Jump to content

Differents Version of Virus Detection Signature displayed


pronto
 Share

Recommended Posts

Servus Community,

the displayed versions may differ significantly from each other. In the remote console, for example, my Windows workstation is displayed with a yellow warning at 'last connected', which tells me that the client has not reported to the server for two days, but it has already updated the virus detection signature today.

Two different versions of the detection routine are displayed in the client itself. On the page Computerscan a virus signature from 19.11.2018 is displayed and on the page Update one from today (21.11.18).

How do I get this synchronously and what do I have to do so that the client regularly gets the updates from the server. This doesn't affect all clients but a few already.

Thanks in advance for your attention & Bye Tom

 

eset_1.png

eset_2.png

eset_3.png

Link to comment
Share on other sites

  • Administrators

The middle screen shot shows results from a context scan that was run on Nov 19 with the version of the detection engine 18404 which was installed at that time.

The last screen shot shows two different modules: the detection engine and the Rapid response module. They obviously must be of different versions.

image.png

Link to comment
Share on other sites

Servus Marcos,

ah, excuse the stupid question, that's exactly what it says.

Now it's about the warning in the remote console, because the client hasn't been connected for two days. It should actually do this, especially since it has also downloaded a current virus definition today. Is it possible, that under certain circumstances, a client downloads the current virus definition from the Internet, without the knowledge from our server?

Thx & Bye Tom

Link to comment
Share on other sites

  • Administrators
13 minutes ago, pronto said:

Now it's about the warning in the remote console, because the client hasn't been connected for two days. It should actually do this, especially since it has also downloaded a current virus definition today. Is it possible, that under certain circumstances, a client downloads the current virus definition from the Internet, without the knowledge from our server? 

Please check the last connection in client details and make sure the client has recently connected to the ESMC server.

Link to comment
Share on other sites

  • ESET Staff
13 minutes ago, pronto said:

Now it's about the warning in the remote console, because the client hasn't been connected for two days. It should actually do this, especially since it has also downloaded a current virus definition today. Is it possible, that under certain circumstances, a client downloads the current virus definition from the Internet, without the knowledge from our server?

Yes it is possible. Downloading updates and connecting to ESMC are two different scenarios and it is possible that one of them might be failing. For example client might be connected in network, where it is possible to download updates from ESET download server, but it is not possible to connect to ESMC due to network restrictions, especially in case access to ESMC is limited, for example to only internal company network. Question is, why is client (AGENT) not connecting, and answer for this might be located in AGENT logs.

Link to comment
Share on other sites

Servus MartinK,

there is actually something logged but I can't deal with the error codes:

2018-11-19 06:20:54 Warning: CPushNotificationsModule [Thread 1708]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-19 07:03:41 Error: CReplicationModule [Thread 1550]: InitializeConnection: Initiating replication connection to 'host: "VM-NET-SRV-2.DOMAIN.local" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "VM-NET-SRV-2.DOMAIN.local" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: OS Error, and error details: 
2018-11-19 07:03:41 Warning: CReplicationModule [Thread 1550]: InitializeConnection: Not possible to establish any connection (Attempts: 1)
2018-11-19 07:03:41 Error: CReplicationModule [Thread 1550]: InitializeFailOverScenario: Skipping fail-over scenario (stored replication link is the same as current)
2018-11-19 07:03:41 Error: CReplicationModule [Thread 1550]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "VM-NET-SRV-2.DOMAIN.local" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "VM-NET-SRV-2.DOMAIN.local" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message:  OS Error, and error details: Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: VM-NET-SRV-2.KASTNER.local:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 8ea39442-1013-435d-8574-158cf7524b02, Sent logs: 0, Cached static objects: 49, Cached static object groups: 9, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
2018-11-19 13:32:22 Warning: CPushNotificationsModule [Thread 2a20]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-19 19:35:01 Warning: CPushNotificationsModule [Thread 21c4]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-20 01:37:29 Warning: CPushNotificationsModule [Thread 27a8]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-20 08:24:50 Warning: CPushNotificationsModule [Thread c90]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-20 13:32:50 Warning: CPushNotificationsModule [Thread 2b20]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-20 20:24:44 Warning: CPushNotificationsModule [Thread fdc]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-21 02:27:19 Warning: CPushNotificationsModule [Thread 135c]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-21 08:27:24 Warning: CPushNotificationsModule [Thread 18cc]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-21 14:27:29 Warning: CPushNotificationsModule [Thread 574]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)

You may have more information about the error messages.

There is nothing special in the status log.

Thx & Bye Tom

eset_05.png

Link to comment
Share on other sites

Servus Marcos,

>Please check the last connection in client details and make sure the client has recently connected to the ESMC server.

How can I perform a connectivity test to determine if the client is connected or not?

Anyway, a restart of the client solved the issue for now. I will monitor the behaviour of the client connectivity the next few days, maybe I figure out what's happend.

Thx & Bye Tom

Edited by pronto
Link to comment
Share on other sites

Servus MartinK,

for you also the information, that a client restart solved the issue and I will monitor the behaviour of the client connectivity in the next few days. If you have further informations about the error messages, I'm still interested 😉

Thx & Bye Tom

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...