Jump to content

Unprotected computers in eset remote administrator 6.5


Alex Vaida
 Share

Recommended Posts

Hi everyone, is there a way to view computers that don't have the antivirus installed? i did this, but the list is empty, i know for a fact that we have computers without antivirus installed.

Link to comment
Share on other sites

  • Administrators

Do all computers report to ERAS? Ie. do all of them have ERA Agent already installed?

Link to comment
Share on other sites

  • Administrators

Since it's agent that reports to ERAS, you must deploy it first. We recommend using GPO for deploying it. Agent can be installed even if another AV is still on your endpoints.

Link to comment
Share on other sites

4 hours ago, Alex Vaida said:

ok, but isn't there a way to detect the computers with missing agent? we use active directory.

If you're syncing with AD, you should see those systems without the Remote Agent installed. If you don't use GP to deploy the agent, you will have to deploy it manually via the ERA Console.

Regarding RD Sensor; it only works on the subnet where it is installed, so you will need to deploy an RD Sensor on every subnet where you want to detect rogue clients.  It's worth mentioning that RD Sensor Windows install relies on WinPcap, which is an abandoned project that has not been patched or updated in over 4 years.

Link to comment
Share on other sites

we are syncing with AD, if i run a static group sync, they show up but i get a lot of false positives, computers that ERA reports are umanaged but in fact they have agent and antivirus installed, i am curently testing on my own pc, uninstalled agent and antivirus and ERA still reports that i have the agent installed.

Link to comment
Share on other sites

  • ESET Staff

@Alex Vaida

If you remove the Endpoint first, and agent is still connected, upon next replication it should inform the server, that the Endpoint is no longer present, and it will indicate only agent being installed. If you remove also the agent, this information is not delivered back to server, as there is nothing that could inform the server, that agent is not there. I will check with the devs, whether this information is "cleaned up" after some interval and computer would actually appear as "unmanaged" again.

Link to comment
Share on other sites

@MichalJ

So i found 3 laptops that were reported as unmanaged but had agent and antivirus installed, i deployed the entire package(agent+antivirus)with the remote deplyment tool, on 2 of them the agent was updated and they communicated with the server and on one only the antivirus was updated and no communication.

If i try using the webconsole the rate of success for any operation is very low, the install tasks mostly don't work, the activation task hasn't worked in 8 months, 0% succes with the stop managing task.

Link to comment
Share on other sites

8 hours ago, Alex Vaida said:

@MichalJ

So i found 3 laptops that were reported as unmanaged but had agent and antivirus installed, i deployed the entire package(agent+antivirus)with the remote deplyment tool, on 2 of them the agent was updated and they communicated with the server and on one only the antivirus was updated and no communication.

If i try using the webconsole the rate of success for any operation is very low, the install tasks mostly don't work, the activation task hasn't worked in 8 months, 0% succes with the stop managing task.

The agent seems prone to corruption. There are a more than a few threads with similar findings/experience on both Windows and OS X.

Assuming the issue is not firewall, the only fix we've found is to uninstall the agent via msi. You have to use a third-party product, as once the agent is broken ERA tasks are useless. Once the agent is uninstalled, you can redeploy using ERA console.

Activation and AV install both rely on Internet connection, so verify that your endpoints have connectivity and aren't blocked.

Link to comment
Share on other sites

  • 4 weeks later...

I have a laptop that the ERA console says it's unmanaged.

If I search that laptop by IP in the ERA console it finds another computer, not the original one. And it reports that is managed, not unmanaged. And also the user reported to be logged on the managed laptop actually uses the unmanaged laptop.

Edited by Alex Vaida
Link to comment
Share on other sites

  • ESET Staff

Hello,

Based on the symptoms you have mentioned, you either has incorrectly handled DNS name resolving of the computers / de-synced names between your directory server or on the computer, or you are cloning machines. Please compare the FQDN reported in computer details, with the actual name of the computer.

Link to comment
Share on other sites

I'd recommend first making sure your DNS is working flawlessly and rule out it as the cause of the mismatches.

Then verify you have the 'Rename Computers' server task configured to run periodically.

Also, if computers are frequently renamed in AD, or happen to get disjoined and rejoined, this can cause issues, as well

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...