Jump to content

Archived

This topic is now archived and is closed to further replies.

Haresh2015

ESET Dynamic Threat Defense is not accessible alert in ESMC Console.

Recommended Posts

ESET Dynamic Threat Defense is not accessible warring massage show in ESMC console.

error.thumb.png.bb05687bc080859b686ad74e900b62e1.png

but no any alert in ESET Endpoint Security dashboard, so find attached ESET Log Collector log and do needful.

ees_logs.zip

Share this post


Link to post
Share on other sites

Probably you didn't purchase a license for EDTD or you didn't activate EDTD on the client but enabled EDTD through a policy.

Please make sure that EDTD is disabled in the advanced setup -> Cloud-based protection.

Share this post


Link to post
Share on other sites
8 minutes ago, Marcos said:

Probably you didn't purchase a license for EDTD or you didn't activate EDTD on the client but enabled EDTD through a policy.

Please make sure that EDTD is disabled in the advanced setup -> Cloud-based protection. 

EDTD is enabled.

Customer using 400 Endpoints and issue occurred today only 43 systems.

Share this post


Link to post
Share on other sites
Quote

EDTD is enabled. 
Customer using 400 Endpoints and issue occurred today only 43 systems. 

Did the user purchase an ESET Dynamic Threat Defense license and activated it through an EBA account from ESMC?

If the user has only a license for Endpoint without EDTD, then EDTD must stay disabled in a policy.

Share this post


Link to post
Share on other sites

In order to really use "EDTD" you have to: 

  1. Purchase a valid license for ESET Dynamic Threat Defense
  2. Add it to ESET Business Account, together with your standard Endpoint licenses (this will pair the cloud sandbox with all of your devices)
  3. Activated EDTD via given license, on the endpoints where you want to use it
  4. Enabled EDTD in the policy.

Error you are getting is related to the fact, that you have just enabled EDTD (point 4) in the list above, however did not complete the steps needed. So to let the warning disappear, you either have to buy EDTD license, and complete steps 1-3, or disable EDTD, as with the standard Endpoint license, you are not eligible to use it. Reason why it started appearing as of now is the recent module update, which brought this warning to already installed clients (EP V7). 

Share this post


Link to post
Share on other sites

I have the same problem. and the team is already active with the license of the dynamic

 

 

image.thumb.png.d2b10ff4b74b7c011cbef89eaccbe269.png

image.thumb.png.42cafb3dafe58de62c60824606584d78.png

 

image.png.55ca9dbb30676a5c75729246ef9c08ba.png

Share this post


Link to post
Share on other sites

Same here, only 5% of our Endpoint clients show up in ESMC with this alert. The others have no alert showing. Reinstalling and reactivating Endpoint Antivirus does nothing.

Have you broken something ESET?

Share this post


Link to post
Share on other sites
42 minutes ago, davidenco said:

Same here, only 5% of our Endpoint clients show up in ESMC with this alert. The others have no alert showing. Reinstalling and reactivating Endpoint Antivirus does nothing.

Have you broken something ESET?

Please see the explanation above. There are 2 possibilities:
1, You did not purchase an ESET Dynamic Threat Defense license, however, you enabled it via a policy. As a results, EDTD doesn't work and informs you about that.
2, You purchased an EDTD license but you didn't add it through an EBA account to the ESMC license manager and didn't send a software activation task for EDTD to clients.

The solution is to:
1, Purchase an EDTD license to improve protection; ie. suspicious files will be immediately analyzed in ESET's cloud sandbox and ESET Security products in your company will learn about the result and start protecting from possible new malware almost instantly.

2, Or disable EDTD in a policy.
 

Share this post


Link to post
Share on other sites
3 minutes ago, Marcos said:

Please see the explanation above. There are 2 possibilities:
1, You did not purchase an ESET Dynamic Threat Defense license, however, you enabled it via a policy. As a results, EDTD doesn't work and informs you about that.
2, You purchased an EDTD license but you didn't add it through an EBA account to the ESMC license manager and didn't send a software activation task for EDTD to clients.
 

But why has it *JUST* started happening? And why, out of the 30 or so Endpoints we have are there are 2 Endpoints showing this alert?

Nothing has changed our end. It just started happening at random.

We renewed our licenses in November 2018, yet it's just started happening now. This suggests to me something has changed, but at your end.

Share this post


Link to post
Share on other sites

Recently we have added a notification that appears if ESET Dynamic Threat Defense doesn't work properly. Beforehand there was no error shown so an admin couldn't easily learn that something was broken and that maximum protection by EDTD was not ensured.

Probably EDTD is disabled on Endpoints where the notification is not shown.

Share this post


Link to post
Share on other sites

Hi Guys,

if there is a portion of endpoints which reports some error message please check, if a particular endpoint has EDTD license. Go into ESMC Computers > Show details

image.png

If you don't have it, for such endpoints you'll need to do a new activation task. We've started to show proper information via module update, that why it's sudden. We're also working on a way how to add such endpoints into Dynamic Group in ESMC so some "join dynamic group trigger" or recurrent activation task can be planned. 

Share this post


Link to post
Share on other sites

FFS ESET! I've never heard about EDTD before and to the best of my knowledge we haven't payed for any separate EDTD licenses. We have a handful of servers (all configured in the same way in ESMC) and a handful of workstations. Suddenly one (1) of the servers is reporting this error. This one:

image.png.34f237c15db418ee2d1041fd1bf4fca8.png

C'mon, you can't just introduce a new error like this, display it for only one (1) of our X servers and expect us to understand what's going on. Do better!

 

Share this post


Link to post
Share on other sites
1 hour ago, hawkunsh said:

FFS ESET! I've never heard about EDTD before and to the best of my knowledge we haven't payed for any separate EDTD licenses. We have a handful of servers (all configured in the same way in ESMC) and a handful of workstations. Suddenly one (1) of the servers is reporting this error.

ESET Dynamic Threat Defense is disabled by default. It can be enabled through a policy, however, it requires clients to have EDTD activated, otherwise an error will be reported. Please make sure that EDTD is disabled in a policy as follows:

image.png

Share this post


Link to post
Share on other sites
On 3/1/2019 at 8:10 PM, Marcos said:

ESET Dynamic Threat Defense is disabled by default. It can be enabled through a policy, however, it requires clients to have EDTD activated, otherwise an error will be reported. Please make sure that EDTD is disabled in a policy as follows:

image.png

We've had EDTD enabled on all our servers for a long time. Suddenly we get this error for one (1) of them. And within 24 h the error disappeared, without me changing any settings. Actually, as I recall it, this error has occurred a couple of times before (last couple of months) and each time it has "solved itself" after some time or after a server reboot.

To me this is not normal and can't be explained the way you suggest.

Share this post


Link to post
Share on other sites

Perhaps this behavior occurs because:
- The client's OS starts
- Everything is ok when ekrn starts so no problem with EDTD is reported to the ESMC server
- It takes 2 minutes until EDTD connection is checked. A problem is reported to ESMC the next time agent connects to the ESMC server.

Share this post


Link to post
Share on other sites

This does not explain why it's been working for everyone, licensed or not, and then all of a sudden only a handful of clients reported a problem as ours did. I could not be bothered wasting time trying to work out why it's suddenly started happening so I disabled the option company-wide.

That said, for whatever reason ESET has decided to be as unhelpful as possible when it comes to highlighting what requires an extra license, as the "i" icon currently says:

"ESET Dynamic Threat Defense provides another layer of security by utilizing cloud-based technology to analyze and detect new, never-seen type of threats."

Surely something like "requires valid license for ESET Dynamic Threat Defense" would be more helpful, no?

Share this post


Link to post
Share on other sites

Hi guys. We're very sorry for the inconvenience. We'll surely adjust a tooltip. To your question, why suddenly it starts to appear is that we've added a new message in case license is not available and it was implemented in current AV module 1548. In next version 1549 we'll also provide a more specific description of the error in computer details > alerts. Also, we've adjusted behavior in an environment with ESET proxy, so in case you have licensed EDTD and you experienced some issues, it should much better.

Thank you for understanding and we're really sorry for inconveniences. 

Share this post


Link to post
Share on other sites

But, but, but that doesn't explain... nevermind.

Share this post


Link to post
Share on other sites
1 minute ago, hawkunsh said:

But, but, but that doesn't explain... nevermind.

We are open to any constructive feedback. Please provide more details about what you would expect and we'll consider it.

Share this post


Link to post
Share on other sites

I'd expect you to give a plausible explainaton to the circumstances described in my earlier posts. Your answers don't explain a) why only 1 out of 8 servers is affected and b) why the error suddenly goes away after awhile.

Share this post


Link to post
Share on other sites

If v7 server products are installed on the servers and a policy enabling EDTD has been applied to all of them but EDTD has not been activated through a product activation task, further investigation would be needed to find out why the other servers don't report the error or why the error disappears at times.

Share this post


Link to post
Share on other sites

Ok, thanks for the clarification.

Share this post


Link to post
Share on other sites
On 3/7/2019 at 6:18 PM, hawkunsh said:

I'd expect you to give a plausible explainaton to the circumstances described in my earlier posts. Your answers don't explain a) why only 1 out of 8 servers is affected and b) why the error suddenly goes away after awhile.

Hi Hawkunsh,

it's quite hard to say it just like that via forum, as we don't have any logs or other info, but in case you've a EDTD license and ESMC proxy, then:

a, due to different replication times of servers to proxy and it seems that in exact time proxy wasn't available

b, because there are healing methods during module updates period

-------

A & B will be improved in the next module update. If you however don't have EDTD license, such things should not happen and in such case I'd ask to contact support via official channel so they can troubleshoot that properly.

Thank you very much

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...