• Content count

  • Joined

  • Last visited

About sdnian

  • Rank

Profile Information

  • Gender

Recent Profile Visitors

203 profile views
  1. Why don't you ask ESET if Mirror Tool shouldn't be supported for Server 2003.. Why it provide such information?
  2. The newest version of MirrorTool v1.0.513.0 can't be run in Windows Server 2003. It appear a message 'MirrorTool.exe is not a valid Win32 application.' Where can download the previous version of MirrorTool?
  3. Exclamation mark? Okay. I got it. In 6.5, the red number don't mean only red errors. It also include yellow warnings. Then I do a simple test from a Windows Server.. I save the in the desktop, then do a scan by EFSW. The file be detected and deleted. Everything is okay. And no any threats exist now. But in web console.. this server show one unresolved threat. Why it is a unresolved threat?
  4. After upgraded ERA 6.5. I found some of computers have wrong number in 'UNRESOLVED THREATS' filed. I have check the 'THREATS AND QUARANTINE' page in these computers. I could make sure there are no any unresolved threats. Just like the screenshot in the below. How could I clear these wrong number?
  5. You are right. The file LangData.dat didn't been updated. I replace it from another ERA server. It is okay now. Thank you for you help.
  6. I want to create a new report template. After click 'Add column', I saw four '<resource-not-found-0x710.....>' in there. Is something wrong? This ERA server just been upgraded from 6.4.295 yesterday.
  7. I've a Windows 7 SP1 x64. Can't connect to ERA Server after been installed ERA Agent 6.4. In the trace.log, it has a lot of error message: 2017-01-26 02:51:30 Error: NetworkModule [Thread 608]: Protocol failure for session id 36, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2017-01-26 02:51:30 Error: CReplicationModule [Thread fd4]: CReplicationManager: Replication (network) connection to 'host: "" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete. It has been tried to remove and install several times. Even reboot it few times. But it just doesn't work. I've try to do the same thing in other computer. It work well. I used the same EraAgentInstaller.bat to install ERA Agent in all of computers. And this computer has no firewall. I also use Wireshark to capture the packet. Something send to ERA server from this computer and received something back. Please help me to resolve the problem, thank you.
  8. Please sign me up for beta testing.
  9. # date 一 11月 28 09:33:55 CST 2016 # date -u 一 11月 28 01:33:58 UTC 2016 # date +%z +0800 I have not found same log. And I found a lot of below logs. It appear frequency every minue. No others 'CCleanupModule' log in trace.log file. 2016-11-27 23:37:46 Information: CCleanupModule [Thread 7f19d27fc700]: Initiating calculation of status snapshots 2016-11-27 23:37:46 Information: CCleanupModule [Thread 7f19d27fc700]: Finished calculation of status snapshots This ERA server has 600 clients. The 'era_db' database size is about 650MB. And I resolve this problem. It didn't happen again last three days.
  10. I create a line '' in c:\windows\system32\drivers\etc\hosts. Then do product activation again. It has been activated! I wonder the IP address had some trouble.
  11. I've some clients report XP SP3 can do product activation. Could someone check it? I try to activate, I got an error code: ECP.20006. Using IE to browse below error message: This XP SP3 has been install all patch in Windows Update. I could corfirm that it support TLS1.0. I try to run this command: curl this XP, I got this response message: <?xml version="1.0" encoding="UTF-8"?><ecp:message xmlns:ecp="hxxp:// m/2012/02/ecp"><ecp:response><code>20101003</code><message>Unsupported Content-t ype: unknown</message></ecp:response></ecp:message> So it should not DNS issue. I also test it in Windows 7. It could do product activation. So it seems only XP has this problem. Wireshark capture packets:
  12. This means SERVER is in state in which incoming connection are rejected. There are multiple possibilities what could be reason, for example: SERVER lost connection to database SERVER has connection to database, but it is accepting data faster than it is able to write into database (i.e. there are many pending logs). This SERVER is out of memory (RAM) In case it happens once a day, it may be caused by so called DB cleanups, which are performed at 00:00:00 of local time on SERVER - does it correlate with your findings?. Also please check status.html on SERVER from time it is not working properly, there may be more relevant information of reason why SERVER is in overloaded or busy state. Could you also verify that your MySQL driver and unixODBC are configured so that multi-threading is enabled (parameter Threading=0 or new unixODBC)? Remaining errors are unrelated to this issue: SERVER seems to be rejecting connections from client because it's certificate was revoked. And it seems is it actually AGENT installed on the same computer... I found it happned about 08:00AM in local time. But my timezone is UTC+8. So is it possible that server run DB cleanups it that time? Any log could confirm when DB cleanups be performed? According you mention.. Point 1. I don't think so. Because I could logon web console and there are datas in there. If ERA server has no connection to database. Why do I saw data in console? Point 3. Server is out of memory. I check the memory, it seems okay. # free total used free shared buff/cache available Mem: 16355332 2492188 1112308 169488 12750836 13388260 Swap: 16776188 0 16776188 Point 2.. how could I make sure if it is the reason? You also mention unixODBC. I wonder maybe it is the reason. Long time ago.. I've asked another issue, but no one give me the answer. Maybe it's relative. In fact, I don't use unixODBC. Because I use Ubuntu 16.04.1 LTS and MySQL 5.7. The unixODBC doesn't support MySQL 5.7. The unixODBC package has been removed from Ubuntu 16.04. So I use MySQL connector/ODBC for Linux - . Maybe ERA server 6.4 does not fully compatible MySQL connector/ODBC?
  13. I've ERA server v6.4 that be running in Ubuntu 16.04 x64. It keeps stop working in sometime every day. It is about one time per day. When the issue happened. I can logon web console and everything seems fine. But I found all clients can't connect to ERA server. The last connect field stop update. I've make sure there are a lot of clients are online in that time. Every time it happened, I ran 'systemctl restart mysql.service'. Then this issue was gone. All clients start to connect ERA server again. It seems MySQL problem. But in that time, I try to access MySQL, it's fine. Even I try to query data of 'era_db' database via odbc from this server. I could get datas. This problem happened about one week. I checked the trace.log of ERA server.. There are many error logs. Like: 2016-11-23 23:11:47 Error: CReplicationModule [Thread 7f1965ffb700]: CStepProcessor: Replication master rejected, slave is busy and some these error logs: 2016-11-23 23:41:06 Error: NetworkModule [Thread 7f19c1ffb700]: Verify user failed for all computers: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x4, X509CSF_Revoked, NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x4, X509CSF_Revoked 2016-11-23 23:41:06 Error: NetworkModule [Thread 7f19c1ffb700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:, ResolvedHostname:, ResolvedPort:33558 2016-11-23 23:41:06 Error: NetworkModule [Thread 7f19c1ffb700]: Protocol failure for session id 108048, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. I've only single ERA server. No any ERA proxy. Ubuntu 16.04.1 LTS x64 ERA Server 6.4.304.0 ERA Web Console MySQL 5.7.16 ERA Agent
  14. Schedule tasks are all default settings.
  15. I use EES 6.4.2014. I want to disable protection. Right click ESET icon then choose 'Pause protection'. Like this: But EES still detect a file by 'Startup scanner'. According my test.. The 'Startup scanner' be ran by schedule task 'System startup file check - Successful update of the virus signature database'. But I've do rollback. So it should not possible update virus signature database now. And this task should only run once per hour maximum. It be detected about 3 minutes one time. My questions are: 1. What is the right procedure to disable protection temporary? 2. Why 'Startup scanner' does not just run in after 'Successful update of the virus signature database'?