Differents Version of Virus Detection Signature displayed

[pronto 6]

Servus Community,

the displayed versions may differ significantly from each other. In the remote console, for example, my Windows workstation is displayed with a yellow warning at 'last connected', which tells me that the client has not reported to the server for two days, but it has already updated the virus detection signature today.

Two different versions of the detection routine are displayed in the client itself. On the page Computerscan a virus signature from 19.11.2018 is displayed and on the page Update one from today (21.11.18).

How do I get this synchronously and what do I have to do so that the client regularly gets the updates from the server. This doesn't affect all clients but a few already.

Thanks in advance for your attention & Bye Tom

 

[Marcos 5,069]

The middle screen shot shows results from a context scan that was run on Nov 19 with the version of the detection engine 18404 which was installed at that time.

The last screen shot shows two different modules: the detection engine and the Rapid response module. They obviously must be of different versions.

[pronto 6]

Servus Marcos,

ah, excuse the stupid question, that's exactly what it says.

Now it's about the warning in the remote console, because the client hasn't been connected for two days. It should actually do this, especially since it has also downloaded a current virus definition today. Is it possible, that under certain circumstances, a client downloads the current virus definition from the Internet, without the knowledge from our server?

Thx & Bye Tom

[Marcos 5,069]

13 minutes ago, pronto said:

Now it's about the warning in the remote console, because the client hasn't been connected for two days. It should actually do this, especially since it has also downloaded a current virus definition today. Is it possible, that under certain circumstances, a client downloads the current virus definition from the Internet, without the knowledge from our server? 

Please check the last connection in client details and make sure the client has recently connected to the ESMC server.

[MartinK 378]

13 minutes ago, pronto said:

Now it's about the warning in the remote console, because the client hasn't been connected for two days. It should actually do this, especially since it has also downloaded a current virus definition today. Is it possible, that under certain circumstances, a client downloads the current virus definition from the Internet, without the knowledge from our server?

Yes it is possible. Downloading updates and connecting to ESMC are two different scenarios and it is possible that one of them might be failing. For example client might be connected in network, where it is possible to download updates from ESET download server, but it is not possible to connect to ESMC due to network restrictions, especially in case access to ESMC is limited, for example to only internal company network. Question is, why is client (AGENT) not connecting, and answer for this might be located in AGENT logs.

[pronto 6]

Servus MartinK,

there is actually something logged but I can't deal with the error codes:

2018-11-19 06:20:54 Warning: CPushNotificationsModule [Thread 1708]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-19 07:03:41 Error: CReplicationModule [Thread 1550]: InitializeConnection: Initiating replication connection to 'host: "VM-NET-SRV-2.DOMAIN.local" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "VM-NET-SRV-2.DOMAIN.local" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: OS Error, and error details: 
2018-11-19 07:03:41 Warning: CReplicationModule [Thread 1550]: InitializeConnection: Not possible to establish any connection (Attempts: 1)
2018-11-19 07:03:41 Error: CReplicationModule [Thread 1550]: InitializeFailOverScenario: Skipping fail-over scenario (stored replication link is the same as current)
2018-11-19 07:03:41 Error: CReplicationModule [Thread 1550]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "VM-NET-SRV-2.DOMAIN.local" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "VM-NET-SRV-2.DOMAIN.local" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message:  OS Error, and error details: Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: VM-NET-SRV-2.KASTNER.local:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 8ea39442-1013-435d-8574-158cf7524b02, Sent logs: 0, Cached static objects: 49, Cached static object groups: 9, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
2018-11-19 13:32:22 Warning: CPushNotificationsModule [Thread 2a20]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-19 19:35:01 Warning: CPushNotificationsModule [Thread 21c4]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-20 01:37:29 Warning: CPushNotificationsModule [Thread 27a8]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-20 08:24:50 Warning: CPushNotificationsModule [Thread c90]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-20 13:32:50 Warning: CPushNotificationsModule [Thread 2b20]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-20 20:24:44 Warning: CPushNotificationsModule [Thread fdc]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-21 02:27:19 Warning: CPushNotificationsModule [Thread 135c]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-21 08:27:24 Warning: CPushNotificationsModule [Thread 18cc]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-11-21 14:27:29 Warning: CPushNotificationsModule [Thread 574]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)

You may have more information about the error messages.

There is nothing special in the status log.

Thx & Bye Tom

[pronto 6]

Servus Marcos,

>Please check the last connection in client details and make sure the client has recently connected to the ESMC server.

How can I perform a connectivity test to determine if the client is connected or not?

Anyway, a restart of the client solved the issue for now. I will monitor the behaviour of the client connectivity the next few days, maybe I figure out what's happend.

Thx & Bye Tom

Edited November 21, 2018 by pronto

[pronto 6]

Servus MartinK,

for you also the information, that a client restart solved the issue and I will monitor the behaviour of the client connectivity in the next few days. If you have further informations about the error messages, I'm still interested 😉

Thx & Bye Tom