Jump to content
Cap-it

Remote Admin Agent password

Recommended Posts

So I'm moving over from an on prem AV server solution to the ESET cloud based business av solution and I'll be reinstalling the AV along with a new remote admin agent on all computers. Currently our agent is 6.5.5. I was able to uninstall the AV product but when I try to uninstall the Admin Agent it asks for a password. My predecessor had not documented the initial password before he left the company. Is there a way I can change the password in the Local Admin Console? I'm not familiar with ESET products.

ESET RAA Pass.png

Share this post


Link to post
Share on other sites

If the agent still connects to your ERA/ESMC server, remove or change the password via an agent policy prior to uninstall the agent:

image.png

Share this post


Link to post
Share on other sites

Or use revo uninstaller. Just did it and it worked. 

 

I wanted to uninstall it through control panel, it was asking for a password. I tried with revo uninstaller and it did remove the agent, without asking for any password. 

 

Isnt this a security flaw? Shouldnt this be fixed? @Marcos

Share this post


Link to post
Share on other sites
20 hours ago, sindbad said:

Isnt this a security flaw? Shouldnt this be fixed? @Marcos

Agent is protected by ESET security product installed on the same device. Was there any installed? If so, was HIPS module enabled?

Share this post


Link to post
Share on other sites

Eset security was installed. I removed eset security first. I could not remove agent because it was asking for a password by uninstall. Hips mode was enabled. 

 

Revo removed it without asking for a password. 

Share this post


Link to post
Share on other sites
On 12/25/2018 at 9:43 PM, sindbad said:

Eset security was installed. I removed eset security first. I could not remove agent because it was asking for a password by uninstall. Hips mode was enabled. 

 

Revo removed it without asking for a password. 

It is crucial that ESET product is installed, otherwise nothing is actually protecting AGENT from users with administrative privileges. Password protection is custom feature of our uninstaller (it is not feature of msiexec / windows) so it is effective only when our uninstaller is used -> this is enforced by self-defense of ESET security product.

In short: in case ESET security product is not installed, or it is not running properly (i.e. disabled HIPS), AGENT is not protected and thus anyone with administrative privileges can simple stop it, or completely remove.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×