Jump to content


  • Posts

  • Joined

  • Days Won


Everything posted by kingoftheworld

  1. I see that on roughly 200 of my 5000 clients. On the endpoints, all appear fine. All are on a standard image and generally configured the same. Sometimes a restart of the machine makes it go away.
  2. I would recommend reading the release notes for each version. Each version, can include security fixes, bug fixes, or just general stability fixes. I think it would be best to check out the notes on the Downloads page to see if any of the fixes warrant you upgrading your clients.
  3. I would like to confirm this as well. Except, I have about 6,000 endpoints and it is not with all of them, but enough to be noticeable. Out of curiosity, what is the status that is being reported to ERA? In my specific case, I see that the machine in ERA is reporting the status that the definitions are out of date. While this is true, the underlying status of the product not being activated in not being reported. On the client, it clearly states that the product is not activated. I opened a ticket this morning with support, but I would like to know if others are having similar issues as well.
  4. Understood and heard. However, it is easier said than done in 7,500 client environment having to go through our Engineering teams and Change Management. That part is in progress. The clients are in fact no longer activated. It is possible they were left offline for an extended period of time and ELA deactivated them after 180 days, which is what I have it set to. However, the status showing in ERA is that the definitions are out of date, which is true because the clients are not activated. However, the status of the machine not being activated is not being reported, but is apparent when directly accessing the machine.
  5. I am seeing an issue on a bunch of my clients where the status "Product Not activated" is not being reported back to ESET Remote Admin. However, I do see the status that the definitions are out of date. However, once I physically or remotely connect to one of the clients, it is displayed there. Has anyone else seen this? I am running ERA 6.5 server. Clients are running ERA 6.3.* to 6.5.* agent. and mostly 6.3 A/V
  6. Should be no problem for 1000 endpoints. Check out their Infrastructure Sizing guide, hxxp://help.eset.com/era_install/65/en-US/index.html?infrastructure_sizing.htm I currently have around 5,000 clients on one server in our datacenter, and I will probably add another 3,000 or so. A lot will depend on how often you set your clients to check-in. I have mine running at 10 minutes, and I would say the traffic is fairly minimal.
  7. +1 for HTTP server. Too many issues using a SMB share. I am using IIS to distribute the updates and have a second folder where I store the A/V packages for easy distribution within my network. Any will work though, Apache, Nginix, etc.
  8. The better question is why are you using Server 2003 to run a security application?
  9. Thanks! Is there any timeframe for the big 7 release? From what I can gather, 6.5 may be the end of the 6 series?
  10. We are still working on testing to see if this correct the issue we are experiencing. However, when you mention the next released version, will this be soon or will it have to wait until the next major release?
  11. Thanks for the quick reply. I think what you mentioned may already in the works. We had your VP for Sales visit our site last year, and our sales rep mentioned that someone from ESET was planning another visit this year. I am not sure if it is more geared towards sales or product improvement. I will reach back out once I get some more details of the already planned visit.
  12. If it is for ERA 6.*, you can generate a shell script from your ERA console. Much like you likely did for Windows. Then you can either log into the desktop or via SSH and execute the script. You may have to modify permissions on the script to allow for execution.
  13. I guess on a related note. As my organization plans for the future enterprise wide in terms of AV, is there any project roadmap that can be shared?
  14. Now that the issue has been reproduced, do we have an ETA on a fix? With the information from this post, our OSX engineer also confirmed that ESET through opendirectoryd is enumerating pretty much our entire directory including users and group memberships. We currently have licenses purchased that we are unable to deploy to our environment because of this issue.
  15. Has anyone experienced an issue in ERA 6.4 where tomcat appears to go unresponsive? I had one of our IS folks update their Kali VM while their network connection was NAT'ed off of their workstation that has ESET on it. We have muted the machine, but I am attempting to clear out the threats from the console. If I select one or just a couple to mark as a resolved, the web interface becomes unresponsive until I restart tomcat.
  16. Agreed. Another nice feature of previous ERA products that has been removed.
  17. We have been able to replicate it with a vanilla install of OSX Sierra and El Capitan joined to a Windows AD environment using the built in Directory Utility. Then the only thing that is needed to replicate it is an install of ESET Endpoint Antivirus and log into the machine using a domain account. We are seeing it happen nearly 100% of the time.
  18. Any ESET employees able to give any insight to this issue? @Peter Randziak @MichalJ Are we close to a fix on this?
  19. We also have been experimenting with a similar solution of changing the egui path in the PLIST file so that it will automatically fail and not attempt to launch. All of the core functions of the software continue to function including communication with ERA. I think we can safely say that it is related to the GUI. We have provided numerous sets of logs, but can anyone confirm if they have received a resolution from support?
  20. Thanks for the reply. For database specific issues, what should I recommend to our DBA to check for? SQL isn't showing any errors and there is plenty of available resources on the server. The database does reside on a separate server from the ERA server. The pending logs don't seem to have any patterns around 00:00 localtime. When I am watching this happen, it appears the ERA server gets roughly 15-16k pending logs and then goes into some type of frozen state. The machines don't appear to be checking and the status.html page doesn't seem to update. Eventually it starts working again. Also, the last hour statistic may be a little high now. I restarted the service after it seemed to be hung for several hours in order to get it back operational and likely is the backlog. The trace log seems to quickly fill with:
  21. Sorry to stir up an old thread, but has their been any resolution to this? I am having similar issues with ERA 6.4 on a Windows 12R2 install with an external MS SQL server. The resources on both system not taxed at all (usually around 10-20%). However the log queue will show usually around 15k for most of the day. At random times it will go back down to normal before shooting back up. I worked with support a couple weeks back and basically was told that it was because I had third party application reporting enabled was likely the cause. However, the issue came back. Wanted to check here before I went round and round with support again.
  22. Is there any way to have ERA retrieve and dynamically update the Description field within the ERA console with data from AD in the description field. My organization uses this field to store the physical location of the device, and this would be very helpful to have within one console.
  23. Just an update. We migrated the DB off on to one of our enterprise SQL servers, but we are still seeing the same issue. Neither the SQL server nor the ERA server is heavily tasked. I worked with support the other day and they said it was likely due to my check in time for the ~3,600 clients was too frequent. I had it set to 10 minutes and that was adjusted to 20 minutes. They also disabled the third-party software reporting saying that was likely the cause. All was well into a few hours later when the problem returned. Is anyone else seeing this? Looking at the ERA Status file it is rejecting clients because the server is overloaded according to the status page. We are running this on Windows 2012R2 for the ERA server, and the SQL server is 2014.
  • Create New...