Jump to content

Recommended Posts

Posted

Hi everyone, is there a way to view computers that don't have the antivirus installed? i did this, but the list is empty, i know for a fact that we have computers without antivirus installed.

  • Administrators
Posted

Do all computers report to ERAS? Ie. do all of them have ERA Agent already installed?

Posted

nope, those without antivirus don't have the agent either.

  • Administrators
Posted

Since it's agent that reports to ERAS, you must deploy it first. We recommend using GPO for deploying it. Agent can be installed even if another AV is still on your endpoints.

Posted

ok, but isn't there a way to detect the computers with missing agent? we use active directory.

Posted
4 hours ago, Alex Vaida said:

ok, but isn't there a way to detect the computers with missing agent? we use active directory.

If you're syncing with AD, you should see those systems without the Remote Agent installed. If you don't use GP to deploy the agent, you will have to deploy it manually via the ERA Console.

Regarding RD Sensor; it only works on the subnet where it is installed, so you will need to deploy an RD Sensor on every subnet where you want to detect rogue clients.  It's worth mentioning that RD Sensor Windows install relies on WinPcap, which is an abandoned project that has not been patched or updated in over 4 years.

Posted

we are syncing with AD, if i run a static group sync, they show up but i get a lot of false positives, computers that ERA reports are umanaged but in fact they have agent and antivirus installed, i am curently testing on my own pc, uninstalled agent and antivirus and ERA still reports that i have the agent installed.

  • ESET Staff
Posted

@Alex Vaida

If you remove the Endpoint first, and agent is still connected, upon next replication it should inform the server, that the Endpoint is no longer present, and it will indicate only agent being installed. If you remove also the agent, this information is not delivered back to server, as there is nothing that could inform the server, that agent is not there. I will check with the devs, whether this information is "cleaned up" after some interval and computer would actually appear as "unmanaged" again.

Posted

@MichalJ

So i found 3 laptops that were reported as unmanaged but had agent and antivirus installed, i deployed the entire package(agent+antivirus)with the remote deplyment tool, on 2 of them the agent was updated and they communicated with the server and on one only the antivirus was updated and no communication.

If i try using the webconsole the rate of success for any operation is very low, the install tasks mostly don't work, the activation task hasn't worked in 8 months, 0% succes with the stop managing task.

Posted
8 hours ago, Alex Vaida said:

@MichalJ

So i found 3 laptops that were reported as unmanaged but had agent and antivirus installed, i deployed the entire package(agent+antivirus)with the remote deplyment tool, on 2 of them the agent was updated and they communicated with the server and on one only the antivirus was updated and no communication.

If i try using the webconsole the rate of success for any operation is very low, the install tasks mostly don't work, the activation task hasn't worked in 8 months, 0% succes with the stop managing task.

The agent seems prone to corruption. There are a more than a few threads with similar findings/experience on both Windows and OS X.

Assuming the issue is not firewall, the only fix we've found is to uninstall the agent via msi. You have to use a third-party product, as once the agent is broken ERA tasks are useless. Once the agent is uninstalled, you can redeploy using ERA console.

Activation and AV install both rely on Internet connection, so verify that your endpoints have connectivity and aren't blocked.

  • 4 weeks later...
Posted (edited)

I have a laptop that the ERA console says it's unmanaged.

If I search that laptop by IP in the ERA console it finds another computer, not the original one. And it reports that is managed, not unmanaged. And also the user reported to be logged on the managed laptop actually uses the unmanaged laptop.

Edited by Alex Vaida
  • ESET Staff
Posted

Hello,

Based on the symptoms you have mentioned, you either has incorrectly handled DNS name resolving of the computers / de-synced names between your directory server or on the computer, or you are cloning machines. Please compare the FQDN reported in computer details, with the actual name of the computer.

Posted

I'd recommend first making sure your DNS is working flawlessly and rule out it as the cause of the mismatches.

Then verify you have the 'Rename Computers' server task configured to run periodically.

Also, if computers are frequently renamed in AD, or happen to get disjoined and rejoined, this can cause issues, as well

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...