sdnian
-
Posts
184 -
Joined
-
Last visited
-
Days Won
1
Posts posted by sdnian
-
-
In ERA 6.3, RDS version is 1.0.1049.0.
-
The issue has not been pinpointed yet and we were not able to reproduce it either. The thing is that for some reason upon opening a file the real-time protection driver gets a different result than seen in a Process monitor log which is why it continues to scan the file but is unable to read data. We'd need to get a complete memory from the moment when the 10-second deadlock occurs for further analysis.
I get a very old version of procmon, it could run in Windows 2003 with EFSW be installed. So I get logs and memory dump for you, please check PM.
-
Could you run IE x86 (not x64) before running a memory scan? If possible, try installing home v9 for a while just to see if it makes a difference.
According you mention IE x86.. I do some test and I am more clear about this issue. In Windows 64-bit OS, if no any x86 process in memory, to use EEA scans memory, it will get zero object being scanned. I've tested to run 7-zip x64 and Chrome x64 before EEA runs scanning. The EEA scan result still is zero objects. But ESET NOD32 Antivirus 9.0.349 has no this situation. Whatever any x86 process exists, it always no show zeroes object being scanned.
-
Thanks for reporting. Both issues should be fixed in next release.
In the meantime, you can try workaround for the first issue: stop SERVER service, replace file C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Localization\LangData.dat with the file from attached archive and start SERVER service. Be advised that it is not tested = please create backup of original file and restore it once you encounter any problem with localization. Also not that this file is suitable only for 6.3.12.0 release and will be replaced by upgrade or repair of SERVER installation.
First bug fixed.
-
If ERA 6.3 can't support re-installing ERA Server, when original ERA Server crash.. I've create a whole new server. How can I recover a new ERA Server that does not lose any setting? I mean that I've backup original ERA Server DB before ERA server crashed.
-
I've told ESET distributor about the bugs few months ago, but ERA 6.3 still no fix.
The "WORST FUNCTIONALITY PROBLEM" field.. if everything is fine, it should be blank, not show Zero.
OBJECT "URI" not "URL"
-
EES/EES 6.3.2016 still have the same problem. No fix it yet.
-
EFSW 6.3.12004 have the same problem. Does any ESET staff take care it?
-
There seems to be problem with authentication into cloned database:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'era_user'
have you migrated also DB user era_user? There has been some changes in this phase of installation (reducing required permissions) and it seems user is no longer automatically created in case you are installing ERA using existing database.
I backup and restore DB from another to the new one. Then I drop 'era_user' account before installing ERA 6.3. But I always get failed message. I also try to keep 'era_user' account, then install ERA 6.3. But I got the same error message. So could you please tell me what is the right procedure if I'd like to migrate DB from another server to new one? Thank you.
-
I've backup ERA 6.2 database from another to a new server. And I've installed SQL Express manul and restore database into it. Then I run 'Setup.exe' to install ERA 6.3, but uncheck 'Microsoft SQL Server Express'. it always show 'Installation failed. Do you want to installed components?'. What's wrong? I've do it many times in ERA 6.2, it all work well. Why ERA 6.3 can't do it with the same procedure?
-
It's been so long this problem still no fix.
-
Sorry, please delete duplicate posts.
-
I use Thunderbird (38.4.0) and use pop3 with STARTTLS connection to receive email. I check the EES, no any emails been scanned. Is EEA/EES can't support STARTTLS or it's a bug?
-
Hi.. HSW, thanks for your information. But I think we have different issue. It's not about what product that clients used, EEA or EES.. It is about we should have enough information to monitor what happened in every client. That's why we used ERAS.
By the way.. This top post these logs, it is because the computer has been installed two Chrome extensions. Every time launch Chrome, EEA show several alert messages. But EEA doesn't detect any malware. If these logs don't send back to ERA Web Console, how can I find out this issue?
-
I saw the log files in EEA, there are some records in the "Filtered websites" page. But I can't find out where are these logs in ERA Web Console? Could someone figure it out, please? Thank you.
-
Please configure the system to generate complete memory dumps and also enable manual crash feature as per the instructions at hxxp://support.eset.sk/kb380/. When the issue (deadlock) occurs, trigger a manual crash so that a dump is created. After a system restart, compress the dump and upload it to a safe location. Pm me the download link along with the output from ESET Log Collector (hxxp://support.eset.com/kb3466/).
PM sent.
-
EFSW cause clients to gain access to files very slow. If I disable 'real-time protection', the files can be opened quickly.For example: I've a simple excel file, just 10k bytes. If real-time protection was disabled, it just needs about 1.5 seconds to open it. But if real-time protection was enabled, it needs more than 12 seconds to open.I've tested EFSW in separate Windows Servers. It seems the issue happened in Windows 2003 SP2 x86 / 2003 R2 SP2 x64 only. In Windows 2008 SP2 x64 are okay.I used ESET File Security version is 6.2.12007.0.Second, EFSW cause Process Monitor crash every time in Windows 2003 / 2003 R2. (Windows 2008 no problem). Process Monitor crash very soon after being run. If removes EFSW in the same machine. Process Monitor run well.
-
Enable "Report non-ESET-installed applications" in ERA Agent policy.
-
-
Maybe it just happened in VM. I test it with VirtualBox (Host: Ubuntu 14.04 / 15.10, Windows 7 SP1) and Proxmox. Both have the same issue.
-
I try to test this issue in different Windows. All 32bit OSs have not this issue. It always has a number in the 'Number of scanned objects'. Below OS I've tested.
Windows XP SP3 32bit
Windows 7 SP1 32bit
But all 64bit OSs have the exact issue. Below OS I've tested.
Windows 7 SP1 64bit
Windows 8.1 64bit
Windows 10 64bit
Windows Server 2008 64bit
So I wonder it's a bug. Could ESET confirm it?
And I found a more eccentric thing. Before I scan memory, if I have to launch other programs, for example IE, notepad++, it could show a number.
The screenshots in the below.. I do it on the same computer (Windows 7 SP1 x64). But you can see one have 74 objects be scanned, but another is zero. The only difference is one has to launch notepad++, another has not.
Why?
-
1, Make sure that the In-depth scan profile doesn't have Smart optimization enabled (should be disabled by default for this profile).
2, Run a scan as administrator.
I've check the settings. "Enable Smart optimization" is off in the In-Depth profile. And I click "Scan as Administrator" button to start scanning. Any other suggestion? Thank you.
And I've uninstall and install EEA couple times. It's the same result.
-
I try to scan memory with "In-depth scan". But no object be scan, the log show "Number of scanned objects: 0". It's all using default settings. I don't change any settings after install EEA.
OS: Windows 7 Ultimate SP1
ESET Endpoint Antivirus v6.2.2021.0
Virus signature database: 12519 (20151105)Rapid Response module: 6962 (20151105)Update module: 1060 (20150617)Antivirus and antispyware scanner module: 1472 (20150930)Advanced heuristics module: 1162 (20150923)Archive support module: 1239 (20150929)Cleaner module: 1114 (20151004)Anti-Stealth support module: 1083 (20150819)ESET SysInspector module: 1254 (20150924)Real-time file system protection module: 1010 (20150806)Translation support module: 1411.3 (20151009)HIPS support module: 1203 (20151026)Internet protection module: 1226 (20151005)Database module: 1072 (20150831)Configuration module (33): 1055.4 (20150914)LiveGrid communication module: 1020 (20150807)
-
Finally, I resolve my issue. I use "Device identifiers . Identifier value" to resolve it.
ERA agent can't connect to Server
in ESET PROTECT On-prem (Remote Management)
Posted
I've an ERA server 6.3.136 running in Windows 2003 SP2 x86. All clients can't connect to ERA server. But if I restart eraserversvc, some clients could connect to ERA server. But it just could work only for few minutes. Then all clients can't connect to ERA server again. In client, I check the status.html, it show the kind of message:
Error: CReplicationManager: Replication (network) connection to 'host: "192.168.1.15" port: 2222' failed with: The connection will be closed due to timeout
I've check the processes in the ERA server, the 'eraserver.exe' is running. And I could logon to web console. I also check the trace.log of the ERA server. I see many error like below messages:
2016-03-07 07:01:39 Error: NetworkModule [Thread 13d8]: Container not found. Socket connection was probably closed., ResolvedIpAddress:192.168.1.104, ResolvedHostname:CASEY, ResolvedPort:4522
Should I do something to fix it?