Jump to content

Virus Signature Database Update - What should task settings look like?

whitelistCMD
 Share

Recommended Posts

whitelistCMD

whitelistCMD 1

Posted
Posted

We have quite a few computers that always seem to fail the virus signature database update. There's no rhyme or reason to it, and the issue exhibits no pattern. It happens a lot on new installs, or computers that have been offline for a while? It looks like we have a couple different update signature tasks, and I'm not sure if some got carried over from ERA migration and possibly some rolled over from doing our proof of concept? Anyways, what I'd like to do is clear out all the update signature tasks and create 1 single new task with the correct settings. What are the recommended settings for this task? I've heard some mention turning of shared local cache, or clear cache update in the task itself. Any suggestions?

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

If you update from ESET's servers (e.g. via an HTTP Proxy which is recommended to save the traffic), I'd leave the default update tasks untouched. The regular update task triggers update every 60 minutes.

By failing a definition database (engine) update do you mean that an error is logged in the ESET event log? If you leave the computer running for at least 2 hours, doesn't the database update automatically during this period?

Link to comment
Share on other sites
whitelistCMD

whitelistCMD 1

Posted
  • Author
Posted

Eventually the Endpoints all update, but they fail a few times before, which triggers alert e-mails. We don't use a proxy (prob not necessary for our size), and the updates are set to AutoSelect - so they can pull from ERA OVA or from the ESET Servers (at least that is how I understand it). The problem with the two hour window is people aren't always online for two hours. I wouldn't expect this to happen in 5 minutes, but 2 hours is a little excessive for what I would consider a small signature update. When the update does actually complete, from the time it starts to the time it finishes, is only a few minutes, if that. If we kick off the update manually from the Endpoint Application, it usually works on the third try. I just saw this happen this morning on a new computer and new ESET install.

Link to comment
Share on other sites
  • Former ESET Employees
EricJ

EricJ 2

Posted
  • Former ESET Employees
Posted

When you are set to 'AutoSelect' your updates will always be pulled over the internet from ESET Servers. ERA6 does not come with any update mirror functionality, as the recommended solution is to use an HTTP Proxy server to save bandwidth.

Updates shouldn't normally take 3 attempts to finish successfully. What is the error you receive when the update fails? Is it unable to connect to the Update Server?

Regards,

EricJ

Link to comment
Share on other sites
whitelistCMD

whitelistCMD 1

Posted
  • Author
Posted

OK, that's good to know in regards to AutoSelect. We have a fairly large pipe in comparison to the amount of machines we have. Will a proxy solve the issue of the update failing three times, or just limit the bandwidth? If we get an alert e-mail coming from the ERA it says "Server Not Found". This is on machines that have had an existing ESET install for quite some time. If it's on a new install, it will fail the update task shown in the ERA, and if it's done from the Endpoint Application then at that point, I believe it's "Undocumented Serious Error 0x1106" ? The odd variable in all of this is the fact that this doesn't happen on all machines. We see it a lot with remote users who have not connected for a few days, or fresh installs.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

"Server not found" is most likely reported because Internet connection is not established at the time ESET attempts to update. Hence I suggested to wait 2 hours (because of the default 60-min. interval) to confirm that ESET eventually updates. When using an HTTP proxy, it could happen that another machine has already downloaded particular update files and the proxy server will serve them from its cache.

Link to comment
Share on other sites
whitelistCMD

whitelistCMD 1

Posted
  • Author
Posted

Ok, I wasn't aware that a machine was then able to pull cache from the proxy. I will have to look into that then. On the other note, is there currently any way that we can delay the check-in for the signature updates? If we were able to delay the agent from checking for approximately 5 minutes, we could avoid the error alerts that we receive. Or is there a way to delay the errors? The errors come in approx 1 hour later, and by that time the machine has already updated. At least, most of the time.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

In home v10 we have a mechanism for detection of Internet connectivity so that update does not start before ESET has connectivity to the update servers.

Not sure if this will be implemented in Endpoint v6.5 or in v7 next year but I'll try to find out and let you know.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...