avielc

Hi, Wanted to ask if there's any visibility for that to happen any time soon? I'd like to cover our Ubuntu dev class machines too, and I'm missing a solution for these machines. Thanks

Thanks for the update Peter, I'll be testing it out starting Sunday through our company.

Basically follow this guide (including the bottom part of how to rebuild the repo) https://kb.acronis.com/content/62731 Here is a quote of the info from there:

Thanks @MartinK Your hint really lead on the resolution. Issue was with WMI not registering correctly. I checked the wmi management console (click on properties) and found it fails to output a successful query. Reset the repo (changed it to old) as well as reset repository. reinstalled the agent, and it fixed it. Thanks again

Hi I had some issue where computers suddenly stopped sending logs to the clients, after a while I figured it was related to the upgrade of client's version to the latest(1764), while the server was on previous version(1755) so now there are still a few machines (mostly Windows ) That receive this error in the log: 2022-02-01 18:03:14 017e8 Info: Events Statistics, From:, 2022-02-01 17:58:35, To:, 2022-02-01 18:03:09, Duration (s):, 274, Events Per Second:, 2.883, Events:, 790, File:, 256, Registry:, 189, TcpIp:, 40, Http:, 10, Dns:, 9, Process:, 74, Injections:, 0, Dll:, 15, Traffic:, 22, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 12, Wmi:, 161, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 2826981, TrafficInterval:, 34560, Executions:, 0, Subprocesses:, 0, Connections:, 14, Batch Size (bytes):, 57183 2022-02-01 18:03:51 017dc Error: Error while sending request to server at "eei-server.hq.leadspace.com:2226". The I/O operation has been aborted because of either a thread exit or an application request 2022-02-01 18:08:14 017e8 Info: Events Statistics, From:, 2022-02-01 18:03:35, To:, 2022-02-01 18:07:58, Duration (s):, 263, Events Per Second:, 1.373, Events:, 361, File:, 170, Registry:, 21, TcpIp:, 3, Http:, 1, Dns:, 5, Process:, 31, Injections:, 0, Dll:, 13, Traffic:, 14, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 101, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 17721336, TrafficInterval:, 5060, Executions:, 0, Subprocesses:, 0, Connections:, 1, Batch Size (bytes):, 26194 2022-02-01 18:13:14 017e8 Info: Events Statistics, From:, 2022-02-01 18:08:27, To:, 2022-02-01 18:13:07, Duration (s):, 280, Events Per Second:, 1.357, Events:, 380, File:, 235, Registry:, 4, TcpIp:, 6, Http:, 2, Dns:, 17, Process:, 42, Injections:, 0, Dll:, 11, Traffic:, 15, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 1, Wmi:, 44, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 2, TrafficSize:, 45493561, TrafficInterval:, 6183, Executions:, 0, Subprocesses:, 0, Connections:, 2, Batch Size (bytes):, 31250 2022-02-01 18:18:14 017e8 Info: Events Statistics, From:, 2022-02-01 18:13:29, To:, 2022-02-01 18:18:08, Duration (s):, 279, Events Per Second:, 3.376, Events:, 942, File:, 473, Registry:, 148, TcpIp:, 17, Http:, 7, Dns:, 19, Process:, 74, Injections:, 0, Dll:, 16, Traffic:, 21, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 3, Wmi:, 162, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 28512885, TrafficInterval:, 14336, Executions:, 0, Subprocesses:, 0, Connections:, 5, Batch Size (bytes):, 74584 2022-02-01 18:23:14 017e8 Info: Events Statistics, From:, 2022-02-01 18:18:15, To:, 2022-02-01 18:23:04, Duration (s):, 289, Events Per Second:, 0.879, Events:, 254, File:, 100, Registry:, 44, TcpIp:, 7, Http:, 2, Dns:, 0, Process:, 29, Injections:, 0, Dll:, 10, Traffic:, 17, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 43, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 22352178, TrafficInterval:, 5428, Executions:, 0, Subprocesses:, 0, Connections:, 2, Batch Size (bytes):, 26400 2022-02-01 18:28:14 017e8 Info: Events Statistics, From:, 2022-02-01 18:24:07, To:, 2022-02-01 18:28:04, Duration (s):, 237, Events Per Second:, 1.139, Events:, 270, File:, 98, Registry:, 38, TcpIp:, 3, Http:, 1, Dns:, 2, Process:, 39, Injections:, 0, Dll:, 12, Traffic:, 6, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 2, Wmi:, 66, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 2, TrafficSize:, 11554257, TrafficInterval:, 1286, Executions:, 0, Subprocesses:, 0, Connections:, 1, Batch Size (bytes):, 20083 2022-02-01 18:30:26 08334 Error: Error while sending control request to server at "eei-server.hq.leadspace.com:2226". The I/O operation has been aborted because of either a thread exit or an application request 2022-02-01 18:31:19 08334 Error: Error while sending control request to server at "eei-server.hq.leadspace.com:2226". The I/O operation has been aborted because of either a thread exit or an application request 2022-02-01 18:32:55 08334 Error: Error while sending control request to server at "eei-server.hq.leadspace.com:2226". The I/O operation has been aborted because of either a thread exit or an application request 2022-02-01 18:33:14 017e8 Info: Events Statistics, From:, 2022-02-01 18:28:58, To:, 2022-02-01 18:33:06, Duration (s):, 248, Events Per Second:, 0.694, Events:, 172, File:, 73, Registry:, 8, TcpIp:, 2, Http:, 0, Dns:, 1, Process:, 29, Injections:, 0, Dll:, 10, Traffic:, 12, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 35, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 42433319, TrafficInterval:, 4211, Executions:, 0, Subprocesses:, 0, Connections:, 1, Batch Size (bytes):, 15951 2022-02-01 18:33:40 017dc Error: Error while sending request to server at "eei-server.hq.leadspace.com:2226". The I/O operation has been aborted because of either a thread exit or an application request 2022-02-01 18:38:14 017e8 Info: Events Statistics, From:, 2022-02-01 18:33:26, To:, 2022-02-01 18:38:14, Duration (s):, 288, Events Per Second:, 0.774, Events:, 223, File:, 99, Registry:, 13, TcpIp:, 0, Http:, 0, Dns:, 5, Process:, 33, Injections:, 0, Dll:, 11, Traffic:, 14, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 3, Wmi:, 43, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 26354185, TrafficInterval:, 5530, Executions:, 0, Subprocesses:, 0, Connections:, 0, Batch Size (bytes):, 19049 2022-02-01 18:43:05 08334 Error: Error while sending control request to server at "eei-server.hq.leadspace.com:2226". The I/O operation has been aborted because of either a thread exit or an application request 2022-02-01 18:43:14 017e8 Info: Events Statistics, From:, 2022-02-01 18:38:21, To:, 2022-02-01 18:43:09, Duration (s):, 288, Events Per Second:, 0.618, Events:, 178, File:, 70, Registry:, 4, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 29, Injections:, 0, Dll:, 10, Traffic:, 16, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 1, Wmi:, 46, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 32800150, TrafficInterval:, 7999, Executions:, 0, Subprocesses:, 0, Connections:, 0, Batch Size (bytes):, 15840 Any ideas how can I fix this?

As you guys are aware 21H2 is becoming a thing. I found I had a machine with 21H2 version 19044.1503 - It's one of a kind (probably no other machine received 21H2, but I"m already starting to receive a notification of another one. My issue is - these machines don't report the OS information back attached screenshot: the bottom machine is also Windows Based. Here are a few more info examples when expanding that object: Any ideas what to look for? It's reporting correctly, but again, no dynamic policies are deployes to the machine it has to be specified manually. (dynamic policies = polices set on dynamic groups, e.g. windows, mac, etc... )

I'm going to chime in here, a machine in the org is on Windows 10 Pro 21h2 - 19044.1503 - for some reason ESET PROTECT can't identify anything on the system, not Windows platform, nothing. Conenction seems to be good, but it won't grab any policies \ dynamic groups for auto deployment as ESET Can't grab any details on the computer. This computer is a desktop Core i7-5860k (6 core) - one of 11 computers,. yet, the only one with this build (can't go back on it. ) any ideas what it could be? or how we can resolve it? Thanks

Hi @Adam Luzsicza Sorry for the late reply, Must've slipped my todo's. Using the latest version of EEI Server\Agent There are a few more that I fail to clear. Here is another: I made an automated exclusion here using the "Create exclusion" which automatically adds the process and certificate level + Detection type to avoid - In the list of the exclusions I still get "Hit count" on 0 (Hope you can see it, it's really small) I found a few others that the auto exclusion doesn't do anything. any ideas about that?

As said above EEI is unable to get the right exception to ignore any 7zip work (7zg.exe file) attaching photos of the file name and exceptions created Hash: C8044344C8DD9EB135E86D257946DE9777C14453 I tried creating exceptions to catch the actual process name \ any ancestor process \ process directory \ hash. Nothing triggers the auto-resolve

Adding a screenshot(s, accidentally took only the results not the task name) . Seems like also AV Definition update is failing an installation task if they both need to run. Is there a way to make a slow down \ limit the tasks one at the time? @Marcos - thanks for updating the title.

Hi Not sure if this was brought up before. When having multiple software install tasks (EES EEI, 3rd party software, component upgrade(Agent) ) - they tend to clash on Windows platform and cancel themselves out due to MSI installer not being able to handle multiple instances. Is there some Trigger\throttle option to limit such action from happening? (maybe a condition to add to the task) I would hate to have some nested dynamic group only to condition if this is installed you can install the next one... Thanks

That explains it, sorry for the late confirmation. Thanks!

I'm doing a second update here just to make it clear. This has been resolved. my missing step was the following missing information from the suggested KB above: You need to trigger new detections that will contain the link to the new hostname configured in the applied EEI configurations. in other words, this is something that only occurs on new detections after applying changes to the eei-server configurations, not on older detections. (kind of important info) Thanks Damian!

Thanks I'll continue there, unfortunately this doesn't work for me. for some odd reason. Thanks

Hi Damian, I tried following that guide (Must emphasize I'm using ESET PROTECT, and not ESMC) it didn't work, I'm still being directed to the dc domain name and not the public one. Anything I should do more? I thought maybe configuring that on the ESET PROTECT .ini file if there's such a thing, it would've do the right redirect.

That is correct. Right now for some reason the EEI redirect page is also pulling out the Domain Controller server name instead of the DNS record I made just for EEI console. (another odd one)

My apologies, seems I confused EDTD with EEI in the release notes. never used Dynamic threat (yet) so it was somewhat confusing to understand the difference between the two. https://support.eset.com/en/kb8130-whats-new-in-eset-protect-90

Yea, Thanks for the correction on the verion. And yea I meant that will ESET continue to work in this method where future ESER Console(PROTECT\ESMC) will all support MSSQL Express that came bundled, without breaking it on some version. Thanks for answering that. One final question, is there any "benfit" in merging ESET and EEI databases into a single database server? (two separate dbs of course) or it doesn't matter, and will ESET support having a single UI to work with both aspects in the future (I thought I read something about it with ESET PROTECT 9 - not sure I understood it correctly) Thanks @MartinK

Hi There. I saw in the release notes that ESET PROTECT 9 has support to show the EEI information inside its console. Anytime I tried to click on information I was redirected to the other server (and not the right link either, but that's a different issue. ) How do I see the EEI information inside the ESET PROTECT Console. This is a separate issue, but might as well ask - how do I get the right hostname information when clicking the EEI link (I'm directed to the Server name, and not the DNS record I gave the EEI Server. Thanks!

Thanks for the reply Martin. So there's no way to change the original installation of ESET's (dating back to ESET 5) bundled MSSQL Express edition? Will this mean ESET will continue to support this method for future versions of ESET and if that ever changes a proper solution will be provided? Thanks

Bumping the question for an answer to my question. Waiting to hear from you @Marcos or anyone else.

Hi Guys. I'd like to know how to remove that warning. it appears for employees after OS Upgrade - and unless I ask them to open the ESET app - it won't go away. Any chance to remove it through policies or send some remote task to remove it for them? this warning is pretty pointless in our organization. Thanks

Thanks Marcos I actually checked online, there are websites that explain on moving db from mssql to mysql - is there any specific reason why it doesn't work? You can change the tomcat config for ESET to connect to a different database to start from, right? Is there a risk of losing something? How can you perform a migration from specific database to another? E.g. any chance ESET Console will not be available with mssql installation built into it, what will happen if I migrate to a new machine and not have mssql available for it?

Hi everyone. I've had the pain of installing EEI and found out the hard way that mysql is the only way to go with it. (MSSQL Express doesn't cut, nor can I install MSSQL that comes with the ESET PROTECT) Since this is the case, I'd like to migrate the ESET PROTECT Console Db from MSSQL to MySQL Was hoping to hear from experience here if anyone managed to do that successfully and how it is done as swiftly as possible. Server is on the same machine, so I can install Mysql community on the same server EPROTECT is installed. Thanks!

Found the answer - under the the installation (programfiles\eset\enterpriseinspector - a file named eiserver.ini same place to change the connection port