sdnian

This means SERVER is in state in which incoming connection are rejected. There are multiple possibilities what could be reason, for example: SERVER lost connection to database SERVER has connection to database, but it is accepting data faster than it is able to write into database (i.e. there are many pending logs). This SERVER is out of memory (RAM) In case it happens once a day, it may be caused by so called DB cleanups, which are performed at 00:00:00 of local time on SERVER - does it correlate with your findings?. Also please check status.html on SERVER from time it is not working properly, there may be more relevant information of reason why SERVER is in overloaded or busy state. Could you also verify that your MySQL driver and unixODBC are configured so that multi-threading is enabled (parameter Threading=0 or new unixODBC)? Remaining errors are unrelated to this issue: SERVER seems to be rejecting connections from client because it's certificate was revoked. And it seems is it actually AGENT installed on the same computer... I found it happned about 08:00AM in local time. But my timezone is UTC+8. So is it possible that server run DB cleanups it that time? Any log could confirm when DB cleanups be performed? According you mention.. Point 1. I don't think so. Because I could logon web console and there are datas in there. If ERA server has no connection to database. Why do I saw data in console? Point 3. Server is out of memory. I check the memory, it seems okay. # free total used free shared buff/cache available Mem: 16355332 2492188 1112308 169488 12750836 13388260 Swap: 16776188 0 16776188 Point 2.. how could I make sure if it is the reason? You also mention unixODBC. I wonder maybe it is the reason. Long time ago.. I've asked another issue https://forum.eset.com/topic/9520-no-progress-count/, but no one give me the answer. Maybe it's relative. In fact, I don't use unixODBC. Because I use Ubuntu 16.04.1 LTS and MySQL 5.7. The unixODBC doesn't support MySQL 5.7. The unixODBC package has been removed from Ubuntu 16.04. So I use MySQL connector/ODBC for Linux - https://dev.mysql.com/downloads/connector/odbc/ . Maybe ERA server 6.4 does not fully compatible MySQL connector/ODBC?

I've ERA server v6.4 that be running in Ubuntu 16.04 x64. It keeps stop working in sometime every day. It is about one time per day. When the issue happened. I can logon web console and everything seems fine. But I found all clients can't connect to ERA server. The last connect field stop update. I've make sure there are a lot of clients are online in that time. Every time it happened, I ran 'systemctl restart mysql.service'. Then this issue was gone. All clients start to connect ERA server again. It seems MySQL problem. But in that time, I try to access MySQL, it's fine. Even I try to query data of 'era_db' database via odbc from this server. I could get datas. This problem happened about one week. I checked the trace.log of ERA server.. There are many error logs. Like: 2016-11-23 23:11:47 Error: CReplicationModule [Thread 7f1965ffb700]: CStepProcessor: Replication master rejected, slave is busy and some these error logs: 2016-11-23 23:41:06 Error: NetworkModule [Thread 7f19c1ffb700]: Verify user failed for all computers: 127.0.0.1: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x4, X509CSF_Revoked,127.0.0.1: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x4, X509CSF_Revoked 2016-11-23 23:41:06 Error: NetworkModule [Thread 7f19c1ffb700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:127.0.0.1, ResolvedHostname:127.0.0.1, ResolvedPort:33558 2016-11-23 23:41:06 Error: NetworkModule [Thread 7f19c1ffb700]: Protocol failure for session id 108048, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. I've only single ERA server. No any ERA proxy. Ubuntu 16.04.1 LTS x64 ERA Server 6.4.304.0 ERA Web Console 6.4.266.0 MySQL 5.7.16 ERA Agent 6.4.283.0

Schedule tasks are all default settings.

I use EES 6.4.2014. I want to disable protection. Right click ESET icon then choose 'Pause protection'. Like this: But EES still detect a file by 'Startup scanner'. According my test.. The 'Startup scanner' be ran by schedule task 'System startup file check - Successful update of the virus signature database'. But I've do rollback. So it should not possible update virus signature database now. And this task should only run once per hour maximum. It be detected about 3 minutes one time. My questions are: 1. What is the right procedure to disable protection temporary? 2. Why 'Startup scanner' does not just run in after 'Successful update of the virus signature database'?

I want to use dynamic group rule to filter computers by gateway MAC address. Like the screenshot in the below. But it doesn't work. I try to change using IP address. It work. So if I use wrong MAC address format or something else ? I used ERA 6.4.295.

PM sent.

Here is the settings: And my test code could send post data to Live Grid servers through proxy server or direct connect. It is the same result. So I don't think it's a proxy problem.

Hi, I've an Apache Proxy Server.. EEA have use this proxy server. I also check the Proxy server. It is fine. And EEA work well, too. I also use Wireshark to capture the packet from another computer (in different network) that the Live Grid work. Then I write a simple code to do post the same data to ESET Live Grid server. To test if could get the right response data. It's really strange.. I run it in the computer that Live Grid doesn't work. My code could get the right response data. So I wonder it is not networking issue. But as I said, I've checked the Live Grid settings is enabled. So I don't kown what happened? Why EEA can't detect as a suspicious object when I access that testing URL.

According this web page - hxxp://support.eset.com/kb5552/?viewlocale=en_US, I tried to download hxxp://amtso.security-features-check.com/cloudcar.exe But EEA does not block this connect. The file could be downloaded. I've checked the ESET Live Grid is enabled. And the firewall doesn't any rule to block tcp 80 port, udp 53 port. I also do a test to ping ESET Live Grid servers (hxxp://support.eset.com/kb332/#esetlivegrid). It could resolve IP address and get response. How to check why ESET Live Grid doesn't work? EEA version is 6.4.2014.2

I've installed RDSensor for Linux version 1.0.1079.0. In the trace.log, it show the below error logs: 2016-10-13 09:46:23 Information: CPCAPDeviceSniffer [Thread 565fdb40]: CPCAPDeviceSniffer on enxb827eb718cf8 throwed error: Device open failed with error:enxb827eb718cf8: bind: Address family not supported by protocol 2016-10-13 09:46:33 Information: CPCAPDeviceSniffer [Thread 575ffb40]: CPCAPDeviceSniffer on lo throwed error: Device open failed with error:lo: bind: Address family not supported by protocol And it seems doesn't work because no detect any devices. OS: Ubuntu 16.04 x86 Kernel: 4.1.19-v7

I've open support ticket one week ago. But I didn't get any feedback from ESET until now. I try to send a email to ask. But the system repay me it was closed already. Are you kidding me? By the way.. I've installed ERA 6.4 in a new Ubuntu 16.04/MySQL 5.7.15.. It has the same problem. So I think that is a bug.

Okay, MartinK. Thanks for you help. I'll open support ticket to ask for help.

I've take a look Server's trace.log, but I don't find out any obvious error. Or could you take a look. trace.log Here is another query output: # mysql --host=localhost --user=root --password era_db --execute 'SELECT * FROM tbl_etl_event_csn; SELECT MAX(CSN) FROM tbl_log_task_client_event;' Enter password: +----------------+----------------------+----------+ | plan_name | table_name | last_csn | +----------------+----------------------+----------+ | sp_clientTasks | tbl_client_task_aggr | 139021 | +----------------+----------------------+----------+ +----------+ | MAX(CSN) | +----------+ | 139021 | +----------+ This server has run for several months. I can confirm this issue didn't happened before. But I can't remember when happened. It been happened for a while. The OS (Ubuntu) been upgraded from 14.04 to 16.04 about two months ago. MySQL also been upgraded from 5.5.x to 5.7.13. Maybe it cause the issue since that time.

The server has running several months. I think the first version is 6.2, because I remember that it had been upgraded twice. (6.2 -> 6.3 -> 6.4) Most Agent are 6.4.283. And I've try to do your workaround, but no luck. The 'PROGRESS' is still empty. And the 'THREATS' show an error number now. A few minutes later, the error number in the THREATS is disappear.

In client tasks page, the field 'PROGRESS' is empty. Like the screenshot in the below: If I select any one of these client tasks then choose 'Show successful', 'Show failed'... there are history execution records in there. How fix it? ERA Server v6.4.304.0 ERA Web Console v6.4.266.0 OS: Ubuntu 16.04.1 LTS MySQL 5.7.13 Thank you.

This function is a great improvement. Hope ESET to release it soon.

Thanks for jimwillsher and MartinK reply. The "Installed software . Repository language" is good for my need. But could ESET let it been used in the Dynamic Group Template? So I could easy to upgrade different language of ESET software via client task.

I'd like to upgrade EEA/EES/EFSW from ERA Web Console. But I've different language been installed in my company. How could I get the language of EEA/EES/EFSW, so I could assign the right task to upgrade it? Thank you.

Okay, I got it. In ERA 6.4, I have to do more step that click 'Add tasks' to see client tasks. Thank you.

Sorry, I wonder that you are misunderstand what do I ask. I mean click a computer from computer list then choose 'Run Task...'.

I try to Run Task from a computer in ERA 6.4. But I don't saw any tasks, no any tasks in "Task" section. And there is red triangle in there, it show "There is an error in this section". Like below screen shot. But if I select "Client Tasks", there are some tasks in there. And I could use "Run on.." to assign the computer to run this task. I test it in few different ERA 6.4 servers, all of them have the same issue. But no this issue in ERA 6.3. Is it a bug in ERA 6.4? How to fix it?

Hello, I sent you a PM. When will release newest version of EFSW to fix this problem?

I tried to activate from client directly, I got an error code ECP.4100. What is that mean? And I really want to complain why can't show useful message in ERA Web Console.. The message "Task failed in the security product" is hard to understand what happened.

I'd like to activate an EEA by task from RA Web Console, but this task failed, it show 'Task failed in the security product'. How to fix this problem? Server: ERA 6.3 in Ubuntu 14.04.3 LTS Client: Windows XP SP3 In client, the status log seems fine. The log files: last-error.htmlstatus.htmltrace.log

There is currently no other authentication method available. Communication between ServerApi and ERA Server itself uses TLS so it should be safe in case ServerApi methods are called in safe manner. Regardless of previous I would strongly recommend to create specific ERA user (with limited permissions, i.e. only for reading specific data) for ServerApi connection. We are not aware of any documentation for PHP. We only come across tools using c++ or python to handle API calls. Do you have any documents or sample codes that using python to access ServerApi ?