Jump to content


ESET Staff
  • Content Count

  • Joined

  • Last visited

  • Days Won


MartinK last won the day on December 18 2018

MartinK had the most liked content!


Profile Information

  • Gender
  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. MartinK

    Static Group vs Dynamic Group policy application

    I would recommend to create policy and assign it directly to this device instead of creating specific static group just for this - especially in case there won't be many devices. Regarding question whether exclusions will be replaced or extended, it depends on order in which policies are applied (see documentation) and also on configuration of configuration policy. For this, see icons on right side, as seen in following picture: where you can select behavior of merging lists applied in multiple policies.
  2. Could you please specify version of ERA/ESMC Server you are using? Just to verify that this is the same problem we have been reported recently, where only x64 installer of ERA Agent 6.5.522.0 was affected. Regarding the issue as is, it is currently investigated, but what we know for sure is that no ppt/pptx file is included in our installer, so it seems to be false-positive, but not yet confirmed.
  3. MartinK

    Error 404 - Web Console

    From your second screenshot seems that you are actually connecting to some Apache HTTP server, not Apache Tomcat -> I think there is conflict on listening port 80/443, and you should either uninstall Apache HTTP server if not used, or change ports used. Please verify which ports are used by which application/process and make sure you are connecting to Apache Tomcat (it will be most probably visible as process named "java" in PS output).
  4. MartinK

    ESMC components upgrade task failed

    According to provided logs, ESMC server has problem to establish connection to most of ESET services. It is not able to connect to ESET repository, update server, license servers .. could you verify it is properly configured? Maybe there is problem with firewall or proxy configuration? Also I would recommend to check AGENT's trace.log -> upgrade of infrastructure is executed by AGENT, so there should be visible also upgrade errors, but my best guess is that AGENT installed on the same machine as ESMC has the same network-related problems.
  5. MartinK

    Issue with RD Sensor.

    I am not completely sure from this log, but my best guess is that AGENT is not able to resolve hostname you used in configuration. Could you manually verify that used hostname can be resolved on client machine to IP addresses? Otherwise there might be some problem with DNS configuration.
  6. MartinK

    Hard drive died on ERA host PC

    Could you verify you followed all steps as described in KB3671 "Install ESET Remote Administrator on a Domain Controller or Microsoft Small Business Server" ?
  7. MartinK

    Hard drive died on ERA host PC

    In case you have not backup of SERVER's certificate and CA certificates, it won't be possible to re-establish communication and you will have to configure AGENTs to use newly created certificates. This might be done by re-deploying, i.e. by repeated running of installer on the client machines. So for example: create installer of your choice on new ERA/ESMC server run installer on client machine (beware that in case you had older AGENT installed on client (older than 7.0), it migh be required to run installer 2 times in a row to take effect) observe client to be connecting to new ERA/ESMC server It is also possible to use "Remote deployment task" from newly installed ERA/ESMC, but that requires your network to be ready for it (should be usable in case you made your initial deployment using this task).
  8. Just to clarify, but configuration of AGENT (in ESET Management Agent policy) and configuration of HTTP proxy in policy for security product (i.e. ESET Endpoint Security for Windows) are completely unrelated, and each of them configure only specific product it is targeting. Regarding settings, both of policies (Agent vs. other products) are using the same principle: there is possibility to configure one HTTP proxy for all communication (this one is mostly called global), and there is possibility to override this setting for specific services or communication types. In case of ESET Management Agent, you can use different configuration for communication with ESET infrastructure, through internet, and different HTTP proxy (or not at all) for communication between Agent and ERA/ESMC Server. This is hard to answer, but it definitely depends on infrastructure. For example there are customers, that has very weak connection between AGENT and ESMC Server (i.e. some kind of VPN between company branches) and installation or download through this link would be killing internal network - also it would mean that ESMC has to be transformed into high-grade HTTP server. There is also alternative to use one HTTP proxy hosted side-by-side ESMC Server which should partially resolve this issue, but it is not enforced.
  9. Could you be more specific of ERA/ESMC version used and confirm that you mean duplicating devices as seen in ERA/ESMC console? ESMC 7.0 introduced support for cloning & VDI environment that should target this issue (see documentation) - if ESMC is used, could you check whether used VDI environment is listed as supported?
  10. I would recommend to follow documentation and troubleshoot AGENT's connectivity. In case policy is correctly applied (this can be verified remotely), it is possible that connection to new server is not possible, and thus AGENT is using previous. This is "fallback" scenario so that you do not loose manageability of AGENT after wrong configuration. Without more details it is just guessing, but most probably there will be problems with certificates, where either AGENT rejects certificate of new SERVER, or vice versa.
  11. MartinK

    Deploy licensed Endpoint Antivirus

    Could you please provide more details of what are you actually installing and what is activation error? To my understanding, you are using MSI/GPO to deployes ESET Managemnt Agent -> how are you installing and activating security product?
  12. But actually this device is currently connecting, or more precise, it started connecting few minutes before you captured logs. Not sure what problems were when you first reported this issue, but trace.log covers only last 10 days, where connections were failing with error: Unable to resolve any endpoints.resolve which means that AGENT was not able to resolve hostname of your ERA/ESMC server. Was it properly stored on DNS server previously? It seems that AGENT started to successfully resolve hostname around 2018-12-27 20:11:58 (UTC), but at that time, connection was not possible as it was either blocked by firewall or ERA/ESMC was not accessible. This changed around 2018-12-27 20:16:14 (UTC) when this client connected for the first time.
  13. MartinK

    Issue with RD Sensor.

    I would recommend to follow documentation for troubleshooting AGENT connection, especially status.html might be helpful for start. In case network visibility is verified (ping works), problem might be with firewalls, or maybe also certificates configuration.
  14. MartinK

    Secondary Ip Address showing up in ESMC V7

    I have checked internal release notes, and fix wrong order of IP addresses should be present in this release, but it was targeting issue where multiple IP addresses of the same adapter were wrongly ordered. It seems you might have different problem, or data in main clients view is not refreshed after just order of addresses was fixed... Could you please execute following PowerShell script on problematic client machine: Get-WmiObject -Query "select * from Win32_NetworkAdapter where NetConnectionStatus = 2" | ForEach-Object { Get-WmiObject -Query "associators of {$_} where ResultClass = Win32_NetworkAdapterConfiguration" } and compare order of adapters and order of IP addresses as seen in ESMC console?
  15. MartinK

    Remote Admin Agent password

    It is crucial that ESET product is installed, otherwise nothing is actually protecting AGENT from users with administrative privileges. Password protection is custom feature of our uninstaller (it is not feature of msiexec / windows) so it is effective only when our uninstaller is used -> this is enforced by self-defense of ESET security product. In short: in case ESET security product is not installed, or it is not running properly (i.e. disabled HIPS), AGENT is not protected and thus anyone with administrative privileges can simple stop it, or completely remove.