Jump to content

Which process resets groups to defaults on ERAS 6?


karlisi
 Share

Recommended Posts

In ERAS 6 on every saturday around 23:00 computer group names changes back to default. I have 'Lost and found' renamed to '_Lost and found' to get it to top of group list, it reverts back. Group 'Problematic computers' is copied to new group 'Problematic computers_date-and-time' with the same template. Deleted group 'Computers with outdated operating system' also is back. First occurrence was October 6th if I remember correctly.

This is ERAS virtual appliance on CentOS, nothing more is added to it, except Zabbix monitoring agent. No server or client tasks are running at that time.

Question - how to find what process is making these changes? In CentOS logs nothing special in this time.

Link to comment
Share on other sites

  • ESET Staff

This would happen in case of ESMC installation repair. Could you verify no components upgrade task is scheduled on local AGENT installed in appliance? Also installation repair might be executed by external process but it is definitely not standard behavior, so if this is the case, someone must have configured it manually.

Link to comment
Share on other sites

There was failed RA Components Upgrade task, but it seems unrelated. Running on Sundays, not Saturdays, every time finished successfully, only last Sunday exited wit error. Error text is 'Upgrade infrastructure task failed: Failed to upgrade WebConsole with: GetFile: Error reading HTTP response data (0x4e2a)'

Link to comment
Share on other sites

  • ESET Staff
1 minute ago, karlisi said:

There was failed RA Components Upgrade task, but it seems unrelated. Running on Sundays, not Saturdays, every time finished successfully, only last Sunday exited wit error. Error text is 'Upgrade infrastructure task failed: Failed to upgrade WebConsole with: GetFile: Error reading HTTP response data (0x4e2a)'

Failure is unrelated, but it actually means that you are running components upgrade task automatically -> and that is what causes your problem. I would recommend to disabled it, at least on machine where ERA/ESMC is installed. Even when there is no upgrade available, installation repair will be executed, and that is what renames your groups. If I recall correctly, behavior has changed in latest version, where not even repair is executed, but I am currently not able to confirm.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...