Jump to content

hari.senen

Members
  • Posts

    27
  • Joined

  • Last visited

About hari.senen

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Indonesia

Recent Profile Visitors

554 profile views
  1. you could try this office 1 : Operation AND (if there's 2 subnetwork in office 1, then i suggest use OR) Network IP addresses . IP subnetwork contains 192.168.1. office 2 Operation AND (if there's 2 subnetwork in office 2, then i suggest use OR) Network IP addresses . IP subnetwork contains 192.168.2. Remote : Operation NAND Network IP addresses . IP subnetwork contains 192.168.1. Network IP addresses . IP subnetwork contains 192.168.2.
  2. Is ESMC or ESET Protect api integrate to IBM SOAR ? is there any guidence for this if ESMC or ESET protect can integrate it ?
  3. Here's the log from client connection-log.txt trace.log
  4. hello martin i have the log. where i can send to you ?
  5. oh i forgot to mention this client use latest agent 7.2.1266.0 with latest ESMC
  6. client can't resolve the esmc.mycompany.com and client can't contact the IP address directly because of the firewall but use apache proxy in port 9999 to forward the request to esmc we change the address in /etc/hosts file on proxy (proxy connected to internet) like this 192.168.xx.xxx esmc.mycompany.com
  7. Hello, many of my agent have this log in agent trace.log 2020-08-26 23:40:05 Error: CNetworkGrpcModule [Thread 155c]: GRPC:Failed to resolve: esmc.mycompany.com:20033 2020-08-26 23:40:05 Error: CReplicationModule [Thread bb4]: InitializeConnection: Initiating replication connection to 'host: "esmc.mycompany.com" port: 20033' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "esmc.mycompany.com" port: 20033 with proxy set as: Proxy: Connection: 192.168.31.40:9999, Credentials: Name: , Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 2, error message: Failed to create subchannel, and error details: 2020-08-26 23:40:05 Warning: CReplicationModule [Thread bb4]: InitializeConnection: Not possible to establish any connection (Attempts: 1) and my agent can't connect to the ESMC. i migrate my esmc from my cloud server to another server in my office. i have offline network and i used apache in centos as HTTP proxy to connect to my cloud server. after i migrate to my office server i edit my /etc/hosts in centos 7 and add the esmc.mycompany.com address to resolve my local IP (when use my cloud server the esmc.mycompany.com can be access with FQDN because using external DNS) without changing anything in policy after several weeks this error came in. and now some of my client didn't connect. is there any solution of this ? NOTE : esmc.mycompany.com in external dns is 103.26.xx.xxx esmc.mycompany.com in my office (offline network) is 192.168.xx.xxx port esmc is 20033 my apache proxy is 192.168.31.40 with port 9999
  8. thanks marcos it works we setup drive Z (HP ram drive) to 512 MB and reinstalled it again
  9. here's our drive size. is this not enough ? because we installed it in Drive C
  10. Is ESET Support on Thin client ? because we tried to install ESET Endpoint Antivirus in HP t628 Thin Client with Windows Embedded Standard but the feature was non functional.
  11. Hello, my friend tried the anti - theft feature in my.eset.com and it works but he don't know what to do and then he uncreate the phantom user in my.eset.com but he still login to john account. after that he click i recovered my device but it still use the phantom account. tried to restart after several minutes didn't help. then in the phantom account he tried to disabled the anti theft now the anti -theft in my.eset.com didn't show the device. can anybody show how to recovered to the normal state. because he's getting frustrated. login to admin in safe mode didn't help because somehow admin login password has changed after john pantom active EDIT : Nevermind, my friend able to get normal account back after long process..
  12. if i'm not wrong the reason why ERA 6 use apache or squid for distribute update is for replacing the mirror function in ERA 5. hxxp://help.eset.com/era_install/62/en-US/http_proxy_installation_windows.htm hxxp://support.eset.com/kb3637/?locale=en_US i run test for a few client only update through my proxy not directly to the internet. how am i supposed to minimized internet traffic on my network if my squid log said TCP_MISS when our user update the internet with proxy enable ? it's the same thing with direct update through the internet. the point in cache is the user update through cache proxy first, the proxy server (squid) compare with the origin server (ESET) and if the update is the same state as before the user will update through the cache (hit state) if the origin server newer than cache then the user will update directly and proxy save the download cache (miss state). if hit, it means save more bandwith because not using the bandwith connection. i didn't see hit or miss status in apache log (only get) but in squid log i only see miss log instead off hit log when update same database in different user. i don't wanna use mirror tools because : The mirror tool downloads virus database definitions only it's use one of my license. if i purchase 10 seat ESET, i need to purchase 11 because i must create 1 offline license for mirror tools to served our 10 client An answer to your first statement, it's not complete replacement, as you can see in red text. It's just proxy+cache server. It does not leave you much to control. Have you tried testing clients that have internet access and see log? Offline mirror tool is result of pressure from customers, that need to update clients that have no internet access. As constant request I have posted here on forum that update process (definitions + product) has to be controlled on server with proper UI and settings. They have promised to implement product update in Offline mirror tool in future. i test with 5 user. 2 user update through internet with proxy. 3 user without internet connection and update through proxy (with username password) and 3 user tested browsing site with this proxy and fine. but stil TCP_MISS in cache when update with squid proxy. As constant request I have posted here on forum that update process (definitions + product) has to be controlled on server with proper UI and settings. They have promised to implement product update in Offline mirror tool in future. ok i get the point but i wanna use to save bandwith with cache as in my country bandwith is still issue, and mirror tools is not that simple as mirror ERA 5 in end user view
  13. you can use this tutorial for install ERA (ESET Remote Administrator) 6 in centos hxxp://help.eset.com/era_install/62/en-US/component_installation_linux.htm
  14. if i'm not wrong the reason why ERA 6 use apache or squid for distribute update is for replacing the mirror function in ERA 5. hxxp://help.eset.com/era_install/62/en-US/http_proxy_installation_windows.htm hxxp://support.eset.com/kb3637/?locale=en_US i run test for a few client only update through my proxy not directly to the internet. how am i supposed to minimized internet traffic on my network if my squid log said TCP_MISS when our user update the internet with proxy enable ? it's the same thing with direct update through the internet. the point in cache is the user update through cache proxy first, the proxy server (squid) compare with the origin server (ESET) and if the update is the same state as before the user will update through the cache (hit state) if the origin server newer than cache then the user will update directly and proxy save the download cache (miss state). if hit, it means save more bandwith because not using the bandwith connection. i didn't see hit or miss status in apache log (only get) but in squid log i only see miss log instead off hit log when update same database in different user. i don't wanna use mirror tools because : The mirror tool downloads virus database definitions only it's use one of my license. if i purchase 10 seat ESET, i need to purchase 11 because i must create 1 offline license for mirror tools to served our 10 client
  15. I'm Using ERA 6.2 in centos 7 and try to use apache or squid 3 for distribute cache. the problem is when use apache proxy our user didn't download the update from apache cache. i tested the user with internet connection and user without internet connection. user without internet connection won't update from cache i use the configuration from here hxxp://help.eset.com/era_install/62/en-US/index.html?http_proxy_installation_linux.htm secondly i test it with squid 3 since apache didn't give enough information about miss or hit in their log i use the configuration from here hxxp://help.eset.com/era_install/62/en-US/index.html?squid.htm and when i test it again the result is still same. ended with TCP_MISS from all our user instead of TCP_HIT. it would be useless to distribute the update if apache proxy and squid 3 can't cache the update for user or is there any configuration i must add for our client to succesfully update from proxy (apache proxy and squid 3)
×
×
  • Create New...