kerin444

Hi Michal, With this syntax it's working correctly, is it documented? Can we work with wildcards like ? and * ?? BR

Hi all, I recently updated to 6.5 to get one of the most awaited feature: threat type exclusion. We are using an application that includes a remote desktop assistance that is detected as a threat by ESET: Win32/Proxy.MgComIP.A Through ERA I created a test policy to exclude this threat from Antivirus detection. The configuration is applied to my test computer, but it's still being detected... Is this feature really working? I checked in the documentation and there is no update on this section so I don't know if my syntax is right. Anyone managed to get it working?

For now you can exclude the whole file(s) from scanning. In future versions of ERA, we will add an option to exclude potentially unsafe / unwanted applications by the detection name. Hi Marcos, This is a needed feature, I have the same issue with remote viewing software and printer monitoring agent. Can we expect to get it before the end of the year? BR

ERA v6 does not support creation of a local mirror. The feature was replaced by Apache HTTP Proxy which caches downloaded installers and update files. You may choose not to install it if you plan to use another http proxy or create a mirror using ESET Endpoint Antivirus, ESET Endpoint Security or another v6 ESET product, such as ESET File Security. Let us know what you'd need to help with specifically. The proxy was installed with the bundled installer, and i confirm that the cache folder has files in it (i see a similar structure to what an old squid proxy i had sometime in the past in yet another job). If i shut down the apache proxy, computers can't look for updates. If i enable it.. they can, but they download ULTRA SLOW, like... from the internet. (i have a 25mb connection, but downloading either ESET updates or installers is always slow, no idea why). If i enable the mirror in one of my computers, then updates download lightning fast on the other machines (After setting them to use that update server either manually or with the policy). Either the Apache http proxy is catching the wrong stuff, or something is wrong... i followed every kb, to no avail. I even contacted my old job for support (i am now their customer ), and they could not help. A friend i have that was the main support person there, told me that he had tons of complains for this. For now, i have "burned" a license on the server where i have ERA V6, installing endpoint antivirus there, and enabling the mirror. I've setup the ApacheHttpProxy and found it quite ineficiant. As there is no LOG feature included in the apache config, I manualy added the "mod_log_config" module and added some log rules to get the cache miss and hits: <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access.log" combined CustomLog "logs/proxy-cache-hits.log" common env=cache-hit CustomLog "logs/proxy-cache-missed.log" common env=cache-miss </IfModule> For now I configured two clients to use the ApacheHttpProxy but my "hits" log remains empty and my "miss" fills quickly... There is only 9Mb in the cache after two weeks of usage. The "proxy-cache-missed.log" : 192.168.0.99 - - [17/Aug/2015:07:49:00 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.99 - - [17/Aug/2015:07:49:01 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600 192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 192.168.0.96 - - [17/Aug/2015:08:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:08:16:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600 192.168.0.96 - - [17/Aug/2015:08:16:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:08:16:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 192.168.0.96 - - [17/Aug/2015:09:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:09:16:16 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600 192.168.0.96 - - [17/Aug/2015:09:16:18 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:09:16:19 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594 192.168.0.96 - - [17/Aug/2015:10:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:10:17:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 200 12309 192.168.0.96 - - [17/Aug/2015:10:17:15 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:10:17:16 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 200 13699 192.168.0.96 - - [17/Aug/2015:11:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:11:17:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594 192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 I find it strange to have 404 HTTP header on update.ver, it whould be working all the time...

Hi all, Found some information on logs and found this error: 2015-08-04 05:44:18 Error: CRepositoryModule [Thread 908]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 06:44:22 Error: CRepositoryModule [Thread 2390]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 07:44:19 Error: CRepositoryModule [Thread 2848]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 08:44:22 Error: CRepositoryModule [Thread 2990]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 09:44:38 Error: CRepositoryModule [Thread 1e20]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 10:44:45 Error: CRepositoryModule [Thread 1ecc]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 11:44:34 Error: CRepositoryModule [Thread 1aac]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 12:44:43 Error: CRepositoryModule [Thread 2a50]: GetFile: Failed to process HTTP request (status: 20019) I checked my internet connection, checked my firewall (even tried to disactivate it) but no success. Any idea on the #20019 error status meaning? Best regards,

Hi, I'm having the problem with traces of CRepositoryModule failing to process HTTP request: 2015-08-03 18:44:22 Error: CRepositoryModule [Thread 23e0]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-03 19:44:19 Error: CRepositoryModule [Thread 2010]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-03 20:44:20 Error: CRepositoryModule [Thread 1e74]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-03 21:44:19 Error: CRepositoryModule [Thread 2a10]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-03 22:44:20 Error: CRepositoryModule [Thread 1ff4]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-03 23:44:19 Error: CRepositoryModule [Thread 1af0]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 00:44:20 Error: CRepositoryModule [Thread 54]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 01:44:19 Error: CRepositoryModule [Thread 29e0]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 02:44:19 Error: CRepositoryModule [Thread 1fb0]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 03:44:19 Error: CRepositoryModule [Thread 18dc]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 04:44:19 Error: CRepositoryModule [Thread 2a20]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 05:44:18 Error: CRepositoryModule [Thread 908]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 06:44:22 Error: CRepositoryModule [Thread 2390]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 07:44:19 Error: CRepositoryModule [Thread 2848]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 08:44:22 Error: CRepositoryModule [Thread 2990]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 09:44:38 Error: CRepositoryModule [Thread 1e20]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 10:44:45 Error: CRepositoryModule [Thread 1ecc]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 11:44:34 Error: CRepositoryModule [Thread 1aac]: GetFile: Failed to process HTTP request (status: 20019) 2015-08-04 12:44:43 Error: CRepositoryModule [Thread 2a50]: GetFile: Failed to process HTTP request (status: 20019) I checked my internet connexion is fine, checked my firewall rules... Nothing seems to be wrong with my configuration. Do you have an idean of the request done by CRespositoryModule? Any idea on the 20019 status? Best regards, //EDIT Continued in a new thread

Hi all, I've been using ERA4-5 since 2008 and I was quite happy with it. Since March, I've setup an ERA6 and I'm fully joining people complaining about it in thread Not happy with ERA 6 I managed to manualy add my computers, no way to make the AD synchronization work but that's not my main problem. My main concern is that since begining of June, when I try to perform a remote installation, the package list is empty. I updated ERA Server and Web Console with no change. I tried to setup my own repository but the documentation is way too long to read on this I tried to google it and find many people in my situation, some workarround but no clean solution (uninstall/reinstall is not a solution for me). My settings didn't change and it used to work before, my network architecture didn't change (except replacing a router but configured the same), I'm just trying to migrate my clients to v6... Do you guys have any clue of where is the "repository synchronisation log"? I suppose there is something like this... Did you experience the same and solved your problem? Best regards,