j-gray
-
Posts
620 -
Joined
-
Last visited
-
Days Won
5
Posts posted by j-gray
-
-
EEI Console indicates a critical alert/threat detection for malware detected by antivirus (idle scanner) on a specific host and also indicates that the threat was not handled. This detection occurs 4-8 times per day going back several weeks.
However, when I look at the specific host in the EP Console, it does not reflect this. EP console shows nothing under Alerts. EP Console also shows nothing under Detections and Quarantine. It also shows that the scheduled scan completed two days ago and found nothing.
So EP console shows critical antivirus issues, but EP console does not show them. All filters are cleared. I'm not sure why the conflict.
-
I also just noticed that there are no v7 products listed in the repository in the EP Console. They seem to have gone missing?
-
I ran the AV install via EP Console task and it completed successfully. However, the client is still showing V6 installed, as well. Is this a known issue?
-
We're still having issues with OS X after upgrading to the latest EI Connector (1.7.1991.0), as well as latest v.7 AV.
- EI Connector still logs frequent "Failed foking process" errors.
- EI Connector install/upgrade task status reports either running indefinitely (e.g. 24+ hours) or failing immediately, despite completing successfully.
- EI Connector shows critical "Not Activated" alert on v.7 AV clients.
Is there any way to get statuses on any of these bugs/fixes, or at least verify that they are even reported as bugs?
-
Thanks for the reply. We do use the user functionality, so I'm hesitant to delete them all.
In the Task settings, the setting for 'User Creation Collision Handling' is set to 'Overwrite', so you would not expect an error for any collisions. I'm not sure why this is happening. I'm guessing it has to do with permissions, because if I set Collision Handling to 'Skip', it does not cause an error and the job runs successfully.
Secondly, it would be great if the user(s) causing the collision was logged somewhere. That would make for a easy/quick fix to remove the offending user and run the task again. Is there any way to find the offending user(s)?
-
It would be great to see a product roadmap here.
I'd like to see the EEI agent bundled with the EP agent or AV client, since the AV component is required for the agent to work.
Having to install/upgrade/manage three separate components is a bit of a pain.
-
It looks like every day, EEI creates a task in EP Console for user synchronization. Every day the task fails with "User with same name already exists in target user group"
'User Creation Collision Handling' is set to 'Overwrite', so I'm not sure why there is an error. But more to the point, I'm not sure why this task is being created daily, nor where to disable it or if it's even needed as it always fails and seems to have no impact on functionality.Any info is appreciated. -
4 hours ago, Peter Randziak said:
Hello @j-gray,
I guess the V7 is a type and you meant V6, right? As based on the previous info it seems that the v.7 is causing the issues and v.6 is working without them, can you please confirm it?
Peter
Yes, apologies -you are correct. I'm unable to edit the post, but it should read:
Again, we do not see this with the latest connector and EEA V6.
-
Hi @Peter Randziak Thanks for the info. I believe the license check/run_loop error only occurs at service start.
The 'failed forking process' errors occur in large amounts, also only with EEA V7 installed.
It's rather odd. I see connector events logged normally, then at some random point, "0x700009549000 Info: ESET Inspect integration with Endpoint has been successfully disabled". Immediately after wich, I see a ton for 'failed forking process errors'
Then at some random point, I see "0x700009549000 Info: ESET Inspect integration with Endpoint has been successfully enabled" and event logging continues normally.
I'm not sure what is causing the connector integration to become disabled and enabled.
Again, we do not see this with the latest connector and EEA V7.
-
I'm also getting this one: "0x70000e6f8000 Error: License check failed. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2)"
I should clarify; I understand this error is due to an issue with v7. However, it puts the client into a critical state, as product activation fails.
-
@Peter Randziak I've uninstalled and reinstalled the latest connector several times, but logs are full of these "Error: Failed forking process..."
The most frequent error code now is 0x70000e6f8000.
I'm also getting this one: "0x70000e6f8000 Error: License check failed. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2)"
Seems to be an issue in conjunction with v7 antivirus.
-
11 hours ago, Peter Randziak said:
Hello @j-gray,
most of the reasons to see such should have been fixed in the 1.7 so maybe some of them slipped slipped through...
Can you send me the full log via a private message so I can have it checked for you?
Peter
P_EEI-8600
This is a new connector install (upgrade) on my system, prior to deploying the connector en-masse. I'll send the log files. Thanks for looking.
-
20 minutes ago, Marcos said:
This is a known issue caused by the renaming of the product. Should be fixed with future versions of EI.
Thanks for the reply. The missing zero on the installed version was also an issue in at least one or two previous releases.
Not a big deal, just inconsistent and causes issues when creating a dynamic rule until I remember I have to remove the zero from the expression.
-
I'm not sure if this is an EEI issue or EP Console issue. The Windows EI agent/connector is not reporting consistently in the EP Console.
It's leaving off the trailing zero in the installed version (should be 1.7.1978.0) so is not consistent with the Latest Application Version. And it also does not show the the Latest Application Version once the latest version is installed:
-
After upgrading to latest version, OS X agent is showing multiple errors per second:
0x700000bf5000 Error: Failed forking process 823(process exists)(forking process does not exists)
It's throwing these for multiple processes. It does seem to be communicating regularly with the EEI server, however.
Any ideas what's causing this?
-
Same issue here with OS X endpoints after upgrading to the latest version. Status shows not activated, activation task runs successfully but product is still not activated.
-
@Matus No worries. Thanks for confirming it as a known issue.
-
On 4/1/2022 at 1:10 AM, Matus said:
Hi J,
thanks for the reply.
This "Security Alert that "Web and email protection is not configured."" in GUI should be fixable by by adjusting v7 policy: User Interface > Application statuses please disable : Network content filtering integration warnings. (left checkbox)
Please can you confirm it works?
"not report web and email status to server," - is the right checkbox unchecked from picture above?
Enterprise Inspector supports ESET Endpoint AV for macOS 7+ from version 1.7, released a week ago. I think that you still have installed version 1.6, which has no support for Endpoint for macOS v7+. In such case, such message is present. Please can you confirm?
Thank you
@Matus I upgraded EEI server and connector and the connector no longer breaks when installing v7. I wasn't aware that this would be an issue.
Also, I cleared the boxes for Network Content Filtering warnings. It now clears the warning condition from the EP console, but client GUI still show red. Any way to resolve this?
-
@Matus Thanks again. Sorry for the delayed reply. Had to upgrade the EEI server so I could push the new EEI agent in order to test again.
I'll push out a few new AV clients and report back shortly.
-
@MichalJ @Matus Thanks for your replies and detailed information.
Yes, I missed the new V7 policies. I've configured those to mirror our existing V6 policies. The red warning dot no longer appears on the ESET icon.
However, when opening the GUI, the Protection Status is red with a Security Alert that "Web and email protection is not configured." This was not the behavior in V6.
In addition, though policy is configured to not report web and email status to server, EP Console flags the device with a critical error due to web and email not configured.
Finally, it may be coincidence, but EEI agent on this system now shows as 'Malfunction'. "Installed but not running"
Thanks again -I appreciate the info and assistance.
-
No, this was my system used for testing, running Big Sur (11.6.4). I just upgraded today from 6.11.202.0 to the latest release available in the EP Console: 7.0.7300.0. No OS updates have occurred.
-
24 minutes ago, Marcos said:
If the issue persist after a system restart, please collect logs as per https://support.eset.com/en/kb3404 and open a support ticket.
Issues persist after several reboots.
-
Just started testing and am finding issues with:
- End users are prompted to Allow/Don't Allow proxy configuration
- ESET icon is displayed in the dock even though policy is configured to not display in dock
- Icon shows red/warning status due to 'Web and email protection is not configured'.
However, web and email protection is disabled by policy and the policy is also configured to ignore web and email status on the client and not report web and email status to the server.
How can we get rid of the Security Alert for web and email protection?
-
I just ran a test install via the console and find that the end-user is prompted to either 'Allow' or 'Don't Allow' ESET to add proxy configurations.
We do not want our end-users to get a prompt (they won't know what to do) and we do not want the proxy installed/configured.
How can we avoid this?
EEI server reports malware but EP Console does not.
in ESET PROTECT On-prem (Remote Management)
Posted
An update to add to the confusion; when I log into the host and run a manual scan on the folder and file that is generating the alert in the EEI console, the antivirus scan does not detect anything.
So again, EEI shows an unhandled malware threat (Win32/BadJoke.KW), but AV shows nothing and detects nothing during scans. The file that is flagged is still in the location causing the detection in EEI.