j-gray

Members
  • Content count

    167
  • Joined

  • Last visited

  • Days Won

    1

j-gray last won the day on December 1 2017

j-gray had the most liked content!

About j-gray

  • Rank
    N/A

Recent Profile Visitors

857 profile views
  1. Problem is, you need the agent installed before you can manipulate the client. I think you're best bet would be to deploy the agent with Windows Group Policy. Then create a dynamic group where agent is installed but AV is not installed. Install task can then run whenever a client joins that group (dynamically).
  2. Unless you need to provide a report to management --in which case it makes for a confusing and ambiguous report.
  3. OS X clients are running the latest agent and AV. ERA Server is running 6.5.522.0. ERA reports all High Sierra/10.13 clients OS as only, "Mac OS X". All previous clients indicate the actual OS name (e.g. Mac OS X 'Sierra' or Mac OS X 'El Capitan'). Is this a bug or known issue?
  4. Any thoughts on how to resolve this?
  5. Thanks for the reply. Sorry, though; I'm not clear on what needs to be done to resolve this issue. Agents all appear to be connecting to ERA Server. I can't tell which ones specifically are causing the above mentioned errors in the server Event Logs. I can tell you that there are around 500 errors every 24-hours and around 6,000 warnings every 24-hours specific to schannel. All the warnings reference the ERA client certificate. My assumption is that when an agent checks in with the ERA server it throws this error.
  6. I've noticed for some time multiple and frequent schannel errors and warnings on our ERA server (Win2012 R2) that point to the ERA Agent certificate. I'd like to know what the issue is and how to resolve it. I enabled additional logging on the server (even though IIS is not installed) which allowed me to see warnings generated by the clients: Log Name: System Source: Schannel Date: 12/21/2017 10:50:45 AM Event ID: 36877 Task Category: None Level: Warning Keywords: User: NETWORK SERVICE Computer: era server name here Description: The certificate received from the remote client application has not validated correctly. The error code is 0x80090325. The attached data contains the client certificate. The client certificate referenced is the one issued by our ERA server. As far as I can tell, there are no communication errors or issues with the clients otherwise. The other accompanying error on the server is: Log Name: System Source: Schannel Date: 12/21/2017 10:50:45 AM Event ID: 36888 Task Category: None Level: Error Keywords: User: SYSTEM Computer: era server name here Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960. Any information or thoughts on why this is happening and how to resolve it would be appreciated.
  7. Reg. Microsoft SQL Server

    SQL Express installer should be in the folder with the rest of the ESET install packages (e.g. Apache, RDSensor, etc.). If not, you can download the same version (2008 R2 Express SP2) directly from Microsoft. You will most likely want to install SQL Server Management Studio and use it to restore the database.
  8. Big Era MSSQL Database

    Install SQL Server Management Studio either on the server or a workstation, connect to the ERA database and you can shrink the database like any other SQL database ( Tasks > Shrink > database).
  9. Look at your error message. Your syntax is incorrect, so it's going to the default Telnet port 23. Use a space between IP and Port, not a colon. 0.0.0.0 is equivalent to all IPv4 addresses so it's listening as it should be, and on the correct port, 2221. As bbhas suggested, run a port scan to verify that the required port(s) is/are actually open and visible externally.
  10. ESET's support docs (not the greatest) from what I've found show support only up to Server 2012 R2. Is Server 2016 supported on the older v.5 ERA? https://support.eset.com/kb2893/
  11. Future changes to ESET Endpoint programs

    Exactly. Though I view wake-up call more like wake-on-lan, requiring network broadcast, which is not a good practice across multiple subnets. I'm looking for a simple 'send policy' that doesn't require network broadcast. Even if it's a basic command I can run from the client (remotely).
  12. Future changes to ESET Endpoint programs

    Description: Mechanism to force policy refresh on client(s) from ERA console. Detail: There doesn't appear to be a way (that I've found) to force a client to pull a new policy. We either have to wait for the policy refresh interval or create a new policy with a shorter refresh interval and apply it. It would be great to have a right-click option from the ERA console to force an immediate policy refresh.
  13. Future changes to ESET Endpoint programs

    Description: Better method for detecting unmanaged clients Detail: RDS is not a practical solution in environments with multiple LANs, it can't be installed on OS X, and relies on outdated/unsupported software (WinPcap). A simple ping-sweep tool that works across multiple subnets and shows unmanaged clients, or better yet, a dynamic group that does the same so that an agent install task can be run when client joins the group. This would be awesome, especially for OS X where Group Policy automated install is not an option.