Jump to content

MartinK

ESET Staff
  • Content Count

    2,280
  • Joined

  • Last visited

  • Days Won

    66

Kudos

  1. Upvote
    MartinK received kudos from simpletonsavant in Multiple domains, some computers not checking in at correct interval   
    Just to be sure, but by "only check in when they are turned on" you mean that do connect only once, after they are started, and another connection attempt is made after reboot? If so, I would double-check configuration of interval, especially in case "cron" based configuration was used.
    Also as mentioned, troubleshooting of such device connectivity will be required, as issue might be also related to network configuration, which might prevent subsequent connections, especially in case there are other security/VPN products used or strict firewall configuration is applied.
  2. Upvote
    MartinK received kudos from MichalJ in Manual VS Automatic ESET Protect Upgrade   
    Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server.

    Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself).

    My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.
  3. Upvote
    MartinK received kudos from Peter Randziak in Manual VS Automatic ESET Protect Upgrade   
    Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server.

    Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself).

    My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.
  4. Upvote
    MartinK received kudos from Ufoto in Manual VS Automatic ESET Protect Upgrade   
    Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server.

    Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself).

    My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.
  5. Upvote
    MartinK received kudos from MichalJ in Eset Protect VMWare Esxi Virtual Appliance v 8.0.2216.0 Can't see itself.   
    Could you please check state of ESET Management Agent installed on the virtual appliance? Any chance you already tried to reboot whole appliance? Also was there any service interruption or operating system changes performed on a date that management agent connected for the last time? Previously we have seen that operating system updates or even changes of timezone/time o machine could result in this state.
  6. Upvote
    MartinK received kudos from Your majesty in Can't connect for era/webconsole in LAN   
    In case there is a firewall, you have to enable port 443 (standard HTTPs) or possibly other simillar port, the same you are using locally.
    Short summary of ports in default:
    2222 is ports used for AGENT->ESET PROTET communication and should be generally opened from network where AGENTs are installed 2223 is port used by Apache Tomcat to communicate with it's backend and also it is used by installers to communicate with it. In case you are not using so called "Server assisted" mode of installers, there is no need to open this oper to outside networks 443/8443 is default port used to connect to console using standard web browser. This port has to be accessible to devices where browser/console users will be connecting from. Specific value os this port might depend on environment and Apache Tomcat configuration.
  7. Upvote
    MartinK received kudos from Peter Randziak in Agent 8.0.1238.0 upgrade task failed   
    Just to let you know, problem was indeed triggered by localized Windows operating system, i.e. operating systems where certain status messages provided by system itself contained non-ASCII characters.
    Unfortunately problematic helper tool UpdaterService.exe is part of already installed version 7.2.1266.0 and therefore proper solution was not possible and upgrade from this specific version to any new version will report this kind of failure even when upgrade will be successfully. Also it has been confirmed that upgrade from version 8.0 is not affected, so there should be no such problem with future upgrades.
  8. Upvote
    MartinK gave kudos to Zoltan Endresz in Endpoint Antivirus - requirement to reboot after update?   
    Hi Thomas, 
    My solution is the following:
     
    1.:  - I created a dynamic group for collect the computers with error message "Restart required" :

     
    2.:  - Then I defined a CRON triggered task for send a pop-up window message into the affected computers:
    "Hello Collegue, please restart your computer as soon as possible because an ESET software update...bla..bla" or something like this
    You can configure the CRON for example launch the message hourly, every 10 minutes or as you want  
     
    It works pretty fine
     
  9. Upvote
    MartinK gave kudos to MichalJ in ESET Protect 8 login issues   
    Just a note. We have just released a hotfix version of ESET Protect Webconsole, that should address the issue with login, when username / password contains a special characters. You can upgrade the console to the current version by running a component upgrade task on your ESET PROTECT server machine. IT will update the webconsole to the version 8.0.175.0 which should resolve those issues. 
  10. Upvote
    MartinK received kudos from antoineL in Agent unable to connect when in remote site/subnet   
    Actually enabling advanced security has not impact on certificate validations - it just forces console to generate more secure certificates, but original ones would still work.
    But what changes with enabling advanced security is that older TLS protocols (If I recall correctly, older than TLS 1.2) are disabled for AGENT connections, and also older and no-longer-safe cipher suites are disabled, which means that only devices with support for latest protocol versions would connection. Recent versions of AGENT do have this support, as they no longer rely on cryptographic primitives provided by operating system, but in case TLS introspection is used in between AGENT and SERVER, it might be blocked in case it does not support any of safe algorithm.
    Regarding analysis, this seems to be network or TLS related, so I would recommend to analyze network communication using tools like wireshark. It is possible that problem is between TLS introspection component and SERVER, and not between AGENT and TLS component, so proper place for capturing of traffic will be required.
  11. Upvote
    MartinK received kudos from igi008 in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Currently it is not decided of the future, and even latest version is using CentOS7-based appliance, which is supposed to be supported until 2024 (i.e. much longer than mentioned CentOS8). We currently rely on fact that security patches are available, even for tomcat 7 which is part of official CentOS7 repositories.
    Just out of curiosity, what would be your preferred Linux distribution for future? Asking as there is not many "free" distributions guaranteeing reasonably long support and stability of environment for future migrations.
  12. Upvote
    MartinK received kudos from marlonanjos in Deployed wrong policy with Replication Proxy settings, now clients cant replicate   
    In case you used Apache HTTP proxy which is part of our installers, you should follow following steps: https://help.eset.com/esmc_install/72/en-US/apache_configuration.html where in short you have to:
    enable port 2222 in case it is not enabled already (depends on version you used) enable connections to your hostname (hostname where AGENT are trying to connect) - by default, only connections to ESET domains are enabled due to security, therefore using proxy for replication connections requires manual steps.  
  13. Upvote
    MartinK received kudos from MichalJ in Reports and permission sets   
    Problem is, that report templates are actually also objects, that are "tied" to specific static group (= access group) and thus have limited visibility. In case of default report templates created during installation, they are configured with access group set to group "All", which means that only user which have access to "Reports & Dashboards" on group "All" will see those reports. The same applies also for other managing objects in console (policies, dynamic groups, notifications, ...).
    Unfortunately I cannot verify now, but there might be two solutions, where both do require some redesign of security model you are using:
    Users might be assigned special permission set, that will give them permission to "Use" Reports from group All - but I would recommend to double check it does not give user access to devices Move/Change access group of required Report templates so that user can see it. We have seen that especially MSPs were creating specific "Shared" static group just to share such objects between users.
  14. Upvote
    MartinK received kudos from MichalJ in Use of "Run command line" task   
    Yes, in case of multiple commands, one have to enter delimited one-liner, as it would be done in one-line BAT file.
    Just a note, this will be improved in upcoming released, where multi-line commands will be possible, which should simplify such scenarios.
  15. Upvote
    MartinK received kudos from jimwillsher in Use of "Run command line" task   
    Yes, in case of multiple commands, one have to enter delimited one-liner, as it would be done in one-line BAT file.
    Just a note, this will be improved in upcoming released, where multi-line commands will be possible, which should simplify such scenarios.
  16. Upvote
    MartinK received kudos from Peter Randziak in Changing Agent hostname for remote deployments   
    Indeed as of now, it is proper workaround fr this issue. This FQDN value will be used as default for installers, used in case override is not provided explicitly.
  17. Upvote
    MartinK gave kudos to Marcos in EFI/CompuTrace.A where to exclude?   
    For me it worked like a charm.
    Clicked the desired detection and selected Create exclusion from the menu:

    This excluded the detection name from detection:

  18. Upvote
    MartinK gave kudos to Mauricio Osorio in Database server connection is not working   
    Hello guys,
    I think I found the problem and it really is not technical, the problem is with the translation into Spanish from Latin America. Let me show you:
    In the latin american user guide, you can see this instructions:

    Highlighted in yellow you can see that it indicates that for Linux MySQL version 8, the parameter log_bin_trust_function_creators = 1 must be added or modified. But it is indicated only for Linux environments. In the English manual this option is not conditioned to Linux:

    As I was working in a Windows environment, I chose not to make this modification, because the manual indicated that it should only be done in a Linux environment. Just to discard I decided to make the change and everything works correctly.
    Thank you very much for your collaboration and if you can please change the manual (Latin America Spanish) in this section as it may cause confusion.
    Regards.
  19. Upvote
    MartinK received kudos from pedro617 in Deploy ECA Live Installer Remotely to Macs   
    Requirement to target silent/mass deployment to macOS devices should be targeted in next major release.
  20. Upvote
    MartinK gave kudos to Daniel26 in Installing MDM: "Failed to run custom action ConfigInsertPeerCertFile."   
    Ok, Solution found: LC_ALL was not set. "export LC_ALL=en_US.UTF-8" did the trick.
     
    Regards
     
    Daniel
     
  21. Upvote
    MartinK received kudos from Mike_Kintaru in ESMC Syslog   
    If I recall correctly, only login&logout audit messages are actually exported, i.e. there is probably no way how to export other audit messages.
    There has been issue in one of previous releases (probably 7.1) where wrong delimiter was used in LEEF format, which caused issues when parsing messages - this is probably why they were not visible in QRadar as they were supposed to be.
  22. Upvote
    MartinK received kudos from Mirek S. in connection between ERA server and agents fail   
    Changing certificate to original in ESMC' settings should be enough:

    When you click "Open certificate list", you should be able to select original certificate, the one as shown in your previous screenshots. Just be aware that change will require restart of ESMC service.
  23. Upvote
    MartinK received kudos from Peter Randziak in selected package is not in repository   
    Any chance changing "legacy" filter in packages table helps? Also I would recommend to check ESMC's trace.log for possible synchronization (network) or database related errors. It is possible that repository synchronization is failing and list is not updated correctly.
  24. Upvote
    MartinK received kudos from kapela86 in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Thanks for letting us know. First part is considered as an issue and should be targeted. Second part will be discussed as an possible improvements, which seems to be legit.
  25. Upvote
    MartinK received kudos from karlisi in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Thanks for letting us know. First part is considered as an issue and should be targeted. Second part will be discussed as an possible improvements, which seems to be legit.
×
×
  • Create New...