macOS Terminal command line calls for ESET

[jkknight 2]

Ok, so just had a pretty specific scenario where a managed Mac has Endpoint Antivirus installed, but is throwing off an error "Product installed but is not running"(see below). So I got to thinking there is a way, via creating a task, to run a command on the remote machine by which I could force the ESET client to start. But, what commands to run... would you just simply run the ' open -a ESET Endpoint Antivirus ' or run a command to start the ESET daemon - ' launchctl load -w /Library/LaunchDaemons/com.eset.esets_daemon.plist ' . And I assume that last command would need to be ran as the ' root user ' ie ' sudo ' ?

Does anyone have some experience in running an ERA 'run command' task on a remote Mac client?

Are there any other useful commands that can be used for the remote client?

[MartinK 383]

Just a few notes regarding run command task you should be aware of:

• task is executed in context of ERAAgent process, which is by default running as daemon with root privileges
• task actually takes user input and uses it as an shell content, which is executed
• be aware that system daemon as is AGENT has no direct access to user desktop. This complicates interaction with user desktop or user applications. Using methods for personification are required. Also be aware that environment (env variables) and permissions might be different as when using administrator account.
• execution of task is asynchronous, which means AGENT won't be waiting for result, and also there will be no output/exit code available in ERA console.

And for this specific scenario, I guess restarting another daemon should be possible, but what I am not sure is whether it helps. ESET daemons are auto-started, so this error might indicate problems - for example installation might be corrupted, or maybe only ESET kernel extensions need manual approval, as is case for masOS 10.13.

[jkknight 2]

Thanks Martin good to become aware of all of those contexts. There doesn't seem to be much documentation for the things you listed out... thus the reason for creating this topic.

Regarding this specific issue - I have had this happen on other Mac's, one of which is my test machine. To remedy the issue only thing that was done was to restart (actually sometimes took multiple restarts) the machine and the client started up normally. There have been a few instances where restarting the machine does not actually auto-start the ESET daemon. I'm still trying to figure out why this is the case. But, the problematic machine discussed above was running an older version of macOS when the ESET Agent/Client was installed and only recently had been upgraded to the latest macOS 10.13. So, unless one has to manually approve the ESET kernel after an upgrade (I have not experienced this - only occurs if ESET is being installed on top of macOS 10.13) I have to wonder if there is some type of corruption going on. Which would seem strange since ESET has been running on this machine for close to a year with no 'known' issues. This is why I thought maybe the daemon did not start correctly or needed to be restarted...

[MichalJ 434]

Is the version of the mac product the latest (compatible with 10.13)? That might be the reason.

[jkknight 2]

8 hours ago, MichalJ said:

Is the version of the mac product the latest (compatible with 10.13)? That might be the reason.

We are running

ESET Endpoint Antivirus

6.5.600.1

 

from https://www.eset.com/us/business/endpoint-security/mac-antivirus/ ?

 

machine is running macOS 10.13.4

[jkknight 2]

I can't believe I'm derailing my own thread... 

UPDATE: to the original machine issue.. I spoke with the user this morning - she stated that she shuts down her machine at the end of everyday and starts it up when she first gets into the office. So yesterday the product was reporting the error - today it started up and is reporting as normal.

I guess the place for me to start is to see if the daemon is starting correctly as part of the startup daemon. Or is the ESET Agent/Client daemon starting up outside of the startup daemon (ie. not connect to)?

[MartinK 383]

2 hours ago, jkknight said:

I guess the place for me to start is to see if the daemon is starting correctly as part of the startup daemon. Or is the ESET Agent/Client daemon starting up outside of the startup daemon (ie. not connect to)?

Not sure I understand correctly macOS terminology, but both AGENT and EES/EAV are started as "Launch Daemons", i.e. they are background services managed by launchd. Mentioned "Product is installed but is not running" error indicates that EES/EAV daemon is not running in the moment when AGENT tried to connect to it. This error might be temporarily reported in case AGENT is started prior to ESET security daemon, but it should recover almost immediately.

Starting and stopping daemons might be visible in system logs, but I am not able to verify as I have currently no access to macOS machine. Desktop application visible to user is started separately for each logged in user, but it is not related to this issue -> AGENT does not require user space application (ESET gui) to communicate with ESET security daemon.

[j-gray 37]

On 4/10/2018 at 2:24 PM, jkknight said:

There have been a few instances where restarting the machine does not actually auto-start the ESET daemon. I'm still trying to figure out why this is the case. But, the problematic machine discussed above was running an older version of macOS when the ESET Agent/Client was installed and only recently had been upgraded to the latest macOS 10.13. So, unless one has to manually approve the ESET kernel after an upgrade (I have not experienced this - only occurs if ESET is being installed on top of macOS 10.13)

FWIW, we're seeing this issue (product is installed but it is not running) on systems that have been upgraded to High Sierra until the user OK's the ESET plug-in.