Cap-it 0 Posted December 14, 2018 Posted December 14, 2018 So I'm moving over from an on prem AV server solution to the ESET cloud based business av solution and I'll be reinstalling the AV along with a new remote admin agent on all computers. Currently our agent is 6.5.5. I was able to uninstall the AV product but when I try to uninstall the Admin Agent it asks for a password. My predecessor had not documented the initial password before he left the company. Is there a way I can change the password in the Local Admin Console? I'm not familiar with ESET products.
Administrators Marcos 5,458 Posted December 15, 2018 Administrators Posted December 15, 2018 If the agent still connects to your ERA/ESMC server, remove or change the password via an agent policy prior to uninstall the agent:
Guest sindbad Posted December 24, 2018 Posted December 24, 2018 Or use revo uninstaller. Just did it and it worked. I wanted to uninstall it through control panel, it was asking for a password. I tried with revo uninstaller and it did remove the agent, without asking for any password. Isnt this a security flaw? Shouldnt this be fixed? @Marcos
ESET Staff MartinK 384 Posted December 25, 2018 ESET Staff Posted December 25, 2018 20 hours ago, sindbad said: Isnt this a security flaw? Shouldnt this be fixed? @Marcos Agent is protected by ESET security product installed on the same device. Was there any installed? If so, was HIPS module enabled?
Guest sindbad Posted December 25, 2018 Posted December 25, 2018 Eset security was installed. I removed eset security first. I could not remove agent because it was asking for a password by uninstall. Hips mode was enabled. Revo removed it without asking for a password.
ESET Staff MartinK 384 Posted December 27, 2018 ESET Staff Posted December 27, 2018 On 12/25/2018 at 9:43 PM, sindbad said: Eset security was installed. I removed eset security first. I could not remove agent because it was asking for a password by uninstall. Hips mode was enabled. Revo removed it without asking for a password. It is crucial that ESET product is installed, otherwise nothing is actually protecting AGENT from users with administrative privileges. Password protection is custom feature of our uninstaller (it is not feature of msiexec / windows) so it is effective only when our uninstaller is used -> this is enforced by self-defense of ESET security product. In short: in case ESET security product is not installed, or it is not running properly (i.e. disabled HIPS), AGENT is not protected and thus anyone with administrative privileges can simple stop it, or completely remove.
Recommended Posts