j-gray
-
Posts
620 -
Joined
-
Last visited
-
Days Won
5
Posts posted by j-gray
-
-
These are all running the latest agent and EP Console is version 9. None of the clients show as having out of date antivirus. They don't seem to acknowledge that version 7.0.7300.0 has been released.
Is this expected behavior, and if not, is there a fix?
-
On 1/21/2022 at 12:03 PM, Marcos said:
Please provide logs collected with ESET Log Collector from such troublesome machine for a start.
@Marcos I was finally able to sit at the workstations and find that the ekrn service does not start due to this error. However, uninstall and repair fail due to access denied with the service. I tried to manually delete the service and get the same.
I've collected logs, but after looking through them, I don't see much useful as far as highlighting the issue.
-
Just to confirm, 1.6.1766.0 seems to have resolved our issue with exclusions being ignored.
Thanks for the heads-up.
-
@Peter Randziak Thanks for posting this. It has resolved our issues with exclusions being ignored.
-
Typically I'll go to the 'Detections' area of the dashboard and will see a bunch of alerts for unresolved threats and detections that I've already excluded. I then open up the specific exclusion and click the 'Update Exclusion' button without making any changes. This will then resolve the new alerts. I have to do this every day or so for multiple exclusions.
To be clear, I am not editing the exclusions at all. I'm simply opening them, and clicking 'Update Exclusion' so that it then goes through and resolves the detected issues.
We rolled this out in early November and three months later, we're still struggling to get it functional.
-
3 hours ago, Peter Randziak said:
This was a quite bad UX bug and I think many users won't be happy if we would keep it there, especially when delivered by automatic upgrade...
This is a perfect example why it should be up to the IT teams to determine whether (and when) an update should be applied.
-
On 1/25/2022 at 2:16 PM, JamesR said:
Hello,
I am working to get someone to reach out to you ASAP on this open case.
@JamesR Hi James, I was contacted on 01/30 to schedule a callback, which never happened. I got notice just now that the case was closed. I have no idea why it was closed, as the issue has not been resolved. Nor was there any warning or reason for closure provided.
Is it possible to get this case re-opened?
Thank you.
-
In EP Console, Windows EEI agent versioning specifies '1.6.1764.0'. However, Windows installed version reflects '1.6.1764' (no .0 at the end).
If you happen to have any dynamic groups or rules that specify agent install version = 1.6.1764.0 they will not work.
-
Just FYI; support was able to reproduce the issue and confirmed that this is a bug.
-
In the EEI console, our estimated DB size is 23GBs. In reality it is over 1TB in size and we're retaining low-level data for only a week and detections for only 2 weeks. Overall we're storing 'most important data'.
The majority of the space is taken up by a single file: loaded_modules.ibd.
This causes the DB to take quite a while to start up after reboots, which in turn causes the EEI server service to hang when starting, waiting for the DB to start up. I've set the EEI server service to 'delayed start', but it's still not a long enough delay.
Of course, the biggest issue is the amount of space taken up. We'd like to have more retention, but can't given this file usage.
Are there any options to get this file to a more manageable size? We do have a case open (# 00260978). But haven't gotten any help in the last 3-4 weeks.
TIA
-
We have a handful of Windows 10 devices where ESET is non-functional due to inability to verify digital signatures. These are all 9.0.2x systems.
These are new installs and they are unable to activate, unable to update. Product is 'installed but not running'. Services do not start due to the errors and all remote tasks fail. I'm also unable to manually repair or uninstall the product due to the same errors.
Typical error:
The ESET Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
These devices get the same Windows and ESET policies as all other Windows devices, so I'm not sure why we're seeing this all of a sudden.
Any help appreciated.
-
@Peter Randziak Thanks for the follow-up. I have around 50 servers with the same version of ESET installed. I have only two file servers and these are the only servers exhibiting these symptoms on a regular basis. They see low resource utilization historically.
I have a feeling the excessive utilization is due to random file scanning during the day, though I still haven't been able to catch it as it's happening.
-
Thanks @MichalJ. I'm not sure the activation is actually failing. At least the upgraded clients don't appear to report any issues in either EEI or EP console.
Per my other post, possibly the failing license check (perseus_unknown 5000) is causing the activation issue?
Incidentally, removing the license from the install task allows it to complete without errors.
What is the impact of installing the product without a license?
-
I'd love to get some assistance with this. I have two cases open for EEI issues and am not getting responses from either.
TIA
-
@MichalJ Thanks for the clarification. Failed tasks all look similar to this:
-
@MichalJ Where do I look for the "trace message"? The client doesn't appear to register any information as the upgrade is actually successful. The issue apparently is that EP reports all tasks as failed.
No issues with Windows upgrades, however.
-
3 hours ago, Peter Randziak said:
@Peter Randziak Hi Peter. No, EEI is deployed on Windows Server. The Windows clients don't report any licensing errors. OS X clients are typically running the latest available versions of agent and AV and don't indicate any licensing errors in the EP Console.
-
I believe I have everything set correctly to send statuses to EP Console. For example, servers are flagged yellow when Windows Updates are needed.
However, for some reason they do not flag yellow when an ESET product is outdated like all other clients do. What setting am I missing?
TIA
-
We have Windows and OS X clients. Windows client installs always complete successfully. When on the previous versions of EEI agent, OS X client new installs always showed Task Failed after a few minutes. Then after 10-15 minutes the client task would finally show Success.
However, now on the latest EEI version (1.6.1764) all OS X tasks show status 'Task Failed'. But looking at the clients, the task has completed successfully and they are running the latest version. The EEI Console and the EP Console show reflect the upgraded version.
It seems there's a bug with the OS X EEI agent install.
-
Looking in the EEI Agent logs, I'm seeing a bunch of the following errors:
Error: License check failed. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_UNKNOWN (5000)
Can anyone shed some light on this error and/or how to fix it?
-
Memory consumption is pretty minimal, staying consistently around between 50-70MB. CPU utilization for ekrn averages around 35%. This is on a 4 proc, 3GHz Windows 2012 R2 server with 4GBs of RAM.
I haven't been able to catch it during high utilization. I get alerts from our monitoring system (Microsoft SCOM) and if I'm in the office at the time, whatever is causing it has cleared and its returned to ~35% utilization.
However, we don't see that high average CPU utilization on any other servers.
-
3 hours ago, Peter Randziak said:
Hello @j-gray,
we will need the logs to be able to check what is going on there.
Does the issue start right after the server reboot, or it takes some time to manifest?
For the start please create the Diagnostic dump (Advanced setup -> Tools -> Diagnostics) when the CPU and RAM usage by ekrn is high, collect the logs by ESET Log Collector, upload it to a safe location and send me the download details via a private message with reference to this forum topic.
I'm sorry to hear of such issues, hopefully we will be able to tackle them together.
Peter
@Peter Randziak Thanks for your reply. I don't have logging far back enough to see how soon it starts after a reboot. We only reboot once a month after Patch Tuesday.
The condition is flagged between 9 and 14 times per day, every day. There seems to be small patterns when it will happen sometimes every 2 hours (more or less), every 3 hours, or every 4 hours.
We're on holiday break now, so hardly any staff are present. The condition does not coincide with usage.
I'm watching for alerts of the condition recurrence and hope to collect logs soon.
Thanks again.
-
2 hours ago, IggyPop said:
No, we are not.
-
We're running the latest version of Server Security and agent on our servers. The only ones that seem to be having performance issues are the file servers. Both high CPU and high memory usage attributable ekrn and causing excessive paging throughout the day.
These are basic Windows 2012 R2 servers with low utilization otherwise. All non-file servers with ESET are not experiencing issues, only file servers. ESET policies are pretty much default and applied to all member servers.
I've tried uninstalling and reinstalling ESET thinking that possibly in-place ESET upgrades over time may be causing issues, but there has been no improvement. This issue has been consistent and ongoing over several months.
Any insight is appreciated.
OS X clients show 6.11.202.0 as latest available version
in ESET Endpoint Products
Posted
Here's a screenshot to illustrate: