avielc
Members-
Posts
385 -
Joined
-
Last visited
-
Days Won
6
Everything posted by avielc
-
Hi, So I went ahead and updated to the new EEI as I saw one of the new fixes is fixing exclusions (some of them) So I'm opening this post to add any exclusions I find that didn't work, whatever I find that doesn't work, I'll post here. I am trying to create a specific exclusion using the default options (removing the limit to computer name) and \ or try to add it to my pre-made exclusions which hold the same paramters on a larger scale (e.g. process name with no signature, and specific error type (M1010A (made up)) Here is the first one: let me know if you need more details (in this case I verified with the employee, he created that executable file himself.) Thanks
-
Gotcha I'll look into the format part (for some reason it didn't work for me the last time i tried) Do you have any guide on the correct report definition? (This all started because I tried to fix that and on the way lost the coloring. ) Regarding the original message about the oldest scan etc... glad to hear - looking forward to that fix.
-
I did try to edit that widget for some reason it was reporting multiple entries of the same computer (which defeats the purpose of understanding which computers aren’t running scans. I did notice (comparing to other default widgets) there is a format editing option. However I couldn’t find the format to color it correctly. is there some documentation to explain this? thanks!
-
Hi I noticed during our audit that the preview pane is showing the wrong information about the computer selected: Here is a picture on the preview pane Here is a picture when you open the computer object for more info: the latest scan that appears on the preview pane is 21st of March (might be later, I didn't bother checking) I'm assuming it might be related to the hotfix that came out at the end of March? Could that be it? Also, might be unrelated. This happened to me when trying to edit the widget. Any ideas what's up with that? (no colors) Thanks Aviel
-
Hi Peter Thanks for replying, I think EPNS was something outside the on-premise ESMC. Could it be you're confusing ESET Network Protection with ESET Push Notifications Service?
-
I noticed since yesterday 2 devices not registering properly with all the icons and in the ESET PROTECT. From further drill down today it seems to evolve from EPNS not working well. the error I see is the following: ERROR: Request: Era.Common.Services.Replication.PublishLogRequest on connection: host: "###Internal##########" port: 2222 with proxy set as: Proxy: Connection: ############Proxy address########, Credentials: Name: , Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 4, error message: Deadline Exceeded, and error details: . Request Id: 12d7feec-ddf5-4721-a4df-515ecd925b82 Replication details: [Task: CLogImportantTask, Scenario: Automatic replication (REGULAR), Connection: ###Internal##########:2222, Connection established: true, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: cdc3daa1-9e91-49d9-9ed8-e47c689f657d, Sent logs: 0, Cached static objects: 175, Cached static object groups: 11, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] All replication attempts: 5 Also checking the proxy I get the following error on the apache log - (this is apache server in the cloud) - [27/Apr/2022:13:12:33 +0000] "CONNECT epns.eset.com:8883 HTTP/1.1" 403 219 "-" "-" - [27/Apr/2022:13:12:33 +0000] "CONNECT epns.eset.com:443 HTTP/1.1" 403 218 "-" "-" - [27/Apr/2022:13:12:42 +0000] "CONNECT epns.eset.com:8883 HTTP/1.1" 403 219 "-" "-" - [27/Apr/2022:13:12:42 +0000] "CONNECT epns.eset.com:443 HTTP/1.1" 403 218 "-" "-" - [27/Apr/2022:13:13:12 +0000] "CONNECT epns.eset.com:8883 HTTP/1.1" 403 219 "-" "-" - [27/Apr/2022:13:13:12 +0000] "CONNECT epns.eset.com:443 HTTP/1.1" 403 218 "-" "-" any thoughts on the matter would be welcome Thanks!
-
I was facing the same issue. Your only solution is working with a proxy (I used apache) ESET has documentation for security rules to forward from the proxy so it's good
-
EEI | License activation failed
avielc replied to avielc's topic in ESET Inspect On-prem (Detection and Response)
Here are some of the latest errors seems to be repeating: 2022-04-05 15:08:08 00000 Info: Events sent successfully to SERVER. Server responded with 200 status code in 7s921ms. 2022-04-05 15:12:45 00000 Error: License check failed. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_UNKNOWN (5000) 2022-04-05 15:12:55 00000 Info: Events Statistics, From:, 2022-04-05 15:08:09, To:, 2022-04-05 15:12:51, Duration (s):, 282, Events Per Second:, 0.280, Events:, 79, File:, 33, Registry:, 0, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 45, Injections:, 0, Dll:, 0, Traffic:, 0, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 0, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 0, TrafficInterval:, 0, Executions:, 0, Subprocesses:, 0, Connections:, 0, Batch Size (bytes):, 8525 2022-04-05 15:13:01 00000 Info: Events sent successfully to SERVER. Server responded with 200 status code in 5s703ms. 2022-04-05 15:17:45 00000 Error: License check failed. Request to ESET Endpoint Security/Antivirus failed. Error PERSEUS_UNKNOWN (5000) 2022-04-05 15:17:55 00000 Info: Events Statistics, From:, 2022-04-05 15:13:09, To:, 2022-04-05 15:17:54, Duration (s):, 285, Events Per Second:, 4.091, Events:, 1166, File:, 928, Registry:, 0, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 237, Injections:, 0, Dll:, 0, Traffic:, 0, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 0, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 0, TrafficInterval:, 0, Executions:, 0, Subprocesses:, 0, Connections:, 0, Batch Size (bytes):, 76386 2022-04-05 15:18:09 00000 Info: Events sent successfully to SERVER. Server responded with 200 status code in 8s982ms. basically I see license check failure. Yet it looks different in the console: no error mentioning activation \ license issue -
EEI | License activation failed
avielc replied to avielc's topic in ESET Inspect On-prem (Detection and Response)
Hi Peter So glad to hear from you By this time I managed to fix it by multiple "license deactivations" + uninstall and reinstall until it worked. Currently though out of the 130~ machines reporting, I have 7 that have "can't connect to EEI Server" error. Any ideas what I can do to resolve it? - I tried in the past to increase the connection volume in the HTTPS settings. didn't seem to be effective now -
Hi I'm having multiple issues with license activations once upgraded to 1.7.1978 I get multiple errors of the following nature: 2022-03-31 11:25:23 7f4f57fff700 Error: Error while sending control request to server at "eei-server.XXXXXXXXXXXXXXX". connect: Bad message [generic:74] 2022-03-31 11:26:22 7f4f8c26e700 Error: License activation failed: 2. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2) 2022-03-31 11:21:41 7f9ce3fff700 Error: License check failed. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2) 2022-03-31 11:21:41 7f9ce3fff700 Info: ESET Inspect integration with Endpoint has been successfully disabled Basically at random EEI doesn't want to activate. Any ideas what it could be?
-
ERA Agent crashing | Ubuntu 20.04.3
avielc replied to avielc's topic in ESET PROTECT On-prem (Remote Management)
Currently don't have those unfortunately, so if and when it'll come back I'll share those. Thank you! -
ERA Agent crashing | Ubuntu 20.04.3
avielc replied to avielc's topic in ESET PROTECT On-prem (Remote Management)
@MartinK- couldn't find any dump files in the folder. maybe they weren't created? -
ERA Agent crashing | Ubuntu 20.04.3
avielc replied to avielc's topic in ESET PROTECT On-prem (Remote Management)
Thanks for answering Martin Unfortunately it's kinda late now for that, I will try to ask for dumps tomorrow from the user we are talking about the latest agent version as of today. (9.0.14 something something) at first it didn't want to start or stop properly now it crashes on startup, I think it is working fine after that (last I checked)