Jump to content
AgustinSA

Eliminar ESET Agent con GPO (Remove ESET Agent with GPO)

Recommended Posts

Posted (edited)

Estimados les cuento mi situación.

En el lugar donde trabajo tenemos ESET como herramienta de seguridad principal-
Tenemos la versión 7.1 corriendo en todas las maquinas del dominio.

El problema esta en que el equipo donde teníamos montado la consola de antivirus se quemo, y el personal de infraestructura no había realizado ningún backup de ese equipo, por lo tanto, perdimos el certificado que estaba en ese servidor.

Pese a que vino nuestro proveedor de ESET y dejo funcionando un servidor con dicha solución, ninguno de los agentes que están en los equipos que tenemos en el dominio lo reconoce.

La operatoria que nos propuso el soporte es ir maquina por maquina, desinstalar el agente (poniendo la clave de seguridad que habíamos configurado por política en el anterior servidor de ESET. Y luego instalar el nuevo agente.
Siguiendo esta operatoria no tendríamos que eliminar el antivirus, que es lo mas lento, solamente tendríamos que reinstalar el agente.

Mi consulta es ,, , ¿a alguien se le ocurre como puedo crear una GPO que borre el agente (pasando por parámetro la clave que el mismo va a pedir para su correcta desinstalacion?
Y una vez hecho esto otra para instalar el agente nuevo?

Saludos!

 

Machine translation:

Where we work, we have ESET as the main security tool-
We have version 7.1 running on all the domain machines.

The problem is that the computer where we had mounted the antivirus console was burned, and the infrastructure staff had not made any backup of that computer, therefore, we lost the certificate that was on that server.

Despite the fact that our ESET provider came and left a server with this solution, none of the agents that are on the computers that we have in the domain recognize it.

The operative that the support proposed to us is to go machine by machine, uninstall the agent (putting the security key that we had configured by policy in the previous ESET server.) And then install the new agent.
Following this procedure we would not have to eliminate the antivirus, which is the slowest, we would only have to reinstall the agent.

My query is ,, does anyone think of how I can create a GPO that erases the agent (by passing on the key parameter that it will ask for its correct uninstallation?
And once done this another to install the new agent?

Edited by AgustinSA
Machine translation added

Share this post


Link to post
Share on other sites

I would recommend to consider following possibilities:

  • in case you have domain, there might be possibility to "repair" connectivity of AGENTs by distribution certificates via domain configuration. This would work in case AGENT are connecting to correct hostname, but they are "rejected" because of wrong certificates. In order this solution to work, you would have to:
    1. Import original CA certificate used by previous ESMC installation into new instance. Only public part of CA certificate is required, it is part of all ESMC installers so there is a high possibility you have it somewhere.
    2. Distribute new CA certificate (used to sign new ESMC's server certificate) via domain, so that it gets into "local computer" certificate store on each machine with installed AGENT.
  • Another possibility is to use "repair" functionality of ESMC Agent installer. This would enable you to change AGENTs configuration without uninstallation -> you just have to re-run installer of AGENT with new settings and AGENT. It would have to be tested, but this might be possible also via GPO. Ideally exactly the same version of AGENT installer should be used for re-deploy, but latest installers should handle reconfiguration even during upgrade,

Share this post


Link to post
Share on other sites

I don't have the old CA certificate, and when I run the new agent, i see this 

image.thumb.png.69108c647bec03fb78296876666e2efa.png

Share this post


Link to post
Share on other sites

Log indicates that AGENT is missing CA certificate not only for new ESMC Server, but also for itself. Could you specify how it was actually installed? Also what is suspicious there are two different hostnames listed - new ESMC is deployed on different hostname?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...