unique exclusion(each different from the others). Our plan was to create one policy for all computers in a single client group and then add the needed exclusions to the 10 clients manually. This was possible with EEAV5 and ERA5. Now we have to create 10 more policies and 10 more client groups for 10 PC´s. That is not a very elegant way.

Some clients with Eset Endpoint AV 6 are managed by ERA 6 an there is a policy with path exclusions for the realtime scanner. The exclusions are set via policy and working as expected. At last we installed new software on one of the clients and wanted to set another path exclusion manually on this single client. But in the endpoint Av Window the option to set path exclusions is greyed out. Is there a way to set path exclusions via policy and set some exclusions on the client manually? Thanks in advance Thomas

Short Update: No freezes so far, after installing MS Hotfix. Protocol filtering is enabled.

I Installed Hotfix KB2664888-v2, restarted the Server and reenabled protocol filtering. Time will tell.

We had no freeze after disabling the protocol filtering. We did this 10 days ago, but had to restart the Server 2 times due to MS Updates. So we cannot confirm that disabling protocol filtering does the trick.

Same problem here on a SBS 2011 which is based on Server 2008R2. No Information from the eventlogs, only some messages from Exchange regarding the DC not responding. In the Eset logs we saw that protocol filtering does not log filtered URLs anymore, when the Server is frozen. We disabled protocol filtering and there was no freeze since. But we have to wait some more time, because the protocol filtering was disabled a week ago and the freezes occured in an interval between 3 Days and 3 Weeks.