ESEt file security: scan doesn't work

[earxtacy 0]

hi

i have a ERA console with dozen of linux boses with File security.

the scan shedule or not doesn't work on all linux (redhat, centos, debian..)

with the same error:

2017-02-23 13:15:34 Error: ERAG1ClientConnector [Thread 7f1b4a7ec700]: <MODULES> GetSerializedLog failed, Error: #18004
2017-02-23 13:15:34 Error: ERAG1ClientConnector [Thread 7f1b4a7ec700]: <CONNECTOR_MODULE> Publish task update state, task.id 38, state 'error'
2017-02-23 13:15:34 Error: ERAG1ClientConnector [Thread 7f1b4a7ec700]: <SESSION> Handle scan log failed 43

i already upgraded ERA, or reinstall the EFS.

And i change the interval to 20 minutes.

Any help will be greatly appreciated

thanks

 

[Mirek S. 18]

When debug log in Agent is enabled (in this case fault probably lies in Translator module) Legacy connector (EG1C) logs ESET module versions which are used.

In Agent log look for lines like Module (nnn) Version: nnn and post them (Note: You may need to restart Agent for this log to appear).

I suspect this issue was already fixed few weeks ago, and Agent is running with outdated Translator module.

Edited February 24, 2017 by LegacyConnectorSupport

[MichalJ 434]

Hello, I would recommend to contact your local ESET support office with a ticket.

It might be related to the issue we have discovered in the translator support module. We will need to know the version of Translator in the product, and in the ERA Server. + the trace log, in which you have the problem listed.

[earxtacy 0]

hi michal

it is eleven days i work with the support with no solution i will give them the information

Edited February 24, 2017 by earxtacy

[earxtacy 0]

where did i check the version of the component ?

thanks

[MichalJ 434]

In general, you have to do the following:

- Create a policy for the ERA agent for the affected machine, where you configure logging to debug

- in the debug log, you should search for the following (module 18) is the translator support module:

[Thread 1880]: <MODULES> Unable to load module (Perseus)6002, from path: "XYZ"

2017-02-24 13:55:47 Debug: ERAG1ClientConnector [Thread 1880]: <MODULES> Module (1) Version: 1069 (20161122)

2017-02-24 13:55:47 Debug: ERAG1ClientConnector [Thread 1880]: <MODULES> Module (2) Version: 1484 (20160503)

2017-02-24 13:55:47 Debug: ERAG1ClientConnector [Thread 1880]: <MODULES> Module (18) Version: 1583 (20170209)

2017-02-24 13:55:47 Debug: ERAG1ClientConnector [Thread 1880]: <MODULES> Module (40) Version: 1461.11 (20170220)

2017-02-24 13:55:47 Information: ERAG1ClientConnector

[earxtacy 0]

here, min for the product

 Module (18) Version: 1578 (20170203)

is that good ?

 

Edited February 24, 2017 by earxtacy

[Mirek S. 18]

Assuming the issue is present in Translator module and it's the same as we think it is - fix is available in 1579B.

So either You can ask support to provide this module (I'm not going to do this on forums) and replace it in Agent installation (on *nix this is "/var/opt/eset/RemoteAdministrator/Agent/Modules/") , or You'll have to wait for this module to become available through normal update and Agents on affected computers are updated...

You may also switch to prerelase updates in Agent update policy to get newer translator module. (if You dare to, it's prerelease after all, this should get You to version ~1583)

UESETS (FileSecurity) does not use Translator module, so only Agent modules must be updated.

 

If this issue is not what we think it is, we would need scan logs which fail conversion. (in binary format, once again however please send these via support as scan logs may contain sensitive information and You don't want to share it here)

 

 

 

Edited February 25, 2017 by LegacyConnectorSupport

[earxtacy 0]

thanks for all of this

[Mirek S. 18]

13 minutes ago, earxtacy said:

thanks for all of this

You're welcome,

Hope that module update helps.

[earxtacy 0]

what is the risk to for prerelease update by default ?

as i have all agent under the same "Policies" Microsoft and linux.

thanks

[Mirek S. 18]

I'm definitely not the best person to answer that (I'm not really involved modules release cycle), so just the little I know.

The risk depends on which modules are in pre-release mode

Agent modules are relatively low risk as configuration module, loader module and translator are the only modules under update.

Translator module is relatively safe, as is configuration module. Loader I don't think there will ever be problems with.

Even pre-release updates are usually released only in batches. That is some number of downloads is permitted for new module so when there is error only a part of customers is affected. If issue is found module release is stopped and we can fix it (and possibly rollback customers to previous version)

However I would not run production environment with pre-release. This option is meant for test environments or home customers who want to support eset by giving us an early feedback about possible issues. 99/100 You won't encounter problems (It's not like someone just goes through code and randomly pushes out modules with untested changes). But production environment should more like 9999/10000.