Jump to content

MartinK

ESET Staff
  • Posts

    2,353
  • Joined

  • Last visited

  • Days Won

    67

Kudos

  1. Upvote
    MartinK received kudos from JirkaL in Clients not showing in ESMC   
    I would recommend to start by checking whether ESMC Agent installed on client machine is actually connecting to ESMC. For this purpose please follow troubleshooting part of documentation - especially status.html log present on client machine might be helpful in this case.
    In case ESMC Agent will be connecting to ESMC, most probable issue is that is is using different name in ESMC or is located in different group, which prevented ESMC to remove "dead" duplicate that is rendered as unmanaged.
    In case AGENT is not connecting to ESMC, it is crucial to resolve connectivity issues as described in referenced documentation.
  2. Upvote
    MartinK received kudos from DH2020 in Clients not showing in ESMC   
    I would recommend to start by checking whether ESMC Agent installed on client machine is actually connecting to ESMC. For this purpose please follow troubleshooting part of documentation - especially status.html log present on client machine might be helpful in this case.
    In case ESMC Agent will be connecting to ESMC, most probable issue is that is is using different name in ESMC or is located in different group, which prevented ESMC to remove "dead" duplicate that is rendered as unmanaged.
    In case AGENT is not connecting to ESMC, it is crucial to resolve connectivity issues as described in referenced documentation.
  3. Upvote
    MartinK received kudos from m.gospodinov in dynamic groups expressions, update antivirus on list of computers, delete a trigger   
    I would have to verify by my self to be sure, but reason is probably that negation of specific condition is not very clear and it can be easily misunderstood. For example condition Installed software . Application version doesn't contain 7.1.2053.0 will be probably always true, as there will be also ESMC Agent with different version in list of installed applications. In case of version it makes no sense to use this kind of expression.
    My recommendation is to use positive conditions inside group definition, and instead negate result, i.e using NAND group type with following filters:
    Installed software . Application name = (equal) ESET Endpoint Antivirus Installed software . Application version = (equal) 7.1.2053.0  
  4. Upvote
    MartinK received kudos from MichalJ in Automatic FQDN rename not working   
    Is there any known method you are already using to fetch FQDN on those machines? For example some command line tool, shell command, etc.? Does output of any of following command:
    hostname hostname -f scutil --get ComputerName scutil --get HostName scutil --get LocalHostName sysctl -a mention value that could be possibly used as FQDN?
    We have already seen machines that were configured in a way that they were not aware of their's FQDN, it was available only on DNS servers, but that is problem for ESMC Agent which requires data to be available locally.
  5. Upvote
    MartinK received kudos from MichalJ in Automatic FQDN rename not working   
    Value of kern.hostname should be actually used by AGENT so setting it should resolve problem. There is definitely no need to reinstall AGENT -> hostname is not fetched very often, so easiest would be to restart AGENT's service. It can be done using following commands in root terminal:
    cd "/Applications/ESET Remote Administrator Agent.app" ./Contents/Scripts/restart_agent.sh  
  6. Upvote
    MartinK gave kudos to Marcos in no files in qurantine   
    He has asked to cancel his account here. But yes, it's not normal that a user of a trial license would request a response within 1-2 hours 24x7 that is granted to VIP customers at an extra fee. Moreover, the problems with LiveGrid authentication suggesting an invalid username/password being used was highly suspicious too.
  7. Upvote
    MartinK gave kudos to TomFace in no files in qurantine   
    As it is Sunday (most ESET staff is off)...and your OP was just 3 hours ago, why don't you try being realistic and reasonable with your expectations.
     
  8. Upvote
    MartinK received kudos from MichalJ in ESET Cloud Administartor - Client Installer   
    Could you please provide logs located in directory %temp%\eset\ (i.e. in temporary directory of user that executed installer)? This specific error means that it was not possible to find installer matching requirements. Most commonly when in case:
    version of product is no longer available (if version was explicitly requested when configuring installer) operating system is not supported by selected product (desktop vs. server products) ESET repository servers (repository.eset.com) are not available. Access might be blocked by other security-related software, or HTTP proxy configuration might be required.
  9. Upvote
    MartinK received kudos from Peter Randziak in Activation fail. ECP.20006   
    Certificate that is considered by ESET products as untrusted, i.e. injected into communication has following identifiers inside:
    IP Address=fe80:0000:0000:0000:...:2a5a IP Address=192.....204 DNS Name=localhost DNS Name=G....net.local which might help you identify source.
    Otherwise certificate contains no other details, it actually like like default certificate that is generated for ESMC Webconsole, but it makes no sense to be injected into communication. Could you verify this certificate is used by your ESMC console for Apache Tomcat connections (I have made some redaction of data present in certificate)?
    Also as you mentioned, MAC addresses from communication with ESET licensing server (IP=13.91.57.145) indicates that next device is Sophos, but it does not mean it is source of this injected certificate.
  10. Upvote
    MartinK gave kudos to Marcos in PUP not handled   
    Today we've released a fixed version of the Antivirus and antispyware module 1552.3 which addresses cleaning issues on Mac. Could you please check if PUAs are now cleaned properly?
  11. Upvote
    MartinK received kudos from MichalJ in console cloud   
    Any chance it resolved itself automatically after a time? We are currently experiencing issues with license synchronization, which is targeted by release that is rolling out this week.
  12. Upvote
    MartinK received kudos from MichalJ in Eset Endpoint Cloned Agents   
    There has been support for cloning implemented in ESMC, which means this scenario should be handled automatically if properly configured, without executing mentioned task.
    Once machine was cloned, new Cloning Question for ESMC administrator should have been created -> until it will be resolved, cloned devices won't be able to communicate with ESMC and thus not able to reset itself. There is possibility to resolve it in a way that every other clone of specific device will automatically results in creation of new devices, as if reset cloned task was executed. I would recommend to check whether there are any cloning questions available -> they should be accessible through client details of "master image" or in status overview in ESMC console.
  13. Upvote
    MartinK received kudos from Peter Randziak in database create error occurred during ESMC install   
    Problem seems to be in MySQL ODBC driver used. Unfortunately ESMC 7.0 does not support latest versions as there is some bug in driver itself. It was supposed to be fixed in ODBC driver 8.0.16 released recently but seems there might be some another issue.
    I would recommend to check documentation where latest supported version of MySQL ODBC driver is mentioned. If I recall correctly, latest working version is 5.3.10.
  14. Upvote
    MartinK received kudos from Peter Randziak in Question over encryption between Eset Security Management Center Server and database   
    I would recommend to check file:
    %PROGRAMDATA%\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration\startupconfiguration.ini which contains connection string as used by ESMC. Please make sure you create backup before doing modifications. Resulting connection string is passed to SQLServer ODBC driver and thus all parameters supported by driver should be working. Also be careful with using reserved characters as are @,{,},... as it might require special escaping to work properly.
    Also be aware that changes in this file might break upgrade of ESMC in the future, and even if upgrade is successful, it might replace this file with new one, without custom changes you made.
  15. Upvote
    MartinK received kudos from Peter Randziak in Erro agent Deployment From console ESMC   
    Unfortunately remote deployment task has a glitch that it shows successful installation even in case installation actually failed. This is issue of last phase of installation, so it means ESMC is able to connect to this device, but either download of AGENT installer or installation itself fails. Most probable cause is download, especially in case device has limited access to internet or ESMC is configured to use HTTP proxy.
    I would recommend to create Windows live installer in console (it is bat script) and try to execute it manually on device. It will behave exactly as it executed remotely, but local execution might help diagnose the issue.
  16. Upvote
    MartinK received kudos from Peter Randziak in Multihomed host - ESMC 7.x   
    That is correct column for this scenario. Remote host shows IP address as seen by ESMC, which is suitable for remote clients, until they are not hidden behind NAT router or load balancer which would result in multiple devices with the same IP address.
    IP addresses shown in other column are based on local state on AGENT, where IP address of interface with highest priority should be shown - but it might have no relation to interface that was actually used to connect to ESMC.
  17. Upvote
    MartinK received kudos from Peter Randziak in Query over TLS1.0   
    Hope that helps. Crucial parameters are:
    sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA" where you can limit not only TLS protocol but also list of supported cipher suites, even when we have already enabled only those most secure and considered as secure by various analysis tools.
  18. Upvote
    MartinK received kudos from Peter Randziak in Query over TLS1.0   
    Unfortunately this is not configurable via UI. It i actually part of Apache Tomcat configuration distributed with ESMC. Please check following KB3724 but just search for TLSv1 and you will understand what to search for in server.xml configuration file. There is no need to follow this KB as it is unrelated.
    Regarding question why it TLS1 enabled by default - it is due to backward compatibility as ERA6 clients were using TLS layer provided by system itself, and we do still support older systems (Windows XP as an example, but also older Linux and macOS) which do not support TLS 1.2.
  19. Upvote
    MartinK received kudos from Peter Randziak in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Unfortunately I am al so not sure how it was meant. We are officially declaring maximal number of managed clients to 10000 when using MySQL database, but it is not related to number of actually connecting clients, but rather limit is amount of data. ESMC installed over MySQL might have performance issues with processing larger amount of data and rendering larger datasets. As an result rendering of specific reports (threats for example) might be much slower, but in "clean" network even much larger environments can be managed with MySQL-based ESMC installation.
    Persistent connections as introduced in ESMC should actually significantly reduce load of ESMC server, especially in "dormant" state when no changes are made in management console. If properly configured on recommended HW, ESMC should handle hundreds of clients per second.
  20. Upvote
    MartinK received kudos from EK roboter in User sync task not syncing AD group names correctly   
    If I recall correctly there was an issue with presets using incorrect values. I think "User Group Name" should be set to name but I am not sure it will be able to rename existing groups -> have you tried to change this value and erase at least some of the groups, just to verify that even newly added groups are still named wrongly?
  21. Upvote
    MartinK received kudos from MichalJ in Errors after moving from ESMC to ECA   
    This is the most probable reason. ECA does not enable user to create policy with connection hostname, but policy imported from ESMC will retain this setting. So in case you imported policy that had some connection host specified, ECA agents will start to us it instead of their original ECA hostname. If this is the case, only solution is to unassigned/remove such policy (unfortunately you won't be able to see which one it is as this setting are hidden in ECA console) and repair AGENT by re-deployment of installer.
    Regarding proxy, I am not sure whether I do understand scenario, but in case you used HTTP proxy for ESMC, and you do not with to use this proxy for ECA, you have to create new policy in ECA, where you explicitly disable use of HTTP proxy. In case you do not do that, AGENTs will be still using previous settings, i.e. they won't revert to settings used before policy was applied. This can be fore example done by creating policy:

    where crutial parts are highlighted. Not visible "Proxy configuration type" should be set to Global proxy.
  22. Upvote
    MartinK received kudos from CMS in ESMC Computers w. Alerts   
    Any chance those two missing devices are "muted"? Seems that dashboard reports them as problematic even when muted, which I consider a bug.
  23. Upvote
    MartinK received kudos from Peter Randziak in How to configure ciphers for communication between ERA Server & Web Console   
    For future reference -> this is actually bug in ESMC itself and should be resolved for upcoming releases. In case there would be no issue, weak ciphers would be disabled in so called "Advanced security" mode which is available in ESMC's configuration. Those weak ciphers are available only for older ERA Agents connecting from even older operating systems (Windows XP, ...) where no secure algorithms were available in system.
  24. Upvote
    MartinK received kudos from Peter Randziak in ERA server trys connect my gateway ip via ssh   
    Just guessing, but only ESMC functionality actually using SSH is "Remote deployment task", could you verify it is not scheduled to be executed regularly?
  25. Upvote
    MartinK received kudos from MichalJ in ESMC computer name mismatch (hostname vs FQDN)   
    Yes please verify that hostname of macOS machine is correctly set. Otherwise AGENT won't be able to report FQDN name to ESMC, and thus ESMC won't be able to pair device with FQDN entries in domain.
    Recently we were solving similar issue as support ticket, and customer used command:
    sudo scutil --set HostName devicename.example.com to correctly set FQDN name on macOS device.
×
×
  • Create New...