sdnian
-
Posts
184 -
Joined
-
Last visited
-
Days Won
1
Posts posted by sdnian
-
-
Temporarily disabling protection from the tray menu disables real-time, web access and email protection, ie. protection modules that work real-time. Other protection modules, such as AMS, EB, startup scans remain active.
By default, a startup scan is run: 1, when Windows starts, 2. after a successful update. It does not run under other circumstances unless you've created a new task or modified an existing System startup file check task.
Schedule tasks are all default settings.
-
I use EES 6.4.2014. I want to disable protection. Right click ESET icon then choose 'Pause protection'. Like this:
But EES still detect a file by 'Startup scanner'.
According my test.. The 'Startup scanner' be ran by schedule task 'System startup file check - Successful update of the virus signature database'. But I've do rollback. So it should not possible update virus signature database now.
And this task should only run once per hour maximum. It be detected about 3 minutes one time.
My questions are:
1. What is the right procedure to disable protection temporary?
2. Why 'Startup scanner' does not just run in after 'Successful update of the virus signature database'?
-
I want to use dynamic group rule to filter computers by gateway MAC address. Like the screenshot in the below. But it doesn't work.
I try to change using IP address. It work. So if I use wrong MAC address format or something else ?
I used ERA 6.4.295.
-
Hello,
can you please capture the download attempt with a Wireshark, pack it along with a ESET Log Collector output and send me a private message to check?
Regards, P.R.
PM sent.
-
Just to make sure - a proxy server can be configured at two places in Endpoint. The first one is in the advanced update setup. Do not configure it here as it would be used only for update but instead navigate to Tools - Proxy server and configure it there. Or is the proxy already configured there properly? Could you try connecting to the Internet directly and see if it makes a difference?
Here is the settings:
And my test code could send post data to Live Grid servers through proxy server or direct connect. It is the same result. So I don't think it's a proxy problem.
-
Hello Sdnian,
do you use any proxy server? If yes, check if it is properly set in the settings.
How is the EEA updated?
Regards, P.R.
Hi, I've an Apache Proxy Server.. EEA have use this proxy server. I also check the Proxy server. It is fine. And EEA work well, too.
I also use Wireshark to capture the packet from another computer (in different network) that the Live Grid work. Then I write a simple code to do post the same data to ESET Live Grid server. To test if could get the right response data.
It's really strange.. I run it in the computer that Live Grid doesn't work. My code could get the right response data. So I wonder it is not networking issue. But as I said, I've checked the Live Grid settings is enabled. So I don't kown what
happened? Why EEA can't detect as a suspicious object when I access that testing URL.
-
According this web page - hxxp://support.eset.com/kb5552/?viewlocale=en_US, I tried to download hxxp://amtso.security-features-check.com/cloudcar.exe
But EEA does not block this connect. The file could be downloaded. I've checked the ESET Live Grid is enabled. And the firewall doesn't any rule to block
tcp 80 port, udp 53 port. I also do a test to ping ESET Live Grid servers (hxxp://support.eset.com/kb332/#esetlivegrid). It could resolve IP address and get
response.
How to check why ESET Live Grid doesn't work?
EEA version is 6.4.2014.2
-
I've installed RDSensor for Linux version 1.0.1079.0. In the trace.log, it show the below error logs:2016-10-13 09:46:23 Information: CPCAPDeviceSniffer [Thread 565fdb40]: CPCAPDeviceSniffer on enxb827eb718cf8 throwed error: Device open failed with error:enxb827eb718cf8: bind: Address family not supported by protocol2016-10-13 09:46:33 Information: CPCAPDeviceSniffer [Thread 575ffb40]: CPCAPDeviceSniffer on lo throwed error: Device open failed with error:lo: bind: Address family not supported by protocolAnd it seems doesn't work because no detect any devices.OS: Ubuntu 16.04 x86Kernel: 4.1.19-v7
-
I've open support ticket one week ago. But I didn't get any feedback from ESET until now. I try to send a email to ask. But the system repay me it was closed already. Are you kidding me?
By the way.. I've installed ERA 6.4 in a new Ubuntu 16.04/MySQL 5.7.15.. It has the same problem. So I think that is a bug.
-
Okay, MartinK. Thanks for you help. I'll open support ticket to ask for help.
-
That is very strange. Did it work in the history or never? It was added in ERA 6.3 if I recall correctly. It fails the same way for all client tasks? Are there any errors in SERVER's trace.log, especially from service startup?
Could you also provide output of queries described in my another post? It should help us check whether previous "workaround" actually worked.
I've take a look Server's trace.log, but I don't find out any obvious error. Or could you take a look.Here is another query output:# mysql --host=localhost --user=root --password era_db --execute 'SELECT * FROM tbl_etl_event_csn; SELECT MAX(CSN) FROM tbl_log_task_client_event;'Enter password:+----------------+----------------------+----------+| plan_name | table_name | last_csn |+----------------+----------------------+----------+| sp_clientTasks | tbl_client_task_aggr | 139021 |+----------------+----------------------+----------++----------+| MAX(CSN) |+----------+| 139021 |+----------+This server has run for several months. I can confirm this issue didn't happened before. But I can't remember when happened. It been happened for a while. The OS (Ubuntu) been upgraded from 14.04 to 16.04 about two months ago. MySQL also been upgraded from 5.5.x to 5.7.13. Maybe it cause the issue since that time.
-
Hello, version of MySQL database should be fine, especially in case all other functionality works, but you are right that there was bug in MySQL that affected functionality of ERA -> it was resolved in quite recent MySQL version 5.7.13.
What is version of AGENT that this tasks were executed on? What is the version history of SERVER - have you upgraded from previous version of ERA?
We had a problem with progress bars in previous releases, where only known workaround was to perform modification of database state, i.e.:
- stop SERVER service
- Modify database as described in my older post.
- restart SERVER service
it should take no more than few minutes until progress counts are recalculated in case this was the source of your problems.
The server has running several months. I think the first version is 6.2, because I remember that it had been upgraded twice. (6.2 -> 6.3 -> 6.4)
Most Agent are 6.4.283.
And I've try to do your workaround, but no luck. The 'PROGRESS' is still empty. And the 'THREATS' show an error number now.
A few minutes later, the error number in the THREATS is disappear.
-
In client tasks page, the field 'PROGRESS' is empty. Like the screenshot in the below:
If I select any one of these client tasks then choose 'Show successful', 'Show failed'... there are history execution records in there.
How fix it?
ERA Server v6.4.304.0
ERA Web Console v6.4.266.0
OS: Ubuntu 16.04.1 LTS
MySQL 5.7.13
Thank you.
-
This function is a great improvement. Hope ESET to release it soon.
-
Thanks for jimwillsher and MartinK reply.
The "Installed software . Repository language" is good for my need. But could ESET let it been used in the Dynamic Group Template? So I could easy to upgrade different language of ESET software via client task.
-
I'd like to upgrade EEA/EES/EFSW from ERA Web Console. But I've different language been installed in my company. How could I get the language of EEA/EES/EFSW, so I could assign the right task to upgrade it? Thank you.
-
Yes, and in the window displayed subsequently, you see buttons "add tasks" - which opens you the window (with filters) where you can see tasks previously created / executed on your ERA server.
Okay, I got it. In ERA 6.4, I have to do more step that click 'Add tasks' to see client tasks. Thank you.
-
You should click the "add task" button, which will show you the list of available tasks (already executed ones). This functionality allows you to define a new trigger for already created task (like install previously installed software, run created command, scan with parameters, etc...).
Sorry, I wonder that you are misunderstand what do I ask. I mean click a computer from computer list then choose 'Run Task...'.
-
I try to Run Task from a computer in ERA 6.4. But I don't saw any tasks, no any tasks in "Task" section. And there is red triangle in there, it show "There is an error in this section". Like below screen shot.
But if I select "Client Tasks", there are some tasks in there. And I could use "Run on.." to assign the computer to run this task.
I test it in few different ERA 6.4 servers, all of them have the same issue. But no this issue in ERA 6.3.
Is it a bug in ERA 6.4? How to fix it?
-
I am in need of the updated eamonm.sys driver. Please.
Hello, I sent you a PM.
When will release newest version of EFSW to fix this problem?
-
Have you tried local activation? What is the ECP Error you get in this case?
In most cases, target computer is not able to connect to edf.eset.com due to firewall restriction or a wrong license is used.
To check this, you should open a browser on the affected machine, and try to open https://edf.eset.com/edf. If it gets the following response, it is OK, and there must a be another problem (wrong license)
I tried to activate from client directly, I got an error code ECP.4100. What is that mean? And I really want to complain why can't show useful message in ERA Web Console.. The message "Task failed in the security product" is hard to understand what happened.
-
I'd like to activate an EEA by task from RA Web Console, but this task failed, it show 'Task failed in the security product'. How to fix this problem?
Server: ERA 6.3 in Ubuntu 14.04.3 LTS
Client: Windows XP SP3
In client, the status log seems fine.
The log files:
-
First, is there a way to generate API secrets and keys instead of using plain text user names and passwords?
There is currently no other authentication method available. Communication between ServerApi and ERA Server itself uses TLS so it should be safe in case ServerApi methods are called in safe manner. Regardless of previous I would strongly recommend to create specific ERA user (with limited permissions, i.e. only for reading specific data) for ServerApi connection.
Second, is there any existing documentation on pulling the JSON data using PHP?We are not aware of any documentation for PHP. We only come across tools using c++ or python to handle API calls.
Do you have any documents or sample codes that using python to access ServerApi ?
-
I saw the timestamp is January 12, 2016 9:38:56 AM in the digital sigunatures tab. I try to download ERA 6.3 from ESET website. It has newer timestamp. Remove ESET Remote Administrator Server then install the newer version. The issue be resolved. Thank you for your information.
Can't get client connection
in ESET PROTECT On-prem (Remote Management)
Posted
I've ERA server v6.4 that be running in Ubuntu 16.04 x64. It keeps stop working in sometime every day. It is about one time per day.
When the issue happened. I can logon web console and everything seems fine. But I found all clients can't connect to ERA server. The last connect field stop update. I've make sure there are a lot of clients are online in that time. Every time it happened, I ran 'systemctl restart mysql.service'. Then this issue was gone. All clients start to connect ERA server again. It seems MySQL problem. But in that time, I try to access MySQL, it's fine. Even I try to query data of 'era_db' database via odbc from this server. I could get datas.
This problem happened about one week.
I checked the trace.log of ERA server.. There are many error logs. Like:
2016-11-23 23:11:47 Error: CReplicationModule [Thread 7f1965ffb700]: CStepProcessor: Replication master rejected, slave is busy
and some these error logs:
I've only single ERA server. No any ERA proxy.
Ubuntu 16.04.1 LTS x64
ERA Server 6.4.304.0
ERA Web Console 6.4.266.0
MySQL 5.7.16
ERA Agent 6.4.283.0