kingoftheworld
-
Posts
191 -
Joined
-
Days Won
1
Posts posted by kingoftheworld
-
-
However, with the mirror configuration, this internal and external access does not work well if the end-user triggers an update from the application menu. This will likely result in an error when the client is unable to reach the mirror server. I wish ESET would standardize this behavior between the PC and macOS versions of the product into a simple try server/config A first, if fail or unable to connect, try B.
-
Yes, the remote host field should give you the FQDN or IP of the public IP of the device.
-
6 hours ago, bbahes said:
By the way, latest V6.5 version is much much better than previous V6.x releases.
Agreed on this part. I am actually almost hesitant to move from 6.5 to 7 until it is a couple major revisions in. But the sooner I get my hands on a beta version to install on my dev server, the sooner I will feel comfortable.
-
20 minutes ago, MichalJ said:
Hello j-gray,
There are only two components updated - mirror tool (supporting creation of mirror for EP 6.6) & MDMcore, fixing some issues with mobile device management, mostly related to stability / performance). ERA Agent, Server, Webconsole are not changed. Installers were repacked, to include latest Tomcat & HTTP proxy components. So from this perspective, it is not expected to cause any trouble.
Do you have any information as to the next revision of the server will be released? Or will the next big release be ERA7?
-
2 hours ago, MichalJ said:
For the new version of ERA V7, we are planning to improve the handling of duplicated entries, and also support for VDI environments with non-persistent storage + environments where imaging software is being used. That should resolve your problem of having duplicated entries.
Machines removed from domain should be done by the "computer extinction handling" upon the sync from the AD.
Great! I am looking forward to the release!
-
2 minutes ago, Marcos said:
To remove computers not connecting to ERAS, run a "Delete not connecting computers" or "Static group synchronization" task.
I have found that to be problematic for a couple of reasons.
1. If the machine has just been powered off for an extended period of time. I don't really want to delete the object since that will lose all information about the device. If the machine has been reimaged, I only want to keep the one with the most recent connection.
2. I have found this to be problematic with licensing when selecting the remove option license. For example, I believe when a machine is named "CompName123" and that machine is reimaged with the machine "CompName123", when the delete non-connecting machines task is issued with the remove license. I have not heavily tested, but I believe in a couple of cases it is being removed from both the old and new object. In ERA 6, this is an issue since you have to reissue the activate command to the object rather than in previous versions of the server issuing the license from the server automatically.
-
One thing I know would be useful to me and my team is a way to quickly purge or remove machines from ESET that are duplicates or even stale machines from ERA 6. We have found that as machines are reimaged, or removed from the domain, their ESET object remains. I understand that ESET doesn't receive any notification as far as when these events happen, but if there was the ability to easily do a clean up within the console, this would be very helpful. My current process for this is to build a machine report to a specific OU, download the CSV into Excel, and do some filters to evaluate duplicates. This is tedious and time consuming to do. Would anyone else find this useful?
-
If you are good with SQL, you can build the report you are looking for. That is how I built a similar report. It takes a little bit of poking around to understand the structure, but with a few joins, it is possible
-
If anyone is interested in a work around, I added the URL to the "Exclude from Checking" in the Web Protection section of a policy. It seems have resolved the issue. Will remove this entry once the definitions are updated.
-
2 minutes ago, jtown82 said:
All the sudden our ERA is spamming alerts for addthis_widget.js and flagging it as JS/TrojanDownloader.Pegel.BH. literally 20-30 different computers at the same time. Not sure if this is legit or if another bad push of definitions went out and its false positives. Anyone else all the sudden getting these alerts?
AppData/Local/Microsoft/Windows/INetCache/Low/IE/EZ3ZKCGG/addthis_widget[1].js
er/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/W5TI9TST/addthis_widget[3].js
Experiencing the same here
-
Any ETA on the new mirror tool and ERA server to manage the new endpoint?
-
I am running 6.5 agent and endpoint
-
I see that on roughly 200 of my 5000 clients. On the endpoints, all appear fine. All are on a standard image and generally configured the same. Sometimes a restart of the machine makes it go away.
-
8 hours ago, lakecityransom said:
I am trying to understand the importance of getting the client software updated. Is the underlying functionality the same? I imagine not having the latest version can cause problems if you wield the ERA console, but if there are no ERA Agents installed does it matter that much?
I would recommend reading the release notes for each version. Each version, can include security fixes, bug fixes, or just general stability fixes. I think it would be best to check out the notes on the Downloads page to see if any of the fixes warrant you upgrading your clients.
-
12 hours ago, Pavel Nosov said:
Good day. About a week ago we encountered a problem with our ESET Endpoint Antivirus 6.5. We have a server with ERA 6.5 and about 300 various computers with EA 6.5. Everything was OK, but on last week some clients (about 5 so far) running Windows 8.1 Enterprise have Endpoint Antivirus deactivated after restart. Maybe some Windows Update caused this situation? I tried to run the Activate client task on these clients, but without success. Currently we are solving this problem by reinstalling the ESET EA.
I would like to confirm this as well. Except, I have about 6,000 endpoints and it is not with all of them, but enough to be noticeable. Out of curiosity, what is the status that is being reported to ERA? In my specific case, I see that the machine in ERA is reporting the status that the definitions are out of date. While this is true, the underlying status of the product not being activated in not being reported. On the client, it clearly states that the product is not activated. I opened a ticket this morning with support, but I would like to know if others are having similar issues as well.
-
1 hour ago, Gonzalo Alvarez said:
Hi @kingoftheworld,
Is suggested to have latest AV version for security reasons, start upgrading the Agents should be the first step.
If I understand correctly the report to ERA server is "Not activated" and "AV not updated" but the terminal is with ESET activated and updated to latest definition?
The problem is bad communication between the ERA <> terminals?
Understood and heard. However, it is easier said than done in 7,500 client environment having to go through our Engineering teams and Change Management. That part is in progress.
The clients are in fact no longer activated. It is possible they were left offline for an extended period of time and ELA deactivated them after 180 days, which is what I have it set to. However, the status showing in ERA is that the definitions are out of date, which is true because the clients are not activated. However, the status of the machine not being activated is not being reported, but is apparent when directly accessing the machine.
-
I am seeing an issue on a bunch of my clients where the status "Product Not activated" is not being reported back to ESET Remote Admin. However, I do see the status that the definitions are out of date. However, once I physically or remotely connect to one of the clients, it is displayed there. Has anyone else seen this?
I am running ERA 6.5 server.
Clients are running ERA 6.3.* to 6.5.* agent. and mostly 6.3 A/V
-
Should be no problem for 1000 endpoints. Check out their Infrastructure Sizing guide, hxxp://help.eset.com/era_install/65/en-US/index.html?infrastructure_sizing.htm
I currently have around 5,000 clients on one server in our datacenter, and I will probably add another 3,000 or so. A lot will depend on how often you set your clients to check-in. I have mine running at 10 minutes, and I would say the traffic is fairly minimal.
-
2 hours ago, Marcos said:
I'd suggest distributing update files via an http server instead of local shares to avoid hassles with rights and the limit for the number of concurrent connections that operating systems have. Ideally you should use an http proxy instead of a local mirror which will also reduce the amount of data downloaded from ESET's update servers.
+1 for HTTP server. Too many issues using a SMB share. I am using IIS to distribute the updates and have a second folder where I store the A/V packages for easy distribution within my network. Any will work though, Apache, Nginix, etc.
-
Can I get a beta license for this?
-
The better question is why are you using Server 2003 to run a security application?
-
1 hour ago, Marcos said:
Yes. Not Feb 14, 2018
Thanks! Is there any timeframe for the big 7 release? From what I can gather, 6.5 may be the end of the 6 series?
-
7 minutes ago, MichalJ said:
This is quite a tricky request. We usually do not share road-maps publicly (for obvious reasons). We share them with our partners / regional offices, or with customers that have NDA agreements signed with us (like technology partners, etc). I can share only some high-level plans, about what we will do for the ERA V7 by the end of the year (currently planned timeline). Major improvements will be focused on the user experience, automation, orchestration (large scale / network wide automation). We will also integrate ESET Encryption by Deslock to the ERA, so a separate console won´t be needed. But there are more changes, mostly tailored towards the Enterprise customers. But there are some changes for SMBs as well, that you could be excited about. But more info to come, in upcoming months.
@chetankb1 We do plan to collect information about CPU, RAM, HDD, and some basic device information (as we have it now). Concerning the change tracking, could you please elaborate more about the desired use-case / problem you want to solve by this? It might be possible, but I can´t tell as of now. But the ERA reporting framework eventually allows to do it, if it makes sense.
On the other note, we are regularly doing customer researches with selected customers, where we do try to visit them in person, and get a deeper understanding about what are they needs in the area of security. @kingoftheworld, @bbahes would you be eventually interested in participating in such research, either over the phone / webex, or ideally in person. I do not know where you are located, we would like to focus primarily on mature enterprise markets, and users with good English knowledge, but we can adjust. During such visits, we can arrange signing of the NDA, and then also have a more open discussion about what ESET plans to do in the future. Major benefit (by dedicating couple of hours to talking with us) for you is, that your might in fact shape the future of the product that you are using. This year, we want to focus on the needs of the larger / enterprise customers in particular. So if you are interested, just drop me a private message, about your details, and we might get in touch (I can share with your some detailed objectives).
Thanks for the quick reply. I think what you mentioned may already in the works. We had your VP for Sales visit our site last year, and our sales rep mentioned that someone from ESET was planning another visit this year. I am not sure if it is more geared towards sales or product improvement. I will reach back out once I get some more details of the already planned visit.
-
If it is for ERA 6.*, you can generate a shell script from your ERA console. Much like you likely did for Windows. Then you can either log into the desktop or via SSH and execute the script. You may have to modify permissions on the script to allow for execution.
OPEN ELA duplicate licenses
in ESET PROTECT On-prem (Remote Management)
Posted
The problem with removing the duplicate seat is exactly as you mentioned. If the device is a laptop and checks in the first time with a wired NIC to activate, then checks in with the wireless NIC later activating a second license, how are you supposed to tell the difference between which one is which? I have stopped removing duplicates because it has generated a service ticket when I incorrectly guessed the wrong one and was showing deactivated messages on the client side.