Jump to content

Remote Admin Agent password


Cap-it
 Share

Recommended Posts

So I'm moving over from an on prem AV server solution to the ESET cloud based business av solution and I'll be reinstalling the AV along with a new remote admin agent on all computers. Currently our agent is 6.5.5. I was able to uninstall the AV product but when I try to uninstall the Admin Agent it asks for a password. My predecessor had not documented the initial password before he left the company. Is there a way I can change the password in the Local Admin Console? I'm not familiar with ESET products.

ESET RAA Pass.png

Link to comment
Share on other sites

  • Administrators

If the agent still connects to your ERA/ESMC server, remove or change the password via an agent policy prior to uninstall the agent:

image.png

Link to comment
Share on other sites

Or use revo uninstaller. Just did it and it worked. 

 

I wanted to uninstall it through control panel, it was asking for a password. I tried with revo uninstaller and it did remove the agent, without asking for any password. 

 

Isnt this a security flaw? Shouldnt this be fixed? @Marcos

Link to comment
Share on other sites

  • ESET Staff
20 hours ago, sindbad said:

Isnt this a security flaw? Shouldnt this be fixed? @Marcos

Agent is protected by ESET security product installed on the same device. Was there any installed? If so, was HIPS module enabled?

Link to comment
Share on other sites

Eset security was installed. I removed eset security first. I could not remove agent because it was asking for a password by uninstall. Hips mode was enabled. 

 

Revo removed it without asking for a password. 

Link to comment
Share on other sites

  • ESET Staff
On 12/25/2018 at 9:43 PM, sindbad said:

Eset security was installed. I removed eset security first. I could not remove agent because it was asking for a password by uninstall. Hips mode was enabled. 

 

Revo removed it without asking for a password. 

It is crucial that ESET product is installed, otherwise nothing is actually protecting AGENT from users with administrative privileges. Password protection is custom feature of our uninstaller (it is not feature of msiexec / windows) so it is effective only when our uninstaller is used -> this is enforced by self-defense of ESET security product.

In short: in case ESET security product is not installed, or it is not running properly (i.e. disabled HIPS), AGENT is not protected and thus anyone with administrative privileges can simple stop it, or completely remove.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...