Jump to content

Archived

This topic is now archived and is closed to further replies.

earxtacy

ESEt file security: scan doesn't work

Recommended Posts

hi

i have a ERA console with dozen of linux boses with File security.

the scan shedule or not doesn't work on all linux (redhat, centos, debian..)

with the same error:

2017-02-23 13:15:34 Error: ERAG1ClientConnector [Thread 7f1b4a7ec700]: <MODULES> GetSerializedLog failed, Error: #18004
2017-02-23 13:15:34 Error: ERAG1ClientConnector [Thread 7f1b4a7ec700]: <CONNECTOR_MODULE> Publish task update state, task.id 38, state 'error'
2017-02-23 13:15:34 Error: ERAG1ClientConnector [Thread 7f1b4a7ec700]: <SESSION> Handle scan log failed 43

i already upgraded ERA, or reinstall the EFS.

And i change the interval to 20 minutes.

Any help will be greatly appreciated

thanks

 

Share this post


Link to post
Share on other sites

When debug log in Agent is enabled (in this case fault probably lies in Translator module) Legacy connector (EG1C) logs ESET module versions which are used.

In Agent log look for lines like Module (nnn) Version: nnn and post them (Note: You may need to restart Agent for this log to appear).

I suspect this issue was already fixed few weeks ago, and Agent is running with outdated Translator module.

Share this post


Link to post
Share on other sites

Hello, I would recommend to contact your local ESET support office with a ticket.

It might be related to the issue we have discovered in the translator support module. We will need to know the version of Translator in the product, and in the ERA Server. + the trace log, in which you have the problem listed.

Share this post


Link to post
Share on other sites

hi michal

it is eleven days i work with the support with no solution i will give them the information

Share this post


Link to post
Share on other sites

In general, you have to do the following:

- Create a policy for the ERA agent for the affected machine, where you configure logging to debug

- in the debug log, you should search for the following (module 18) is the translator support module:

[Thread 1880]: <MODULES> Unable to load module (Perseus)6002, from path: "XYZ"

2017-02-24 13:55:47 Debug: ERAG1ClientConnector [Thread 1880]: <MODULES> Module (1) Version: 1069 (20161122)

2017-02-24 13:55:47 Debug: ERAG1ClientConnector [Thread 1880]: <MODULES> Module (2) Version: 1484 (20160503)

2017-02-24 13:55:47 Debug: ERAG1ClientConnector [Thread 1880]: <MODULES> Module (18) Version: 1583 (20170209)

2017-02-24 13:55:47 Debug: ERAG1ClientConnector [Thread 1880]: <MODULES> Module (40) Version: 1461.11 (20170220)

2017-02-24 13:55:47 Information: ERAG1ClientConnector

Share this post


Link to post
Share on other sites

here, min for the product

 Module (18) Version: 1578 (20170203)

is that good ?

 

Share this post


Link to post
Share on other sites

Assuming the issue is present in Translator module and it's the same as we think it is - fix is available in 1579B.

So either You can ask support to provide this module (I'm not going to do this on forums) and replace it in Agent installation (on *nix this is "/var/opt/eset/RemoteAdministrator/Agent/Modules/") , or You'll have to wait for this module to become available through normal update and Agents on affected computers are updated...

You may also switch to prerelase updates in Agent update policy to get newer translator module. (if You dare to, it's prerelease after all, this should get You to version ~1583)

UESETS (FileSecurity) does not use Translator module, so only Agent modules must be updated.

 

If this issue is not what we think it is, we would need scan logs which fail conversion. (in binary format, once again however please send these via support as scan logs may contain sensitive information and You don't want to share it here)

 

 

 

Share this post


Link to post
Share on other sites
13 minutes ago, earxtacy said:

thanks for all of this

You're welcome,

Hope that module update helps.

Share this post


Link to post
Share on other sites

what is the risk to for prerelease update by default ?

as i have all agent under the same "Policies" Microsoft and linux.

thanks

Share this post


Link to post
Share on other sites

I'm definitely not the best person to answer that (I'm not really involved modules release cycle), so just the little I know.

The risk depends on which modules are in pre-release mode :)

Agent modules are relatively low risk as configuration module, loader module and translator are the only modules under update.

Translator module is relatively safe, as is configuration module. Loader I don't think there will ever be problems with.

Even pre-release updates are usually released only in batches. That is some number of downloads is permitted for new module so when there is error only a part of customers is affected. If issue is found module release is stopped and we can fix it (and possibly rollback customers to previous version)

However I would not run production environment with pre-release. This option is meant for test environments or home customers who want to support eset by giving us an early feedback about possible issues. 99/100 You won't encounter problems (It's not like someone just goes through code and randomly pushes out modules with untested changes). But production environment should more like 9999/10000. :)

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...