Raymond

Hi there, We're busy with an upgraded from 6.6 to 7. I am using GPOs to install the ver. 7 agent and EEA over the top of the existing 6.6 versions. This has worked fine on about 3 pilot machines so far, but one of them failed with the upgrade, and logged this error in the application event log regarding 6.6 removal: Product: ESET Endpoint Antivirus -- Error 1922. Service 'ESET Service' (ekrn) could not be deleted. Verify that you have sufficient privileges to remove system services. I've seen a few sites mentioning uninstalling in Safe Mode... but I want to automate the rollout - can anyone advise what causes this and how I can resolve in an automated fashion? I have about 300 endpoints to do and I don't want to have to manually intervene if possible. thanks Ray

Cool many thanks Marcos.

Hi guys, yep I have that translation module. Strangely after waiting a bit and looking at ESMC again, the error has now changed to: Your device is outdated. It is not guaranteed that your device remains protected with your outdated version of ESET product. Update to newer version of Endpoint Security/Antivirus to ensure full protection, see your options: https://support.eset.com/kb3580/ We have been getting this on our PCs since we run 6.6 (spot on there MichalJ!). So hopefully the errors will go away once we finish our upgrade to 7 which is in progress.

After migrating from an ERA 6.6 VA to a new ESMC 7 VA, many of our computers are showing this alert: <resource-not-found-0x120000ef> These machines may have had uncleared alerts against them previously - I am bad at clearing them regularly 😉 Any idea why we are getting this error and how to resolve it?

Adding the following to my httpd.conf worked for me: AcceptFilter http none AcceptFilter https none

Any advice here please guys?

I've just installed ESMX 6.2 on our Edge server (Exchange 2010). Previously we had the Spamhaus RBL configured as a Blocklist Provider which significantly decreased our spam. This is still configured, but is now a lower priority Transport Agent as ESET is at the top of the list if I run a Get-TransportAgent. Should I configure an RBL within ESET, or will my original RBL configured in Exchange still be getting used after ESET has done it's processing?

Hi j-gray, no progress i'm afraid. I've had my hands full and haven't had a chance to log a support call with ESET for this.

No problem, will do, thanks.

Bump...

The in-depth scan with cleaning that i kicked off from ERA completed successfully. However the unresolved threats have not cleared. If I look at the threats and look at the Occurred column, none of them are from yesterday so it seems the old threats are not being removed. How can i remove them? I can't click through 4000+ of them to remove them. Also is there any way to see the results of a full scan from the ERA console? I can see that the scan was successful but I can't see where to check if any new threats were found.

Thanks for the reply Marcos. For the PC with thousands of threats, I kicked off the scan manually on the PC after removing some dodgy software and deleting some old user profiles. Should i kick off another full scan (in depth, with cleaning) from the ERA console against that PC to get it to update its status in ERA to zero unresolved threats?

Hi, we recently deployed ESET 6. Our ERA server is running 6.2, but clients are still on 6.1. One of the PCs we deployed to had a few thousand threats found (multiple files belonging to the same dodgy software). We cleaned it up and ran another full scan which reported it as clean. However, the PC is still showing as having thousands of unresolved threats in ERA. I don't want to have to mark them as resolved one by one. How can i force the client to tell ERA that it no longer has any threats? We have a number of PCs in the same situation.

In the end i used hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN332to get a list of remote addresses for our deployment, and used <Proxy> rules instead of the above <ProxyMatch> rules. My complete set of changes to httpd.conf (with proxy chaining to our existing corporate proxy and denial of non-ESET URLs) is now: ProxyRequests On ProxyVia On ProxyRemote * hxxp://proxy.ourdomain.com:8080 <Proxy *> Deny from all </Proxy> <Proxy "*.eset.com*> Allow from all </Proxy> <Proxy "*.eset.eu*> Allow from all </Proxy> <Proxy "*.trafficmanager.net*> Allow from all </Proxy> <Proxy "*.cloudapp.net*> Allow from all </Proxy> Hope this helps someone.

OK a bit of progress - i asked our network team to allow unauthenticated access from the ESET server's IP, so i'm using ProxyRemote to send requests to our internal proxy. The activation/definition updates worked successfully for one of my test machines. I then put the following into httpd.conf to try and restrict the Apache proxy to ESET destinations only and restarted Apache. It breaks activation and I now see this in the Apache logs: client denied by server configuration: proxy:edf.eset.com:443 Is one of the regular expressions in the list below wrong? Or some other Apache syntax problem with the below? I've been reading the Apache manual but haven't found the problem yet. Guys it would be good to include this in a wizard somewhere... <Proxy *> Deny from all </Proxy> <ProxyMatch ^[h,H][t,T][t,T][p,P][s,S]?://([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[c,C][o,O][m,M](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> <ProxyMatch ^[h,H][t,T][t,T][p,P][s,S]?://([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[e,E][u,U](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> <ProxyMatch ^[h,H][t,T][t,T][p,P][s,S]?://([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mailshell.net|ds1-uk-rules-3.mailshell.net|fh-uk11.mailshell.net|edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs.trafficmanager.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> <ProxyMatch ^[h,H][t,T][t,T][p,P][s,S]?://([^@/]*@)?(87.106.247.14|209.157.66.250|209.157.66.253|212.227.134.125|212.227.134.126|212.227.134.128|212.227.134.130|212.227.134.131|212.227.134.132|212.227.134.133|212.227.134.158)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch>