Jump to content

MartinK

ESET Staff
  • Content Count

    1,692
  • Joined

  • Last visited

  • Days Won

    55

Everything posted by MartinK

  1. I think this behavior has been already reported and probably fixed in the meantime. Maybe @Marcos will know more details of whether module responsible for scanning network has been updated in the meantime. It is also possible that update was canceled which might explain why only specific devices were affected.
  2. Unfortunately problem is that you are using ERAv6 Agent which is not going to be supported to macOS 10.15 (Catalina). Please check more details in relevant ESET article: https://support.eset.com/news7326/
  3. As @Marcos pointed out, support for EFS7 for Linux has been added in "Configuration module" 1740.* so it is necessary to make ESMC to update it's modules. As ESMC 7.0 is used, update problems might be caused by bug preventing ESMC to use HTTP proxy to update. I would also recommend to check whether download from http://update.eset.com is enabled on firewall - list of IP addresses can be found in ESET KB332
  4. I would recommend to start by checking whether ESMC Agent installed on client machine is actually connecting to ESMC. For this purpose please follow troubleshooting part of documentation - especially status.html log present on client machine might be helpful in this case. In case ESMC Agent will be connecting to ESMC, most probable issue is that is is using different name in ESMC or is located in different group, which prevented ESMC to remove "dead" duplicate that is rendered as unmanaged. In case AGENT is not connecting to ESMC, it is crucial to resolve connectivity issues as described in referenced documentation.
  5. Thanks for confirmation. It was reported and will be investigated. As of workaround I would personally recommend to use all-in-one installer. Script-based installer was somehow superseded by it and original scripts remained available just for backward compatibility and easier "customization".
  6. Error indicates some problem with accessing or copying files. Could you verify there are no files blocked for such access or there is enough disk space?
  7. Just a sidenote: are you aware that in ESMC 7.0 you can create also AGENT-only all-in-one installer? It will install just AGENT and it won't be downloading installer as it will be already included in executable file.
  8. If I recall correctly, limit of total size is very large - I think you would have higher probability that you hit limit of script interpreter first. There is definitely some limit of line in BAT files which might be problem. I would recommend to create BAT/sh file manually and try to execute on target machine just to verify it actually works. Also be aware that scripts are executed in AGENT's security context which might have access to specific system or network resources, tied to domain users.
  9. My last idea is that problem is caused by "space" in path to script. It is stored in user's temp directory which contains space in absolute path (Not clear from screenshot but is it actually space in name of user?). If there is a space, special escaping would be required. Any chance you used different user on machines where it works? Is it possible to use other user (Administrator) to run installer?
  10. This specific error means that download of file was interrupted in terms of network. This might have multiple reasons: network connection was lost download timeouted due to client inactivity connection was interrupted by firewall or other security software connection was closed by ESET servers (not very probably but might happen due to timeouts or overloaded state) If this happens repeatedly I would recommend to analyze HTTP downloads using wireshark or similar tools. We have seen previously that specific updatable files were blocked by enterprise-grade firewalls. Also problem might be caused by HTTP proxy in case it is deployed in between and used for download.
  11. It is possible to clone this report template and check whether there is possibility to extend it with filters, but I think set of possible filters was very limited in ESMC 7.0 and it will be improved in upcoming version. Just to be sure, it seems that you set updates of your ESMC to happen every minute - is this correct and expected configuration? This parameter is configured in ESMC's settings in console, and default value is 6 hours as modules for ESMC are not released very often (it is not related to antivirus updates which happen multiple times a day).
  12. Unfortunately server name as seen in generated reports cannot be changed easily from console. It was stored during initial deployment (I guess that was original hostname of ESMC installation) into database. Only possibility us to modify value directly in ESMC database: If I recall correctly it is stored in table named tbl_servers
  13. There is audit log accessible via standard reports mechanisms -> please check predefined reports where you should find audit log containing exactly what you are searching for.
  14. Not sure what is the reason for port change but in case of appliance I would recommend to adapt firewall configuration and add port redirection. No matter how ports will be changed, this step will be required as firewall will be blocking communication to non-standard ports.
  15. Please check ESET KB6097 describing how to run all-in-one installer in silent mode.
  16. Could you please provide more details of system you are trying to execute this script? We somehow run out of ideas as no similar issues were reported. Could you possibly provide some non-sensitive part of line 184 that is failing? Asking just to be sure which part of script is failing as it might be different in your environment.
  17. Indeed it was supposed to be update, but unfortunately no SELinux policy violations that would affect startup were detected (than one detected is non-fatal and does not even affect communication between ESET products). This indicates there might be problem on higher layers, for example systemd itself (service manager) is not able to start our service. Maybe there are AVC denials for this process reported?
  18. Could you please provide output of command: ausearch -m avc --raw -se eraagent | audit2allow to check what SELinux permissions are missing? It would be ideally to let AGENT to run for some time. Also as an workaround which might help, try to extend SELinux policy of AGENT: cd /opt/eset/RemoteAdministrator/Agent/setup/selinux/ ./eraagent.sh --update <review missing permission that will be added to SLEinux policy> and once done, SELinux policy of this installation will be extended. Just be aware that repair or upgrade of ESMC Agent installation will revert these changes.
  19. Thanks for confirmation. Issue with dynamic disks was in the meantime reported to developers but it is not analyzed yet.
  20. I would recommend to check HTTP proxy status if used. Empty list of packages most probably means there is some communication problem that prevents ESMC to download metadata from repository.eset.com. Specific error should be present in ESMC's trace logs.
  21. I have no other recommendation than to contact support as manual removal of specific registry keys is required. Those keys are actually not ESET-specific -> MSI database cleanup is required and it has to be made with caution to not break other applications.
  22. This was log captured just 7 seconds after AGENT service startup and that is why most of the details are missing. This itself is suspicious and might indicate problems with stability or correctness of installation -> AGENT is probably not able to start and thus not connecting to ESMC. Please attach also trace.log which might show at least basic error message and confirm whether AGENT service is able to start or it is restarting itself due to some configuration or system issue.
  23. I would have to verify by my self to be sure, but reason is probably that negation of specific condition is not very clear and it can be easily misunderstood. For example condition Installed software . Application version doesn't contain 7.1.2053.0 will be probably always true, as there will be also ESMC Agent with different version in list of installed applications. In case of version it makes no sense to use this kind of expression. My recommendation is to use positive conditions inside group definition, and instead negate result, i.e using NAND group type with following filters: Installed software . Application name = (equal) ESET Endpoint Antivirus Installed software . Application version = (equal) 7.1.2053.0
  24. I would recommend to contact ESET support for this issue. I do not think there was any similar report to this time so more details of disk configuration might help improve ESMC components. Regarding problem with fetching dynamic disk details, from provided logs it seems that it is not fatal problem and there is some network problem, indicated by error "Connect failed". I would recommend to check whether client (where AGENT is installed) can resolve DNS name of ESMC server and whether connection to port 2222 is possible.
  25. Unfortunately AGENT is currently not reporting NIC that is actually used for connection to ESMC -> it reports list of all interfaces with list of all assigned IP addresses. What you see in main client's view in console is selected IP address that is considered as the one with highest priority. In most cases it means it is IP address of NIC that has highest priority on client machine. In case of multiple IP addresses assigned to this NIC, it should be primary IP address of it.
×
×
  • Create New...