j-gray

Thanks for the reply, but I don't entirely understand. Does this mean that if using EP Console upgrade task for those problem versions we can't jump directly to version 9 and we have to do an incremental upgrade? So for example, any 8.1.2031.0 client has to be upgraded to 8.1.2037.2 before we can upgrade it to version 9?

I'm seeing the same thing and have the same question, though I'm seeing more mixed results. Versions 8.0.x also show 8.1.2037.2 as the latest application. However, we have some random old 7.x versions that pop up online and they show version 9.0.232.2 as the latest available application version.

I have a dozen or so OS X devices where no tasks from EP console will run -they all simply fail. From terminal, I'm manually uninstalling the agent, then manually running the latest ProtectAgentInsaller.sh (9.0.3140.0) manually. On each system, the agent install hangs at "Installing at base path / " This is the same process I've always followed for problematic agents. Is this error/failure indicative of anything specific?

I ran another test just now on 12 systems. The task starts successfully. After one minute, they all report 'Failed'. After about 10 minutes, they all show finished successfully without any other intervention. When they are in the failed state, they all reflect the following: Progress Status: Failed Last Progress Description: Failed Trace Message: Task failed in the security product We didn't realize the need to approve the EEI agent for Full Disk Access, so this has not yet been done. The user is not prompted, so we know there is no interaction with the end-user.

Well, it appears the installs are initially reporting as failed. Then after some time they report as successfully completed. I'm not sure why this is the case. Regardless, it would still be good to know options for troubleshooting the OS X install.

I should add that all of these systems have the latest Protect agent installed and we rarely have issues deploying or upgrading agents from the ESET Protect console.

We recently started deploying the EEI agent to OS X and Windows devices. So far no issues on the Windows side. However, we're seeing random failures on OS X. I have not identified any commonalities yet. Where might I find installation logs for OS X or any other clues to determine what might be causing the agent installation failure?

We'd like to install an SSL certificate for EEI that is signed by our CA. However, I'm not finding any documentation on how to generate a CSR. Is this possible or supported? Or are we stuck with the ERA CA?

Thanks again. Is it also possible to determine which updates require or recommend a restart? I just ran an update on a Windows system from 8.1.2031.0 to 8.1.2037.2. I assumed being a minor upgrade that no restart would be required. But in fact a restart is required. I guess I need to assume that any AV update will require a restart. But it would be great to know in advance --that way I could immediately apply updates that don't require a reboot, as opposed to having to wait for a more opportune time.

Thanks for the info -I appreciate it. What is the functional difference between required and recommended. I assume that 'required' indicates AV is not functional. What state is the AV when restart is recommended? Is it still fully functional or are some components not functional?

I can't remember if this dynamic group was a pre-built/canned one, or one that I built. Either way, it quit working after some upgrade when status changed from 'Computer' to 'Device'. The initial query was OR Functionality/Protection problems.Problem = Computer restart recommended / Computer restart required I found that the actual status is now "Device restart required", so added that to the existing OR conditions. However, I found that some clients are also now showing status, "Device restart recommended". But I'm not finding this status under Functionality/Protection problems.Problem with the others. Nor am I finding it elsewhere. Any thoughts on how I can fix this dynamic group to capture all restart conditions?

@Marcos The bulk of the hits are coming frequently and from one cloud hosting provider: 192.241.128.0/17 We have IDS and IPS in place at our edge, but they're not detecting this traffic. Is the ESET component simply a block list, or is there some other logic/analysis in place?

Thanks -I just sent the IPs via PM. Hope that's ok.

Thanks for the reply. There's no visibility or information (other than blacklist) to help us determine why the IP is being blocked. All we know is that they are IP's that are external to our network. Is there any more detailed information logged somewhere?

In ESMC, ESET Server Security logs a detection type 'Security vulnerability exploitation attempt' caused by EsetIpBlacklist. The detection type is labelled as 'Firewall'. As the Server Security policies don't have a specific 'Firewall' section or component, can anyone clarify what component exactly is responsible for this protection? My assumption is that it's the IDS component of Network Protection, but I'm not entirely sure. TIA

Any updates for JAMF? Thank you.

@Marcos The other issue is the proxy/VPN component. We're also finding that even when the service is inactive, it gets reactivated after an OS update and causes issues again.

@Marcos Any updates on this, or a possible timeline? Our hardware orders are all coming in now, and of course new hardware is coming with Big Sur installed, so our problems are increasing rapidly. Thank you.

Thanks for the information --I appreciate it.

We're currently running ESET Protect on-prem with Windows and OS X licenses for EEA. I'm referencing the EEI Help documentation, but a little unclear on some details. Could someone please walk me through what it would look like to add Enterprise Inspector so we have full EDR? I gather we would run up a new/separate server for EEI in addition to our existing EP server. Install EP agent on EEI server, then deploy EEI server via EP console. I also gather that clients will need two agents (one for EP and one for EEI)? I don't entirely understand deployment and management from there. Can I use a single web console to deploy both agents and manage all policies? Or do I need to deploy EP agents from the EP console and EEI agents from the EEI console? Is all information aggregated into a single console? Appreciate any pointers or clarification. TIA

Out of curiosity, the EP Antivirus and EP Security feature matrix shows that EP Security has "Component-based installation". Does this mean that we can choose to not install components that are not needed as we're discussing here?

ARD might be a suitable workaround for smaller organizations. Unfortunately, it requires too much manual intervention and constant babysitting to be viable in a larger environment. We need a solution that is both reliable and can be automated.

We use JAMF to deploy the agent, then ESMC installs the client automatically once the agent is installed.

Yes, it's very problematic. On our clients, once the proxy piece is installed on any Big Sur system, it breaks the internet connection. Even though it's supposed to be disabled. If a client chooses not to allow it, the internet connection works, but the ESET icon shows an error state. Even though it's supposed to be disabled. If a client allows it, the internet connection does not work. The service has to be set to inactive in order for everything to work. This is an issue that really needs some attention and thought. For those of us with a large client base, manual interaction and intervention on a regular basis is not feasible.

Unfortunately this isn't a viable option for us given we have 600+ OS X endpoints. As @karlmikaeloskar indicated, it would be awesome to have the ability to build and deploy packages without specific components.