avielc

Hi This is a quick question Is it possible to change the listening port on the server after installation? (I'm on the default 8093 and would like to change it) Thanks

RTFS = RealTime File Scanning? Seriously??

Thanks for the info, so I understand the issue is with a kernel version - something I can't allow to have a lower version in my organization. Waiting for a fix for that. Thank you!

oh nice !I didn't know it was related. for the time being I downgraded the computers that had this slow down appear, back to 8.0.3.0 Hope it'll get fixed asap

Going back to this topic. Seems like Ubuntu 20.04\18.04 gets stuck with 8.1.3 after a while (I'm thinking startup scan? ) the user experiences major freezes of the UI, everything you try to open (from Terminal to browser\apps) gets stuck for a certain period of time and then suddenly opens. any ideas what it's related to? (certain scan I should limit perhaps?)

Hi I'll be reviving this post for a few points if possible 1. how do you exclude it for Mac\Windows users? 2. how do you tell ESET to warn the user when they are being remotely connected? Thanks!

Any news Michal?

Thanks @MichalJ! that's some great news.

Thanks for the quick reply @MichalJ So I just ran into another limitation in that short period of time it took you to reply I'm trying to get the following information: Computer name, Serial Number, CPU, RAM(total a mount), list of installed applications (Specifically looking for Java variants + Intellij products(Pycharm\idea) ) and the versions of these applications\java. I made an entire application report separately to the hardware one. but it seems that even in Hardware report I will need to break it down between CPU\RAM and even serial number each on its own report, which is a HUGE limitation for such straight forward information.

Hi Everyone, I'd like to create a report that has both Hardware information (RAM\CPU\Serial number), Computer name, and applications installed on the machine. For some reason once you select something specific, the list is being cut drastically to very specific topics after that. Any chance to lift this limit and be able and product a single report with everything inside, without needing to merge these reports together in a separate process? If that doesn't exist, can that be added to a feature request to the ESET Console? That would really REALLY be helpful! Thanks

Updating - I sent the logs + the extended logs (Allowing logging + collect logs again) hopefully I'll get some answers soon Thanks again @Marcos

Got it Thanks Marcos!

Hi, I'm reopening this: got the following error on a system I made sure secure boot is disabled: confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Invalid CfgModuleRegisterCallbackRequest on path plugins.01000600.settings.GlobalScanner, error 7020 confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) scand[35418]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em003_64.dat(0x31b000, 0xde000, 0x1a000) = 0x7f5901624000 scand[35418]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em052_64.dat(0x5b000, 0xb000, 0x6000) = 0x7f59015b8000 scand[35418]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em002_64.dat(0x0, 0x7387000, 0x0) = 0x7f58fa231000 scand[35418]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em002_64.dat(0x1d8000, 0x81000, 0x1d000) = 0x7f58f9fbb000 scand[35418]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em004_64.dat(0x2d6000, 0x345000, 0x1d000) = 0x7f58f9983000 confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) confd[35403]: ESET Endpoint Antivirus Debug: Application socket 2531725551373760: usage for user 996: 1 connection(s) scand[35418]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em000_64.dat(0x1c000, 0x6000, 0x2000) = 0x7f58f8038000 Any ideas why I keep getting : adding another piece of log: logd[36759]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em000_64.dat(0x1c000, 0x6000, 0x2000) = 0x7f6e9f5f1000 logd[36759]: ESET Endpoint Antivirus Debug: Application socket 2537354074143300: usage for user 995: 0 connection(s) confd[36765]: ESET Endpoint Antivirus Debug: Application socket 2531747610133760: usage for user 995: 0 connection(s) confd[36765]: ESET Endpoint Antivirus Debug: Application socket 2531747610133760: usage for user 995: 0 connection(s) startd[36756]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em000_64.dat(0x1c000, 0x6000, 0x2000) = 0x7f1186743000 startd[36756]: ESET Endpoint Antivirus Debug: Process /opt/eset/eea/lib/oaeventd[36771] has been created. startd[36756]: ESET Endpoint Antivirus Debug: Process /opt/eset/eea/lib/scand[36780] has been created. oaeventd[36771]: ESET Endpoint Antivirus Error: Cannot open file /lib/modules/5.8.0-36-generic/eset/eea/eset_rtp.ko: No such file or directory oaeventd[36771]: ESET Endpoint Antivirus Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs. oaeventd[36771]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em000_64.dat(0x1c000, 0x6000, 0x2000) = 0x7efeb4110000 oaeventd[36771]: ESET Endpoint Antivirus Debug: NODMEM: /var/opt/eset/eea/lib/em000_64.dat(0x1c000, 0x6000, 0x2000) = 0x7efeb4110000 Some info on the machine: New Dell Latitude 7410. Ubuntu 20.04.1 LTS Thanks @Marcos

I never tried to mess around with that, so I assume unless ESET has some default to block certain repos, there shouldn't be anything blocking it. in terms of working through proxy, I have such solution deployed, but I'm limiting it to agent reporting only and not mirroring or serving as download points for app

Hi Marcos, Perhaps I wasn't clear with my question. This task has ran and succeeded on quite a few jobs with the exact same AV installation. it gets a failed attempt once in a while (no idea why, the package is still the latest AV installation) and if i'll run the same client task again manually it'll work. it just needs a rerun. now that we've cleared that, any way to get that to work? Also I mentioned another status of "TImed out" Thanks

Thanks Marcos, I needed to have that piece of info to resolve the issue (turning off secure boot on BIOS) such an annoying little thing, and I really had to scavenge these logs to find that bit of info about it.

Hi all, I ran into the issue where sometimes an automated task failed due to a reason of "Time out" or "package not found in repository" for installing AV software. using a dynamic group and a task assigned to that group. Any chance to automate the "run on failed" until EEA\EES is installed successfully and the agent clears that "dynamic auto-deploy folder" Attaching screenshot of the failed attempt. You can see it says the task is still "Planned" to run, but it never actually run again - is that a bug? Thanks!

Hi all, If anyone runs into that error, I'd really be happy to know what can be done to fix it. The eea service seems to be running, but the agent is reporting its not working. I'll skip to the bottom line. Turns out that "secure boot" doesn't mix well with it. once disabled it can work, (i noticed something in the debug logs about "kernel lockdown .7? " ) I'd love to hear the Moderators\staff for any info about it. Thanks!

Hi @MartinK First, Sorry for the late reply, Regarding your points: Thank you for that, Still, if the timeout is too long for some tasks that shouldn't take this long (e.g. installing AV which fails under #1 or #2. ) In ESMC I still get a task running for up to 2 days after and there's nothing I can do to clean that status. Is it possible to clear such cases? Thanks

I've given that as an Example Marcos, But thank you for pointing and answering the other bullets. Can you answer 3. with a virus quarantine\some user required action process that could occur, how would the user be able to interact with such cases? Thanks

I'll try to follow through with the GUI-less setup for now, as there isn't much of a choice from what I see... I haven't tested it myself yet (unfortunately COVID and other work assignment disrupted that) so I assume it's definitely GUI-less on all OS (18.04, etc) There are a few issues with it: 1. How does a user scan a customized folder when it wants to. 2. Say a virus was detected (I know, highly unlikely on UNIX, but still...) how can the user choose to either clean\delete the virus. 3. Should something disrupt the user's workflow (say firewall blocking some intelliJ from accessing external network resource, how can you change these rules locally\ disable features within the Endpoint App. Thanks

so I'm waiting right now for @MartinK to assist me here. Please reply when possible, as right now, I'm looking for how to lower the timeout events so I can send tasks on a faster basis in case something doesn't work.

I think I have seen a gui of it on 18.04, which means this is a unique behavior for 20.04 @Peter Randziak, I'm not entirely sure, so i'll verify it when I can (hopefully tomorrow) But Why change a product that is known to work in a singular method cross-platform. both Windows and Mac have a GUI, why would Linux, especially Ubuntu be any different? I'm sorry, Linux have end users too, and I'm sure Many of the Linux users do not install a gui-less OS. This is very convenient for users to see what they are clicking and what is the status of their Antivirus software. and I'm sure you can agree that it exists on WIndows and Mac for that reason too.

Thanks for replying @Peter Randziak, Collecting logs will be difficult as COVID is slowing access down. I suggest simulating it on Vanilla Ubuntu 20.04 and seeing for yourself. Issue is as follows: Installing Agent + ESET Endpoint AV 7.1.6.0 using ESMC (server task + Client task) (everything is the latest version of course) after installation is complete EVERYTHING Related to GUI won't be seen anywhere, and I'll put it into detail: * no ESET icon on task bar (the green `e`) * no ESET app can be found in the applications * trying to run on terminal the egui executable won't do anything. Please see if you can start with that, I'll do my best to get some logs tomorrow, but I'm unable to promise anything due to workload.

Thank you for the quick reply @Marcos, If I will elaborate your answer a little, I will need to create a different task and send it to the client, otherwise the same task won't work as it is already thinking it is running on the client in question. I think it would be great addition to be able and stop a task from running, finding a way to make it cancel (either ekcmd command or just a "stop" button. Besides that, I'm still waiting for an answer regarding the other major issue. ESET Endpoint for Linux is just not working on Ubuntu 20.04, no gui is displayed and there's no app in the gui applications menu. You can see it running under systemctl, but there's no way to actually interact with it (friendly-gui approach) https://forum.eset.com/topic/25044-endpoint-for-linux-running-but-not-working-correctly Thanks