Jump to content
An upgrade will take place on June 18, 2024 during the midday hours (UTC). The Forum will not be accessible for a short period of time. ×

Remote Admin Agent password

Cap-it
 Share

Recommended Posts

Cap-it

Cap-it 0

Posted
Posted

So I'm moving over from an on prem AV server solution to the ESET cloud based business av solution and I'll be reinstalling the AV along with a new remote admin agent on all computers. Currently our agent is 6.5.5. I was able to uninstall the AV product but when I try to uninstall the Admin Agent it asks for a password. My predecessor had not documented the initial password before he left the company. Is there a way I can change the password in the Local Admin Console? I'm not familiar with ESET products.

ESET RAA Pass.png

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,143

Posted
  • Administrators
Posted

If the agent still connects to your ERA/ESMC server, remove or change the password via an agent policy prior to uninstall the agent:

image.png

Link to comment
Share on other sites
Guest sindbad

Guest sindbad

Posted
Posted

Or use revo uninstaller. Just did it and it worked. 

 

I wanted to uninstall it through control panel, it was asking for a password. I tried with revo uninstaller and it did remove the agent, without asking for any password. 

 

Isnt this a security flaw? Shouldnt this be fixed? @Marcos

Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 381

Posted
  • ESET Staff
Posted
20 hours ago, sindbad said:

Isnt this a security flaw? Shouldnt this be fixed? @Marcos

Agent is protected by ESET security product installed on the same device. Was there any installed? If so, was HIPS module enabled?

Link to comment
Share on other sites
Guest sindbad

Guest sindbad

Posted
Posted

Eset security was installed. I removed eset security first. I could not remove agent because it was asking for a password by uninstall. Hips mode was enabled. 

 

Revo removed it without asking for a password. 

Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 381

Posted
  • ESET Staff
Posted
On 12/25/2018 at 9:43 PM, sindbad said:

Eset security was installed. I removed eset security first. I could not remove agent because it was asking for a password by uninstall. Hips mode was enabled. 

 

Revo removed it without asking for a password. 

It is crucial that ESET product is installed, otherwise nothing is actually protecting AGENT from users with administrative privileges. Password protection is custom feature of our uninstaller (it is not feature of msiexec / windows) so it is effective only when our uninstaller is used -> this is enforced by self-defense of ESET security product.

In short: in case ESET security product is not installed, or it is not running properly (i.e. disabled HIPS), AGENT is not protected and thus anyone with administrative privileges can simple stop it, or completely remove.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...