Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by j-gray

  1. As a database is required, it installs SQL Express (free/no license required) by default. You can install the full version of SQL, but will require a license: https://help.eset.com/era_install/65/en-US/sql_server_windows.html?sql_server_windows.html MySQL is an option, too: https://help.eset.com/era_install/65/en-US/sql_server_windows.html?mysql_windows.html
  2. I've created a case for the kernel extension error (#216378). Unfortunately, I was informed this is a known issue with no ETA for fix. We'll be halting our upgrade rollout for now.
  3. I've created a case for the splash-screen issue. I'll create another one for the Protection Status/kernel extension issue, shortly.
  4. @MichalJ Thanks for the reply. Behavior is counter-intuitive; the client shows red exclamation indicating a security risk, but console shows green check indicating good status. I would not want to see a green/good status if security risks are present and unresloved. The splash-screen appears at every reboot. Regarding Protection Status, tray icon and gui status looks like this: Protection Status policy looks like this: Issue reproduces intermittently. Client was working properly and I just rebooted to verify splash-screen is still appearing on reboot. Client came up with the error. Reboots in the past have resolved the error, but it recurs randomly on subsequent reboots.
  5. Also finding that systems are showing a green check in the status column, despite having active threats: Properties of the client reflect the unresolved threats:
  6. Anyone else seeing these issues on OS X? I imagine the splash-screen issue is a bug?
  7. We've upgraded our server to latest version, as well as some OS X clients (agent and av). I'm encountering the following issues: Splash-screen is displayed at startup. Policy is set (and locked) to not to display splash-screen at startup. Client 'Protection Status' shows an error and red flag with 'Web and Email' component on the client GUI. Policy is set for Protection Status to only show if Restart is required. Client GUI should not be showing other Protection Statuses. Web and Email error is appearing in client GUI somewhat consistently after reboots: "Kernel extension required for Firewall was not loaded because of an error. Try to restart macOS or reinstall the product." Though we have these components disabled by policy, something apparently is not loading correctly at start up.
  8. What you have posted reflects the defaults, and this is how the clients are configured, both Win7 and Win10.
  9. After upgrading to v7, I'm finding random systems with the following warning: "This feature is not monitored by Windows Security Center". Product = Operating System, Subproduct = Firewall We have the same policy applied to all Windows workstations, yet some have this warning while others do not. We do have the Windows firewall enabled on all systems. This error appears on some Windows 10, some Windows 7 and various versions of antivirus and agent. I'm unable to determine why the warning appears on some but not others, given same settings and policies. I can disable reporting of this, but would rather understand why it's being inconsistent.
  10. Thanks for the reply. That's confusing; the error specifies Firewall, but it's actually specific to Web and Email components. Also appears to only trigger for v7 clients and not earlier version, despite the same policy on both versions. Regardless, we have Web and Email components disabled, as well as Firewall and Content Filtering. Seems we should not get errors/warning for something we've intentionally disabled. It would be another story if it was enabled but not functioning properly...
  11. We successfully upgraded our server to v7 and we've upgraded some OS X and Windows agents to the latest versions, so far without issue. However, after upgrading Windows antivirus to the latest version, they are all showing an alert in the console: "Protocol filtering is disabled". The alert shows the subproduct as 'Firewall'. However, the Firewall is completely disabled via policy. Further, this alert does not show on Windows clients with earlier version of antivirus (e.g. 6.x). The client shows no errors in the GUI. Where in the policies can I fix this?
  12. I know there was a thread on this somewhere, but I'm unable to locate it... This is an annual occurrence when we have a time change for Daylight Savings Time (DST). Scheduled tasks that were set to run at 4:30pm now run an hour earlier at 3:30pm. The task uses CRON expression: 0 30 16 ? * WED It is set to 'Use Local Time' Time is correct on the server and on the clients. The task runs at 4:30pm all year as scheduled until DST when clocks are moved back. Then the task runs at 3:30pm every time until DST ends. Is there a fix for this?
  13. You can achieve this using DNS, if that's an option in your environment. It is detailed here: https://support.google.com/a/answer/6214622?hl=en
  14. I'm interested in this information, as well. Can anyone clarify?
  15. Based on issues noted in these forums, I'm holding off upgrading to v7.5 at least until the first service release is available.
  16. Thanks for the info. We had a case (#39682) for this issue, opened 05/31/2017. I was also told it was resolved in this latest release. They didn't want to wait for me to upgrade and test, so they closed the case on 08/22/2018. I'll loop back with the support engineer and see where it goes. I spent countless hours testing beta agents, as well. Unfortunately, we don't have a good way to find unmanaged Macs (or PCs for that matter). I occasionally run agent install tasks on unmanaged clients in the ERA console. If they return a successful install but still show unmanaged, it's a good indication the agent is broken again. We don't have JAMF. I use ARD to run the agent uninstall script, then re-run the agent install task via ERA. It's very tedious. I'll let you know if I hear back from support. Good luck!
  17. That's disappointing. We had the same issue with Mac agents, reportedly caused by 'unclean' shutdown. Only fix was to remove the agent via ARD and reinstall. We were also told by support that this was fixed in the latest version. However, due to multiple and various issues noted here in the forums, I have not been in a hurry to "upgrade". Do you have an existing support case for this? If you don't mind providing it I can refer it to our support folks.
  18. Perhaps this is the case in a home environment. We have dedicated firewall appliances and dedicated web filters that handle this. We have no POP/IMAP clients.
  19. I disabled Email Client Integration entirely by policy. The client GUI accurately reflects that 'Email Client Protection' is disabled permanently. However, the critical Protection Status error persists: Email protection by protocol filtering is non-functional. In order to clear this issue I had to: Go to Web and Email policy section and turn on 'Enable application protocol content filtering' Go to Web and Email > Email Client Protection > Email Protocols and turn off 'Enable email protection and protocol filtering' Go back to Web and Email policy section and turn back off 'Enable application protocol content filtering' I had to perform step #1 because the policy item in step #2 is enabled but grayed out and cannot be toggled. It really seems that if you disable a parent policy (e.g. Email Client Protection) it should inactivate all child policies automatically.
  20. @Marcos ERA console looks like this: Client GUI looks like this: We have email protection enabled, but not protocol filtering. This is under the 'Web and Email' policy section, so not sure why it's reported as a Firewall Subproduct. Either way, this shows as a 'Critical' issue only on the latest 6.6 client. Previous versions do not show any errors, despite the same policy applied.
  21. I should also note that all of the Firewall-related statuses are disabled (both 'Show' and 'Send') via policy, as well.
  22. This warning appears on Win10 clients with ESET version 6.6.2086.1 and the latest agent. The error detail shows Protocol Filtering is a subproduct of the Firewall. We have the Firewall completely disabled via policy. Why do we receive a Critical error state for a component that is disabled? How do we fix this issue?
  23. I would definitely take a look at the clients and see what all is being scanned. Also verify your scan settings and exclusions: Are they scanning network drives? Do they have external/USB drives that are getting scanned? Are other synced items getting scanned (e.g. Google Drive, etc.).
  24. That's a good question. In the AV policy under Tools > Privileges, there are options for 'Privileged groups' and 'Privileged users' which is similar to the password protection option for Windows clients. Presumably if root has not been added there, it will not have permissions to modify ESET. You would obviously need to have an admin group (that excludes root) or another local admin account in lieu of root. I don't believe there are any protections for the agent, though. Hopefully someone from ESET support can clarify.
  25. I ran a standard upgrade task from ERA to upgrade an OS X client to the latest release. During the upgrade process, is popped the ESET splash screen to the logged on user (me). ERA policy for these clients is set to disable the splash-screen at startup. Are there any options to suppress the splash-screen during upgrade?
  • Create New...