Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by j-gray

  1. @Marcos Thanks for the reply. Yes, I contacted support and learned that I had to use Cloud Protect to manage these. I then had to migrate from ESET License Administrator to Protect Cloud. Just got that completed. However, new question: the settings are configured to deactivate after 365 days. However, I have a number that are >1,000 days. I'm not sure why these aren't getting removed. Is there a way to force this cleanup, or do I have to do it manually?
  2. ESMC shows license count at 1584/1600. The console shows a total of 1334 clients and 184 of those show 'no status', so we only have 1150 installed clients. So we should have 434 licenses free. The License Management section shows successful recent synchronizations. I thought there used to be a setting to release licenses when clients are removed (after 90 days of inactivity) from the console. How can I release these licenses that aren't in use?
  3. Yes, ideally we would like to build a package that excludes the components that we don't use (e.g. Media Control, Device Control, Personal Firewall) and have a leaner client. I doesn't look like there's a way to do this en-masse, only when performing a local/manual installation.
  4. Yes, statuses are disabled by policy for these components. Clients do not see a warning about them being disabled. It's in the case of the Big Sur clients where they see the error state pertaining to the system extension for Web and Email protection. From what I gather, even though web and email protection are not enabled by policy, the web and email system extension still needs to be allowed. This is unfortunate, as it appears the only way to resolve this is with a third-party application (MDM).
  5. @Matus If I understand correctly, the only way to allow system extensions and full disk access is via MDM? It's not possible via ssh/terminal? Regarding components, we disable all 'Web and Email' components via policy. In the GUI they show as disabled/grayed out, so should not be causing errors or warnings. We do this for several reasons.
  6. @Matus is there a way to approve this via terminal command? On the client, the GUI shows 'Security Risk'; "Web and Email protection is non-functional" Of course, we do not enable these two components, so we wouldn't expect to see the error. Nonetheless, users see the error status and error messages.
  7. On two systems showing this error, I uninstalled the AV and then reinstalled it. I still get the same error messages in the console for each client. Any suggestions on how to clear this error status?
  8. For those OS X clients running 6.10.460.1 and latest agent, we're finding that most if not all report the following in ERA console: System extension required for Web and Email protection was not configured because of error. Try to restart macOS or reinstall the product. This is after upgrading to Big Sur when already on 6.10.460.1 What's more puzzling is that we do not enable Web and Email protection by policy. Also, the user is presented with these errors frequently enough to be annoyed. Is this expected behavior, and what is the recommended workaround? TIA
  9. I'm not finding the setting in OS X policies to display a warning or notification if virus definitions are 'X' days out of date. Can anyone point me in the right direction? TIA
  10. I also tried the task by going to client details, then 'Installed Applications'. I selected CCleaner from the list of applications, then clicked the 'Uninstall' button. That gave the following error: "SoftwareUninstallation: No applications matching name 'CCleaner' were found" Despite the application being installed and being selectable as an application, it does not run. I also tried the software uninstall client task, but CCleaner does not appear in the list of applications to select. Pretty frustrating...
  11. I'm going to guess that it's a permissions issue. On my test system, the task runs successfully and uninstall is successful using the command below: Command line to run: "C:\Program Files\CCleaner\uninst.exe"/S On any other system (all are Win10), while the task runs successfully, the uninstall does not start and the ra-run-command batch file remains in C:\Windows\Temp. Any suggestions on how to get this simple task to run?
  12. Regarding working directory, I put quotes around it and it failed. This is counterintuitive, as at a command prompt, it will fail without quotes due to the space in the path.
  13. Using the first option (command line to run and working directory both populated), I see the following in a batch file that is left in C:\Windows\Temp: uninst.exe /S del C:\Windows\TEMP\ra-run-command-92b883c9-c357-4610-9ecb-62cfa0e9f907.bat The second line is obviously failing as the batch file is still in the directory. I'm assuming based on the command that it's not referencing the working directory?
  14. This should be simple, but I'm having no luck. Task runs successfully but nothing happens on the clients. At the command line, this works perfectly: "C:\Program Files\CCleaner\uninst.exe"/S I have the task set as follows: Command line to run: uninst.exe /S Working directory: C:\Program Files\CCleaner I also tried the following: Command line to run: "C:\Program Files\CCleaner\uninst.exe"/S Either version runs successfully but does nothing. Does the 'working directory' require quotes due to space in the path? I don't believe anything is being logged...
  15. Appears to be profile related; if I scan under my account (domain admin) it does not log anything. If I log in as local admin, it logs the scan(s). Since that scan did not appear in the logs, is there any other way I can tell what the 10 detections were?
  16. I installed ESET and the initial scan started, completed, and was logged. I then ran a scan on the data drive. It completed and shows 10 detections. However, when I click on the 'Show log' link, the second scan does not appear, only the initial scan. Why is only one scan logged and how can I view the detections that were supposedly cleaned?
  17. Agreed. Hence my concerns. I believe something must have changed with the recent upgrades, as everything had been getting remediated properly. No policies have been changed, but ESET is no longer remediating much of anything. Sk8r is classified as a PUP, so potentially forgivable. It's the items flagged as trojans and malware applications that are being retained that are more concerning.
  18. This is what how we have on-demand scanning configured. Cleaning is set to 'always remedy detection':
  19. Thanks for the reply. That would be an option if I were sitting at these various computers. But we have 12 different campuses so my only viable option is pulling info from the ERA console.
  20. This is what most look like with Action = retained and no apparent error or indication why it was retained:
  21. That looks helpful, though I'm not finding such a log. Where is that located? It looks like you're working with Endpoint Security, whereas I'm using Endpoint AV, so there may be some differences?
  22. Thanks for the reply. Scans are occurring after hours, so folks should be logged off, though we know that doesn't always happen. I'm not sure how ESET defines system files. My assumption is an installer (msi) wouldn't necessarily be a system file, nor would those files in the user space, specifically in the user's Chrome profile. Just not sure if my assumption is correct. ESET in the past has indicated when a reboot is required for remediation, but it's not reflecting that, either. I haven't been able to find in the reports or elsewhere any indication as to why ESET is unable to remediate. I'm sure this is logged somewhere, just not finding it.
  23. Scheduled scans and on-demand (scan with cleaning) are not removing most malware lately. MSIL/Adware.BrowserAssistant.B: these are just .msi files flagged as applications, not PUPs and are located in the C:\Windows\Installer directory. I can manually delete them without issues. The others that aren't getting cleaned are HTML/ScrInject.B, JS/Adware.Chromex.Agent.E, JS/Mindspark.G, and a handful of others that are located in the user profile space. Scan settings are set to 'Always remedy detection'. Systems are showing no reboot required. I can't tell from the reports why none of these are being remediated. Any suggestions?
  24. Thanks. I just came across this while researching, because we're getting the legacy extension compatibility error noted here.
  • Create New...