[Alternate update policy/location for notebooks when not in office lan?]

Hi there

 

I have 2 ERAS6 (finally migrated the 2nd one that had to go to a linux machine).

 

Both have mostly servers and desktop computers, but they both also have some notebooks (one has only 4, the other one has 12 or so).

 

Is it possible to set them to update from the ERAS6.2 mirror when they are in the office, and from eset directly when they are outside and have internet access?

 

Some of those computers still have ESET Endpoint Antivirus 5, but most of them are updated to 6.2/6.1, and they all will be updated by years end, so if this happens to only be possible for V6, that wont be an issue in the long run.

 

ps: i have created a mirror with the mirror tool, shared the folders with samba (there are 4 folders, v4, v5, and ep6 that i understand are for the antivirus v4/5/6, and also an "era6" folder, that i do not know for what product). Since i have 4 folders, i had to create dynamic groups for each version of the antivirus, and a policy for each version.

[ERAS 6.2 - Linux - Component installation]

I installed all the components i needed (Server, webconsole, agent, rougue detection).

 

My first issue now, is that i can't run the AD sincronizarion:

 

There is a KB saying to write the username as DOMAN\user (it tells you to use THAT format, then also says to use all caps). 

If i do that, i get an error saying that "domainusername@domain" was not found in kerberos.

 

If i just use the username, i get:

 

Error loading data: Active directory browsing failed. Check input server parameters and AD availability.: Trace info: SearchLdap: 'ldapsearch' failed with 250 exit code, stderr: ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found

 

Ok, just tried again following all the KB, except using only "username", and it worked.

 

ps: i have another ERAS6 installation in a windows server, that was so much friendly

[ERAS 6.2 - Linux - Component installation]

 

 

This is weird.

 

If i copy the installers FROM my linux server to my windows machine, and then copy them back to the linux server (i am using winscp 5.7.5), the original error comes back.

 

Ignoring that, now the installer is complaining about:

 

Error: Admin connection not working. Unable to continue.

 

 

Using binary mode?

 

Changing from auto to binary in the transfer mode made this happen:

 

-bash: ./Server-Linux-x86_64.sh: /bin/sh^M: bad interpreter: No such file or directory

 

For now, it is installing on debian, i might have to wget each installer on the linux server

[ERAS 6.2 - Linux - Component installation]

I installed everything and also the ODBC was set after installing either it's package or the mysql-community-server.

 

I am gonna try again in debian, the procedure is better laid out.

[ERAS 6.2 - Linux - Component installation]

This is weird.

 

If i copy the installers FROM my linux server to my windows machine, and then copy them back to the linux server (i am using winscp 5.7.5), the original error comes back.

 

Ignoring that, now the installer is complaining about:

 

Error: Admin connection not working. Unable to continue.

[ERAS 6.2 - Linux - Component installation]

magical wget. It seems chrome or jdownloader in windows are not happy to download it.

[ERAS 6.2 - Linux - Component installation]

trying wget now.

 

Am i wrong, or there is no ISO for the linux installers, only windows ?

[ERAS 6.2 - Linux - Component installation]

As i said, permissions are FINE.

 

If it lacks execute permission, you get "permission denied" when running it.

 

I can run it with -v, and it displays the version.

 

The problem comes when it has to extract itself.

[ERAS 6.2 - Linux - Component installation]

Hi there

 

I am trying to install ERAS6.2 under linux, but i can't get past the installer script:

 

[root@localhost eset]# ./Server-Linux-x86_64.sh \

> --skip-license \

> --db-driver=MySQL \

> --db-hostname=127.0.0.1 \

> --db-port=3306 \

> --db-admin-username=root \

> --db-admin-password=PASSWORD \

> --server-root-password=PASSWORD \

> --db-user-username=root \

> --db-user-password=PASSWORD \

> --cert-hostname="10.11.12.7;eras6"

 

ESET Remote Administrator Server Installer (version: 6.2.200.0), Copyright © 1992-2015 ESET, spol. s r.o. - All rights reserved.

 

Extracting archive, please wait...

tar: Skipping to next header

tar: Exiting with failure status due to previous errors

 

Error: Problem unpacking installer data

 

 

 

I first tried under Debian 8.2, but then noticed that it is not officially supported, so i went to CentOS 7, but the same happened.

 

I tried re-downloading in fear of a corrupt file, but no go.

I can extract it under windows tho, it seems to be ok and not corrupted.

Permissions are set (both in the file and in the folder).

 

No idea what else to try.

[Every single unit is connecting to edf.eset.com:443]

 

 

 

The thing is that our security policies requires as small traffic outiside company as possible. That's why we have ERA server so every client is connecting inside our LAN and only one server is downloading virus signatures from ESET servers. Best solution in this situation is to do it via ERA server. I think it should be change.

Basically with ERA creating a local mirror, much more data will be downloaded compared to the scenario when clients update regularly via an http proxy server. The difference can be 100-200 MB in favor of updates via an http proxy.

 

 

That seems false in my setup.

 

I have a server and less than 30 computers.

 

The proxy cache folder is larger than 700mb since installation, and definition downlaods seems AS slow as over the internet. (the proxy is being used, if i turn it off, updates fail straight away).

 

If i make a mirror on any of my computers, and point the rest to it, definition downloads are lightning fast, and the mirror folder is less than 400mb.

 

 

My guess is that you will have to change policy for clients to stop using proxy if you stop proxy service...they are trying to download updates via proxy which, tries to connect to ESET servers on their behalf and is now down...

But in that case, they will, naturally, connect directly to ESET servers.

 

 

I was just saying the the proxy is indeed in use, but it serves no acceleration purpose, not that i want to set machines to use it, turn it off and have them update anyway.

 

I seem to be alone in this, but the proxy seems useless, setting up a mirror gives me the same fast LAN speeds i had in ERAv5, for definition updates.

Setting the proxy does nothing, it is still "wan speed" downloads.

[Problem with ERA6 and clients 5.x]

V4/V5/V6/V* wont talk to ERA V6, since V6 talks to the AGENT.

 

You install ERA V6, and then (probably painfully ) deploy the agents.

 

Once installed, ERA V6 can manage V4/V5/V6 of the antivirus.

 

In my experience, the HTTP proxy does nothing to save bandwith or at least, nothing to accelerate downloads.

Having an endpoint antivirus in the ERA server, and enabling the mirror there, is much faster. (lan speed downloads vs WAN speed downloads of definitions)

[Every single unit is connecting to edf.eset.com:443]

 

The thing is that our security policies requires as small traffic outiside company as possible. That's why we have ERA server so every client is connecting inside our LAN and only one server is downloading virus signatures from ESET servers. Best solution in this situation is to do it via ERA server. I think it should be change.

Basically with ERA creating a local mirror, much more data will be downloaded compared to the scenario when clients update regularly via an http proxy server. The difference can be 100-200 MB in favor of updates via an http proxy.

 

 

That seems false in my setup.

 

I have a server and less than 30 computers.

 

The proxy cache folder is larger than 700mb since installation, and definition downlaods seems AS slow as over the internet. (the proxy is being used, if i turn it off, updates fail straight away).

 

If i make a mirror on any of my computers, and point the rest to it, definition downloads are lightning fast, and the mirror folder is less than 400mb.

[Not happy with ERA 6]

Why is the apache http proxy installed into "program files" in an x64 server, if it is the 32bits version?

 

Just noticed this when i tried to add the mod_log_config and it would not work (i got the 64 bits version)

[Not happy with ERA 6]

 

 

Marcos, on 22 Jul 2015 - 06:16 AM, said:

Quote

What I did not find:

1. Clean procedure how to setup office under 100 computers with 1 server getting updates from ESET sever and distributing them to client computers in the local network

ERA v6 does not support creation of a local mirror. The feature was replaced by Apache HTTP Proxy which caches downloaded installers and update files. You may choose not to install it if you plan to use another http proxy or create a mirror using ESET Endpoint Antivirus, ESET Endpoint Security or another v6 ESET product, such as ESET File Security.

Let us know what you'd need to help with specifically.

 

The proxy was installed with the bundled installer, and i confirm that the cache folder has files in it (i see a similar structure to what an old squid proxy i had sometime in the past in yet another job).

 

If i shut down the apache proxy, computers can't look for updates.

If i enable it.. they can, but they download ULTRA SLOW, like... from the internet. (i have a 25mb connection, but downloading either ESET updates or installers is always slow, no idea why).

If i enable the mirror in one of my computers, then updates download lightning fast on the other machines (After setting them to use that update server either manually or with the policy).

 

Either  the Apache http proxy is catching the wrong stuff, or something is wrong... i followed every kb, to no avail.

I even contacted my old job for support (i am now their customer ), and they could not help. 

A friend i have that was the main support person there, told me that he had tons of complains for this.

For now, i have "burned" a license on the server where i have ERA V6, installing endpoint antivirus there, and enabling the mirror.

 

I've setup the ApacheHttpProxy and found it quite ineficiant. As there is no LOG feature included in the apache config, I manualy added the "mod_log_config" module and added some log rules to get the cache miss and hits:

<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access.log" combined
CustomLog "logs/proxy-cache-hits.log" common env=cache-hit
CustomLog "logs/proxy-cache-missed.log" common env=cache-miss
</IfModule>

For now I configured two clients to use the ApacheHttpProxy but my "hits" log remains empty and my "miss" fills quickly... There is only 9Mb in the cache after two weeks of usage.

 

The "proxy-cache-missed.log" :

192.168.0.99 - - [17/Aug/2015:07:49:00 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.99 - - [17/Aug/2015:07:49:01 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600
192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:08:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:08:16:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600
192.168.0.96 - - [17/Aug/2015:08:16:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:08:16:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:09:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:09:16:16 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600
192.168.0.96 - - [17/Aug/2015:09:16:18 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:09:16:19 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594
192.168.0.96 - - [17/Aug/2015:10:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 200 12309
192.168.0.96 - - [17/Aug/2015:10:17:15 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:16 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 200 13699
192.168.0.96 - - [17/Aug/2015:11:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:11:17:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594
192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162

I find it strange to have 404 HTTP header on update.ver, it whould be working all the time...

 

 

my cache directory us way bigger than the mirror directory (more than 300 mb), but downloads are still slow (i have set up all my pcs to use it)

[Not happy with ERA 6]

 

Just 3 hours had been passed since the install and simply this doesn't work and it's awful. I've tried to install agents, clients, etc, without any luck. Everything seems extremely complicated.

 

Please create a new topic for particular issues where we could discuss them and assist you with resolving them. Installation of Agent Live installer via GPO which is a recommended way of installing Agent has always worked like a charm as far as I know.

 

 

Should i also create a topic about my http proxy seemingly not caching or serving or something?

[Not happy with ERA 6]

Hi there.

 

I used to work for a company that distributes and gives support for eset products in my country, and now i work for a company that uses them.

In our building, we have a smaller network (only 29 endpoint antivirus) and a bigger one.

I "upgraded" ERA v5 to V6 on the small network.

 

The upgrade instructions are not really that "doable", since they ask me to leave my whole network without an antivirus, and THEN after ERA V6 is installed, and the agents deployed (a nightmare, really, i had like 10 or less deploy on the first try, then some others did so on other attemts, changing nothing, and finally i had to install some manually).

 

Once all that is clear, i don´t mind the new console (i like being able to access it from many machines).

 

My main issue right now, is that the http proxy seems to do NOTHING similar to the old mirror.

 

 

...the whole 'mirror replacement with Apache' part. Unfortunately, I've got to get it working because we have some OS/x machines that require version 6 clients.

 

If you don't like the new approach with Apache HTTP proxy that has advantages over using the former mirror, you can still create a mirror using Endpoint v6. However, it will download more data as new modules have been added to v6 and other new ones will be added in the future. Using the Apache HTTP server, many more clients can be served at once and only files that are really needed by clients will be downloaded from ESET's servers.

 

 

 

What I did not find:
1. Clean procedure how to setup office under 100 computers with 1 server getting updates from ESET sever and distributing them to client computers in the local network

ERA v6 does not support creation of a local mirror. The feature was replaced by Apache HTTP Proxy which caches downloaded installers and update files. You may choose not to install it if you plan to use another http proxy or create a mirror using ESET Endpoint Antivirus, ESET Endpoint Security or another v6 ESET product, such as ESET File Security.
Let us know what you'd need to help with specifically.

 

The proxy was installed with the bundled installer, and i confirm that the cache folder has files in it (i see a similar structure to what an old squid proxy i had sometime in the past in yet another job).

 

If i shut down the apache proxy, computers can't look for updates.

If i enable it.. they can, but they download ULTRA SLOW, like... from the internet. (i have a 25mb connection, but downloading either ESET updates or installers is always slow, no idea why).

If i enable the mirror in one of my computers, then updates download lightning fast on the other machines (After setting them to use that update server either manually or with the policy).

 

Either  the Apache http proxy is catching the wrong stuff, or something is wrong... i followed every kb, to no avail.

I even contacted my old job for support (i am now their customer ), and they could not help. 

A friend i have that was the main support person there, told me that he had tons of complains for this.

For now, i have "burned" a license on the server where i have ERA V6, installing endpoint antivirus there, and enabling the mirror.

 

 

It is just workaround. As I understand I will have to install ESET software on another computer diirectly connected to internet (which is against our network policy) and have other computers in the network synchronise updates from this computer. In another words I have to setup another "server" which will manage updates. I dont think my boss will be happy to buy extra computer just for that.

 

We first need to understand the scenario you use so that we can provide you with a solution that fits you best. A few questions:

1, Is the computer with ERAS installed connected to the Internet?

2, Is it against your company's policy to install antivirus on that server? If not, what's the reason for not installing ESET there and configuring it to create a local mirror?

3, If you don't use an http server in your company, would it be a problem to install one (e.g. Apache) on the same server where ERAS is installed?

 

 

Using the mirror function requires me to either "waste" a license on a server which only had ERA V5 before, so i must buy an additional license, or use a desktop machine as a server of sorts.