Jump to content

MartinK

ESET Staff
  • Posts

    2,338
  • Joined

  • Last visited

  • Days Won

    66

Kudos

  1. Upvote
    MartinK received kudos from MichalJ in Update Agent Version   
    This seems to be an common misunderstanding and we should probably improve communication to users so that it is clear.

    In case of components upgrade task, you are actually selecting version of ESET PROTECT Server component, that you can actually upgrade to. In other words, in case your infrastructure is based on ESET PROTECT Server for Windows, you will be offered only the same or later version for the same platform. This version is later used for selection of compatible AGENT installers. So for example, as you have selected version 8.1.1223.0 as compatibility version, when this task is executed on macOS device, ESET repository is searched for latest AGENT version for macOS, that is compatible with ESET PROTECT 8.1.1223.0. which is currently version 8.1.3215.0. So the most confusing part is that you are actually not selecting version of AGENT to be installed, but just reference version used for compatibility.
     
  2. Upvote
    MartinK received kudos from MichalJ in Installing Agent through CMD QUITET doesn't work for ESET PROTECT CLOUD   
    Could you please provide standard trace.log from AGENT or possibly search it for more detailed connection errors? I do not see any obvious problem with deployment method you are using - in case no mistake was made during parameters processing, it should work. From provided status.html it is not clear why connection is failing, it might be network related, but also certificate related. As it seems that certificate of ESET PROTECT Cloud service has been accepted, it might be problem with AGENTs certificate -> in steps you mentions "same old file" next to certificates, but if it means that you are attempting to use the same certificates an you used with on-premise solution, that won't work -> devices managed by cloud service are assigned certificate generated by service itself, and that is only certificate that will enable your devices to connect.

    Also note, that there is even simpler deployment method:
    Download AGENT MSI file and install_config.ini (so called GPO installer) into the same folder Initiate silent installation of AGENT via msiexec command, but without product specific parameters (those P_***) Observe that installer properties are automatically loaded from install_config.ini, i.e. there is no need to copy them to command line
  3. Upvote
    MartinK received kudos from j-gray in Help generating a software report with user login info   
    Actually it works in a way that only "supported" combinations are possible, so once you select more and more columns, there is less possibilities to chose from. So from technical perspective, it is "by design" as required combination is most probably not available.
    What would be actually the use-case you are targeting by this report? Just to pair employees with devices that are no longer connecting?
  4. Upvote
    MartinK received kudos from j-gray in Help generating a software report with user login info   
    Not sure I understand correctly, but filtering devices based on dynamic groups should be farily easy: just filter has t obe added to reports:

    but there might be conflict with other settings, preventing use of such filter.
  5. Upvote
    MartinK received kudos from MichalJ in EFDE custom policy not showing under applied policies   
    If my understanding is correct, you created installer where you included policy for EFDE? If so, it is actually expected behavior, as installer will just configure installed product to use settings from embedded policy, but to enforce settings, policy has to be applied also in console in a standard way. If so, solution would be to visit policies screen and assign required policy to groups or devices. In other words, policy as included in installers are intended primarily for initial configuration used until management agent is able to fetch policies and other properties from ESET PROTECT.

    We will also try to improve communication of this behavior so that is it more clear.
     
  6. Upvote
    MartinK received kudos from simpletonsavant in Multiple domains, some computers not checking in at correct interval   
    Just to be sure, but by "only check in when they are turned on" you mean that do connect only once, after they are started, and another connection attempt is made after reboot? If so, I would double-check configuration of interval, especially in case "cron" based configuration was used.
    Also as mentioned, troubleshooting of such device connectivity will be required, as issue might be also related to network configuration, which might prevent subsequent connections, especially in case there are other security/VPN products used or strict firewall configuration is applied.
  7. Upvote
    MartinK received kudos from MichalJ in Manual VS Automatic ESET Protect Upgrade   
    Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server.

    Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself).

    My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.
  8. Upvote
    MartinK received kudos from Peter Randziak in Manual VS Automatic ESET Protect Upgrade   
    Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server.

    Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself).

    My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.
  9. Upvote
    MartinK received kudos from Ufoto in Manual VS Automatic ESET Protect Upgrade   
    Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server.

    Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself).

    My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.
  10. Upvote
    MartinK received kudos from MichalJ in Eset Protect VMWare Esxi Virtual Appliance v 8.0.2216.0 Can't see itself.   
    Could you please check state of ESET Management Agent installed on the virtual appliance? Any chance you already tried to reboot whole appliance? Also was there any service interruption or operating system changes performed on a date that management agent connected for the last time? Previously we have seen that operating system updates or even changes of timezone/time o machine could result in this state.
  11. Upvote
    MartinK received kudos from Your majesty in Can't connect for era/webconsole in LAN   
    In case there is a firewall, you have to enable port 443 (standard HTTPs) or possibly other simillar port, the same you are using locally.
    Short summary of ports in default:
    2222 is ports used for AGENT->ESET PROTET communication and should be generally opened from network where AGENTs are installed 2223 is port used by Apache Tomcat to communicate with it's backend and also it is used by installers to communicate with it. In case you are not using so called "Server assisted" mode of installers, there is no need to open this oper to outside networks 443/8443 is default port used to connect to console using standard web browser. This port has to be accessible to devices where browser/console users will be connecting from. Specific value os this port might depend on environment and Apache Tomcat configuration.
  12. Upvote
    MartinK received kudos from Peter Randziak in Agent 8.0.1238.0 upgrade task failed   
    Just to let you know, problem was indeed triggered by localized Windows operating system, i.e. operating systems where certain status messages provided by system itself contained non-ASCII characters.
    Unfortunately problematic helper tool UpdaterService.exe is part of already installed version 7.2.1266.0 and therefore proper solution was not possible and upgrade from this specific version to any new version will report this kind of failure even when upgrade will be successfully. Also it has been confirmed that upgrade from version 8.0 is not affected, so there should be no such problem with future upgrades.
  13. Upvote
    MartinK gave kudos to Zoltan Endresz in Endpoint Antivirus - requirement to reboot after update?   
    Hi Thomas, 
    My solution is the following:
     
    1.:  - I created a dynamic group for collect the computers with error message "Restart required" :

     
    2.:  - Then I defined a CRON triggered task for send a pop-up window message into the affected computers:
    "Hello Collegue, please restart your computer as soon as possible because an ESET software update...bla..bla" or something like this
    You can configure the CRON for example launch the message hourly, every 10 minutes or as you want  
     
    It works pretty fine
     
  14. Upvote
    MartinK gave kudos to MichalJ in ESET Protect 8 login issues   
    Just a note. We have just released a hotfix version of ESET Protect Webconsole, that should address the issue with login, when username / password contains a special characters. You can upgrade the console to the current version by running a component upgrade task on your ESET PROTECT server machine. IT will update the webconsole to the version 8.0.175.0 which should resolve those issues. 
  15. Upvote
    MartinK received kudos from antoineL in Agent unable to connect when in remote site/subnet   
    Actually enabling advanced security has not impact on certificate validations - it just forces console to generate more secure certificates, but original ones would still work.
    But what changes with enabling advanced security is that older TLS protocols (If I recall correctly, older than TLS 1.2) are disabled for AGENT connections, and also older and no-longer-safe cipher suites are disabled, which means that only devices with support for latest protocol versions would connection. Recent versions of AGENT do have this support, as they no longer rely on cryptographic primitives provided by operating system, but in case TLS introspection is used in between AGENT and SERVER, it might be blocked in case it does not support any of safe algorithm.
    Regarding analysis, this seems to be network or TLS related, so I would recommend to analyze network communication using tools like wireshark. It is possible that problem is between TLS introspection component and SERVER, and not between AGENT and TLS component, so proper place for capturing of traffic will be required.
  16. Upvote
    MartinK received kudos from igi008 in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Currently it is not decided of the future, and even latest version is using CentOS7-based appliance, which is supposed to be supported until 2024 (i.e. much longer than mentioned CentOS8). We currently rely on fact that security patches are available, even for tomcat 7 which is part of official CentOS7 repositories.
    Just out of curiosity, what would be your preferred Linux distribution for future? Asking as there is not many "free" distributions guaranteeing reasonably long support and stability of environment for future migrations.
  17. Upvote
    MartinK received kudos from marlonanjos in Deployed wrong policy with Replication Proxy settings, now clients cant replicate   
    In case you used Apache HTTP proxy which is part of our installers, you should follow following steps: https://help.eset.com/esmc_install/72/en-US/apache_configuration.html where in short you have to:
    enable port 2222 in case it is not enabled already (depends on version you used) enable connections to your hostname (hostname where AGENT are trying to connect) - by default, only connections to ESET domains are enabled due to security, therefore using proxy for replication connections requires manual steps.  
  18. Upvote
    MartinK received kudos from MichalJ in Reports and permission sets   
    Problem is, that report templates are actually also objects, that are "tied" to specific static group (= access group) and thus have limited visibility. In case of default report templates created during installation, they are configured with access group set to group "All", which means that only user which have access to "Reports & Dashboards" on group "All" will see those reports. The same applies also for other managing objects in console (policies, dynamic groups, notifications, ...).
    Unfortunately I cannot verify now, but there might be two solutions, where both do require some redesign of security model you are using:
    Users might be assigned special permission set, that will give them permission to "Use" Reports from group All - but I would recommend to double check it does not give user access to devices Move/Change access group of required Report templates so that user can see it. We have seen that especially MSPs were creating specific "Shared" static group just to share such objects between users.
  19. Upvote
    MartinK received kudos from MichalJ in Use of "Run command line" task   
    Yes, in case of multiple commands, one have to enter delimited one-liner, as it would be done in one-line BAT file.
    Just a note, this will be improved in upcoming released, where multi-line commands will be possible, which should simplify such scenarios.
  20. Upvote
    MartinK received kudos from jimwillsher in Use of "Run command line" task   
    Yes, in case of multiple commands, one have to enter delimited one-liner, as it would be done in one-line BAT file.
    Just a note, this will be improved in upcoming released, where multi-line commands will be possible, which should simplify such scenarios.
  21. Upvote
    MartinK received kudos from Peter Randziak in Changing Agent hostname for remote deployments   
    Indeed as of now, it is proper workaround fr this issue. This FQDN value will be used as default for installers, used in case override is not provided explicitly.
  22. Upvote
    MartinK gave kudos to Marcos in EFI/CompuTrace.A where to exclude?   
    For me it worked like a charm.
    Clicked the desired detection and selected Create exclusion from the menu:

    This excluded the detection name from detection:

  23. Upvote
    MartinK gave kudos to Mauricio Osorio in Database server connection is not working   
    Hello guys,
    I think I found the problem and it really is not technical, the problem is with the translation into Spanish from Latin America. Let me show you:
    In the latin american user guide, you can see this instructions:

    Highlighted in yellow you can see that it indicates that for Linux MySQL version 8, the parameter log_bin_trust_function_creators = 1 must be added or modified. But it is indicated only for Linux environments. In the English manual this option is not conditioned to Linux:

    As I was working in a Windows environment, I chose not to make this modification, because the manual indicated that it should only be done in a Linux environment. Just to discard I decided to make the change and everything works correctly.
    Thank you very much for your collaboration and if you can please change the manual (Latin America Spanish) in this section as it may cause confusion.
    Regards.
  24. Upvote
    MartinK received kudos from pedro617 in Deploy ECA Live Installer Remotely to Macs   
    Requirement to target silent/mass deployment to macOS devices should be targeted in next major release.
  25. Upvote
    MartinK gave kudos to Daniel26 in Installing MDM: "Failed to run custom action ConfigInsertPeerCertFile."   
    Ok, Solution found: LC_ALL was not set. "export LC_ALL=en_US.UTF-8" did the trick.
     
    Regards
     
    Daniel
     
×
×
  • Create New...