kingoftheworld
-
Posts
191 -
Joined
-
Days Won
1
Posts posted by kingoftheworld
-
-
I too have had issues with ERA 6/ESET 4 for Linux endpoint. I have seen where the client will just disappear out of my ERA console as if it was never there, and then it will just reappears at random times. Unable to find via IP or hostname.
-
Hello kingoftheworld.
I have a ticket logged #182652. Actually they got back to me today and the developers have asked what the HIPS support module version is on affected PC's which I duly gave them (version 1244) so I'm now waiting on them. I have previously given them process monitor traces of when the problem actually occurs and asked them to replicate the issue. May I ask where you are with your case and your case number? so I get them to group it under the same issue. Thanks.
If anyone else has any case numbers feel free to post these too.
Ashley.
I have referenced your ticket number with my case, 1429979. I am currently awaiting a reply and will let you know what I hear.
-
Has anyone gotten anywhere with support on this issue?
-
Is there any reason for not using upgrade mechanisms integrated in ERA? I mean "Components upgrade task" for upgrading AGENT's and "Software installation task" for upgrading endpoints?
Regarding all-in-one installer, I strongly recommend to test it before deploying to whole network because it was not tested to be used for upgrading - it's main purpose is initial deployment.
I am also in the process of updating, but have not looked into an AIO installer yet.
I get a lot of "failed" when updating from ERA.
I also have had a lot of failed tasks with the error "Task failed. Try installing manually". Additionally, I have an endpoint management tool, SCCM, that I would like to use to manage software and deploy updates from in a controlled manner.
-
I would like to confirm this behaviour.
We never put this in relation with Eset security solutions but we can confirm seeing the black screen with mouse cursor only for minutes after logging of from Win 10. The black screen after logoff appeared by random(approx 1 of 5 Loggoffs) on 20 PCs on 4 different Networks of our customers.
We never thought it´s related to eset software installed, we thought it´s a win 10 bug.
Because this problem was evident when setting up the PCs and was never seen in daily use(Power-On - Logon - Power off) we didn´t investigate further.
After reading your post i tried the following: At one customer location i set the exclusion rule at one Computer and tried to log off on this PC and another without the exclusion set for 20 times.
The PC with the Exclusion set never showed the black screen after logoff, on the PC without the exclusion the black screen happend 4 times).
Congratulations for your findings.
I would also like to confirm the issue you have been experiencing. I have been working with ESET support since May on the issue. Please open tickets as the more information they can gather should hopefully lead to a fix.
-
install over the top gives you option to keep existing settings. It's checked by default. The push through ERA will also keep existing settings which means your license information. Even if this information was lost the agent should be able to recognize and pull your license back to the endpoint.
Thanks for the information. I was planning on using the AIO to generate the Agent and Endpoint in one installer then use SCCM to deploy the package. In this scenario, would I need to include the license, or can I just do the installer?
-
I am in progress of planning on upgrading my clients from ERA Agent 6.3 to 6.4 as well as Endpoint AV. The server has already been upgraded and has been successful. I am interested in using the all in one installer to create a package that should update both the agent and the endpoint av product. My question is will I need to deploy the license with this as well, or will the license retain from the product already being installed?
-
If you are worried about exposing it to the world, have you considered accessing it through a VPN setup? Most organizations have some type of remote access configured, and if not, OpenVPN is rather simple to deploy and secure.
-
Another one that I have brought up several times is reporting the public IP address. This is very useful to my organization to allow us to see where mobile devices are currently.
-
hi:
after testing I found two things.
1. I install mysql 5.6 to replace mariadb 5.5. and now the "computer rename task" did run every hours. with mariadb 5.5 it seldom runs.
with mariadb 5.5 there are many strange behaviors, I will create another thread to discuss it.
2. it seems I don't need reverse dns resolving. agent find out computer name, and "computer rename task" use that name to replace ip address. I just don't understand why not use the computer name at first place? maybe ip address is a better choice to prevent conflicting at first place? but if client comes in with network nat, ip address will still conflict?
I would like to also find out if there is the ability to disable reverse DNS lookups. I would much rather use the hostname of the device.
-
Well
This FP was fixed shortly after you reported it yesterday. We responded quickly to it by pausing updates and releasing a fixed module.
More importantly, how is this being corrected for the future? This is the second time in two weeks that a bad definition file has been released and has caused significant issues.
In this case, users had an option to click a button to continue to the desired web page. Usually issues are not caused by a single failure and it's a chain of events that cause an issue in the end.
While the former FP was caused by changes in an internal tool for pre-processing URLs, this time it was a false positive of a phishing database provider that also some other vendors use but made it to the update in error. We have taken measures to prevent FPs like that on popular domains.
Well actually this was not the case. This false positive blocking https://login.microsoftonline.comprevented the proper use of our Microsoft Skype for Business client as it continuously prompted for a username and password and rejected any entry. Since this was not presented in a web browser, there was not option for the end user to override. The only work around was to disable protection or roll back updates.
-
This FP was fixed shortly after you reported it yesterday. We responded quickly to it by pausing updates and releasing a fixed module.
More importantly, how is this being corrected for the future? This is the second time in two weeks that a bad definition file has been released and has caused significant issues.
-
A much better solution for caching updates is using a proxy (e.g. Apache HTTP Proxy bundled with the ERA6 All-in-one installers). Using a proxy, you can substantially reduce the traffic between your machines and ESET's update servers. While the mirror tool always needs to download every single update file, with proxy only files that are really needed by clients would be downloaded.
I am not interested in the proxy. I have Mac clients that need to have a dual profile setup that is possible with the Windows versions of ESET but is not possible with Mac. For example, I need Macs to pull updates from an internal source while connected to our network but pull from ESET when away.
-
Please share with us was the problem was and how you fixed it so that other users know
Incorrect proxy server settings?Certainly. I used the mirror tool and was able to create the files to a folder in C:\inetput\wwwroot\mirror and did not specify parameters for what product to download since I have ESET4 and ESET 6 clients I thought I may soon point the 4 clients there at some point as well. I was not aware that I needed to specify down to the folder for ep6 in the policy and was instead just was just pointing it to the root of the update folder "eset_upd". For example I had hxxp://ipaddress:2221instead of hxxp://ipaddress:2221/ep6
-
Nevermind... Just solved it
-
I am using ESET's mirror tool to distribute definitions to my local LAN, and the tool is downloading properly. However, I am not able to get a client to download from the location.
I am using Server 2012R2 with IIS 8.5 over TCP/2221 and everything is working properly from this side and is open on the host firewall.
On the client, I get an error stating that it is unable to connect. This is a standard Windows 8.1 running ESET Endpoint AV 6.3
However, I am able to access the file on the server through a web browser. So I know it isn't a firewall issue.
Has anyone had any luck with this?
-
I'm not able to download the latest ERA as a virtual appliance?
Every time I go to the proper page and select the version for VMWare and click the download button, it just says to wait and the transfer never starts.
Pretty sure the file is missing or named incorrectly on the ESET server someplace.
Are you using Internet Explorer? If so, I think there is an issue with the site. When I was getting assistance from an ESET support rep, he wasn't able to get a piece of software downloaded from the site since I only had IE on the server VM.
-
I will say that I had the same issue yesterday. I restarted and the issue persisted. I ended up having to have ESET's escalation team repair my install on Windows 2012R2. They were unsure of the root cause and could only speculate that Windows updates was the issue.
Hope they we able to resolve it.
There are two main reasons this type of error:
- ERA server is not running: can be check in "Services" and possible failure reason can be found in ERA server trace.log
- Apache Tomcat hosting ERA Webconsole is not running properly: this may happen after java update - especially in case old java runtime environment is removed during update
They were that day. But as I arrive back in the office today, I am having the same issue all over. This is twice in one week so I will have to take time out of my day as well as our Engineer's to get this fixed.
-
Can any ESET representatives comment as to if a real mirror tool will be included in a future ESET Remote Admin release? When I say real mirror tool, I am wanting something to behave in the same manner and ease as the function did with ESET 4/5 console. I do not want a command line based that I have to create a scheduled task for and run Apache with. I do not want to run it from a endpoint. I want to check a box, enter the credentials I want, and a port number.
-
I will say that I had the same issue yesterday. I restarted and the issue persisted. I ended up having to have ESET's escalation team repair my install on Windows 2012R2. They were unsure of the root cause and could only speculate that Windows updates was the issue.
-
How long have you had the group sitting there? You will not see machines instantly. I found out the policy is evaluated on each client, and may take up to two check ins to the ERA server for you to see results.
-
This was yet another great feature of ESET 4/5... You could have a mirror setup from your admin console, definitions downloaded, and policy updated to point to the location in less than 5 minutes. The hackery now you have to go through with the proxy server, or setting one of your endpoints to act as a mirror is way too over the top for such a simple task.
-
Please forgive me if this is something I just missed, but I am wanting to know how I can view the scan logs from a scan in ESET Remote Admin 6.
For example, I see a threat in the threat tab and I start a scan. Where can I view the results of that? I do not want to mark the threat as resolved until I know what it was able to clean or if additional steps are needed.
-
Thanks for fast reply. We have one last question in our external IP survey: How would you use this external IP if available? Only visual confirmation in Webconsole? or you would also expect dynamic groups and client task (task executed on remote machine) to work based on this IP address? switching configuration based on IP address client is using?
We are asking because this feature was not removed intentionally, but it is not available due to architecture changes since previous ERA generations. It's integration into ERA6 may come with limitations in usability in comparison with currently available data collected on client computers.
Probably just a visual either as a column or in the client details window. In the past, we have never used it for grouping of clients.
Incorrect proxy server settings?
Intermittent Black screen with Cursor upon log off with Windows 10 (1511)
in ESET Endpoint Products
Posted
Has anyone else gotten anywhere with support?