avielc

Got it, well whatever you find necessarry, I can flood you with events starting next week, as I cleared them out for this week. (didn't expect to need more info) Also, I have filtered the exclusion to show only those enabled, so I only see those I have made.

Hi James, I would prefer to avoid sharing the computer box info online if you don't mind any other means you would prefer me to share this info with you?

I'm starting to wonder, any chance that it might not be working at all?

Here is anoher (python related too) the default exclusion says it has trusted signature (even though it doesn't say it here) but I tried adding it with no signature (not NONE, just nothing selected) still fails to clear the warning

quick update (just noticed your screenshot now) Thanks for the screenshot, I actually missed it completely and had to figure it out. I was trying to add coloring to the last scan interval.

Hi, So I went ahead and updated to the new EEI as I saw one of the new fixes is fixing exclusions (some of them) So I'm opening this post to add any exclusions I find that didn't work, whatever I find that doesn't work, I'll post here. I am trying to create a specific exclusion using the default options (removing the limit to computer name) and \ or try to add it to my pre-made exclusions which hold the same paramters on a larger scale (e.g. process name with no signature, and specific error type (M1010A (made up)) Here is the first one: let me know if you need more details (in this case I verified with the employee, he created that executable file himself.) Thanks

Gotcha I'll look into the format part (for some reason it didn't work for me the last time i tried) Do you have any guide on the correct report definition? (This all started because I tried to fix that and on the way lost the coloring. ) Regarding the original message about the oldest scan etc... glad to hear - looking forward to that fix.

I did try to edit that widget for some reason it was reporting multiple entries of the same computer (which defeats the purpose of understanding which computers aren’t running scans. I did notice (comparing to other default widgets) there is a format editing option. However I couldn’t find the format to color it correctly. is there some documentation to explain this? thanks!

Hi I noticed during our audit that the preview pane is showing the wrong information about the computer selected: Here is a picture on the preview pane Here is a picture when you open the computer object for more info: the latest scan that appears on the preview pane is 21st of March (might be later, I didn't bother checking) I'm assuming it might be related to the hotfix that came out at the end of March? Could that be it? Also, might be unrelated. This happened to me when trying to edit the widget. Any ideas what's up with that? (no colors) Thanks Aviel

Hi Peter Thanks for replying, I think EPNS was something outside the on-premise ESMC. Could it be you're confusing ESET Network Protection with ESET Push Notifications Service?

I noticed since yesterday 2 devices not registering properly with all the icons and in the ESET PROTECT. From further drill down today it seems to evolve from EPNS not working well. the error I see is the following: ERROR: Request: Era.Common.Services.Replication.PublishLogRequest on connection: host: "###Internal##########" port: 2222 with proxy set as: Proxy: Connection: ############Proxy address########, Credentials: Name: , Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 4, error message: Deadline Exceeded, and error details: . Request Id: 12d7feec-ddf5-4721-a4df-515ecd925b82 Replication details: [Task: CLogImportantTask, Scenario: Automatic replication (REGULAR), Connection: ###Internal##########:2222, Connection established: true, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: cdc3daa1-9e91-49d9-9ed8-e47c689f657d, Sent logs: 0, Cached static objects: 175, Cached static object groups: 11, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] All replication attempts: 5 Also checking the proxy I get the following error on the apache log - (this is apache server in the cloud) - [27/Apr/2022:13:12:33 +0000] "CONNECT epns.eset.com:8883 HTTP/1.1" 403 219 "-" "-" - [27/Apr/2022:13:12:33 +0000] "CONNECT epns.eset.com:443 HTTP/1.1" 403 218 "-" "-" - [27/Apr/2022:13:12:42 +0000] "CONNECT epns.eset.com:8883 HTTP/1.1" 403 219 "-" "-" - [27/Apr/2022:13:12:42 +0000] "CONNECT epns.eset.com:443 HTTP/1.1" 403 218 "-" "-" - [27/Apr/2022:13:13:12 +0000] "CONNECT epns.eset.com:8883 HTTP/1.1" 403 219 "-" "-" - [27/Apr/2022:13:13:12 +0000] "CONNECT epns.eset.com:443 HTTP/1.1" 403 218 "-" "-" any thoughts on the matter would be welcome Thanks!

I was facing the same issue. Your only solution is working with a proxy (I used apache) ESET has documentation for security rules to forward from the proxy so it's good

Here are some of the latest errors seems to be repeating: 2022-04-05 15:08:08 00000 Info: Events sent successfully to SERVER. Server responded with 200 status code in 7s921ms. 2022-04-05 15:12:45 00000 Error: License check failed. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_UNKNOWN (5000) 2022-04-05 15:12:55 00000 Info: Events Statistics, From:, 2022-04-05 15:08:09, To:, 2022-04-05 15:12:51, Duration (s):, 282, Events Per Second:, 0.280, Events:, 79, File:, 33, Registry:, 0, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 45, Injections:, 0, Dll:, 0, Traffic:, 0, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 0, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 0, TrafficInterval:, 0, Executions:, 0, Subprocesses:, 0, Connections:, 0, Batch Size (bytes):, 8525 2022-04-05 15:13:01 00000 Info: Events sent successfully to SERVER. Server responded with 200 status code in 5s703ms. 2022-04-05 15:17:45 00000 Error: License check failed. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_UNKNOWN (5000) 2022-04-05 15:17:55 00000 Info: Events Statistics, From:, 2022-04-05 15:13:09, To:, 2022-04-05 15:17:54, Duration (s):, 285, Events Per Second:, 4.091, Events:, 1166, File:, 928, Registry:, 0, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 237, Injections:, 0, Dll:, 0, Traffic:, 0, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 0, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 0, TrafficInterval:, 0, Executions:, 0, Subprocesses:, 0, Connections:, 0, Batch Size (bytes):, 76386 2022-04-05 15:18:09 00000 Info: Events sent successfully to SERVER. Server responded with 200 status code in 8s982ms. basically I see license check failure. Yet it looks different in the console: no error mentioning activation \ license issue

Hi Peter So glad to hear from you By this time I managed to fix it by multiple "license deactivations" + uninstall and reinstall until it worked. Currently though out of the 130~ machines reporting, I have 7 that have "can't connect to EEI Server" error. Any ideas what I can do to resolve it? - I tried in the past to increase the connection volume in the HTTPS settings. didn't seem to be effective now

Hi I'm having multiple issues with license activations once upgraded to 1.7.1978 I get multiple errors of the following nature: 2022-03-31 11:25:23 7f4f57fff700 Error: Error while sending control request to server at "eei-server.XXXXXXXXXXXXXXX". connect: Bad message [generic:74] 2022-03-31 11:26:22 7f4f8c26e700 Error: License activation failed: 2. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2) 2022-03-31 11:21:41 7f9ce3fff700 Error: License check failed. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2) 2022-03-31 11:21:41 7f9ce3fff700 Info: ESET Inspect integration with Endpoint has been successfully disabled Basically at random EEI doesn't want to activate. Any ideas what it could be?

Hi again Adding another problematic process: I tried making various exclusions it didn't work. Thanks!

Currently don't have those unfortunately, so if and when it'll come back I'll share those. Thank you!

@MartinK- couldn't find any dump files in the folder. maybe they weren't created?

Well, the only thing we have here is a Fortigate firewall. it might have some filtering system on it? That screenshot above sounds like the DLP solution on fortigate - any list of the ESET repo I can filter out? so it will access it without any issues? Thanks

Thanks for answering Martin Unfortunately it's kinda late now for that, I will try to ask for dumps tomorrow from the user we are talking about the latest agent version as of today. (9.0.14 something something) at first it didn't want to start or stop properly now it crashes on startup, I think it is working fine after that (last I checked)

Hi The ERA Agent keeps popping a crash message when first login to Ubuntu. Kernel is 5.13.0.35 attached is the screenshot of the error. what's next? (Had issues previously with Secure boot and what not before it managed to work. but I still have this error.) Thanks

Sent @Peter Randziak - Thanks Peter!

FYI - downloading manually from website works. but the download via the task is failing - I assume now it's ESET issue. can you please escalate that? I ran into this issue for the past 2 months or so for about 3-5 times. This is very disturbing.

Hoping to get more update on this matter. If anyone has any knowledge I'd appreciate it

Hi! I'm trying to download to a freshly ubuntu installed computer I get the following error in the trace.log file Tried to access the site from my computer (which isn't the same machine that was trying to download) And this is what I get. (usually a download opens up. is that ESET Side?