Jump to content

SMC 7.2: How to deal with 6.X agents prior to 6.5


Recommended Posts

Hello,

Is there any recommend way to deal with 6.X agents prior to 6.5. In particular, I would like to upgrade the agents to the latest SCM agent. Problematic agents are versions 6.2 and 6.4. The target devices are a mix of Windows XP,Vista,7,10. Some are within the Windows domain and others are not. The SCM server is not on the domain.

Options I have tried:

- deployment tool. Does not work:

  - network path not found (tried both with a local path and a public network share on the same subnet)

- GPO for Domain-aware computers

  - never upgrades to agent 7.2 even after gpupdate and multiple reboots. gpupdate always mentions that some tasks need to be done prior to logon.

   - the GPO is working to some extent, because computers without any ESET product are getting the latest Agent installed. 32-bit and 64-bit

Right now I have wasted a bunch of time that I could have used manually updating agents to 7.2 by waking up at 7AM before users get on their computers.  These are the notes I wrote while reading documentation:

- cannot upgrade ERA agent to SCM Management Agent on client computers pre-6.5
  - the task runs successfully but https://help.eset.com/esmc_admin/71/en-US/client_tasks_upgrade_components.html
    - does it work or not ... https://support.eset.com/en/kb7465-upgrade-eset-remote-administrator-agents-65-or-eset-management-agents-70-to-the-latest-eset-management-agents-71-using-the-components-upgrade-task
      - ah, does not work because it is not 6.5: https://support.eset.com/en/kb6819-upgrade-eset-remote-administrator-63-and-later-to-eset-security-management-center-version-7-using-the-web-console
        - I imagine this is why the GPO deployment of SCM Agent did not install on computers with existing existing ERA installations (6.4 or older)
 

I am attaching versions of SCM.

Thanks,

mmadeira

 

EDIT: further context on agent environment:

- around 60 outdated agents (some crossover between domain-aware and not)

- total of 140 agents that I want to deploy for now (a bit more than half are domain)

- more agents to come in the future, so it would be interesting to use the remote deployment tool on the latest versions of Windows 10 both domain-aware and not

 

Screenshot_2020-07-07_09-21-27.png

Edited by mmadeira
further context
Link to comment
Share on other sites

  • Most Valued Members

In my experience with Pre-6.5 agents on XP machines and in some cases, Win7 machines, I've always had a problem getting the agents on these machines updated.  Even with GPO,  these agents would always fail to update.  I would end up just copying the EsetUninstaller.exe to these machines and running them in safe mode to get rid of the agent and av software.

I too had spent a lot of time fiddling with ESMC and GPOs to get the Agents updated but gave up and did it the hard way. 

That said, have you taken a look at the agent logs on the problematic machines?  These logs should at least point you to what's bugging the update process.  That's the way I had figured the XP agents weren't liking the update command.

 

Link to comment
Share on other sites

3 hours ago, ewong said:

In my experience with Pre-6.5 agents on XP machines and in some cases, Win7 machines, I've always had a problem getting the agents on these machines updated.  Even with GPO,  these agents would always fail to update.  I would end up just copying the EsetUninstaller.exe to these machines and running them in safe mode to get rid of the agent and av software.

I too had spent a lot of time fiddling with ESMC and GPOs to get the Agents updated but gave up and did it the hard way. 

That said, have you taken a look at the agent logs on the problematic machines?  These logs should at least point you to what's bugging the update process.  That's the way I had figured the XP agents weren't liking the update command.

 

Thanks for the though material. I will pick this up if this is still interesting at some point.

To update my post. Today random computers starting losing connection to any and all services that use TCP. This is what started the ESET agent updating frenzy, because it happened to about 5 computers last week. Today, I found out the hard way that ~40 desktops and laptops using ESET 6.2/6.3 were blocking all TCP traffic to any and all services, but they were at least reachable by RDP or VNC. In all cases, what solves it is a reinstall of newer ESET 7.X. It has just occurred to me that I did not try to turn of the SCM/ERA server. I will try that if the issue persists in a few hours.

I got a chance to run wireshark on the device since I did not get a product engineer to engage with this issue. No traffic seen on the device after the TCP Handshake, yet I could see that it was receiving traffic sent from the gateway or local services depending on the routing. All ICMP types and UDP are fine. TCP DNS does not work while UDP DNS works 😆

Other symptoms in the affected devices:

- often have network access after reboot for around 2-10 minutes. Some users mention the problem is resolved after rebooting, but comes back after a few hours.

- ESET application becomes unusable after a few clicks

- cannot login to domain accounts (stuck in welcome screen after entering credentials), unless this is done in that 2-10 minute window

- on some computers could not even uninstall ESET or other programs. All installers get stuck eternally. Even on very modern workstations

- on some computers cannot open powershell or cmd

- on some computers start menu is empty (no tiles, programs, settings app)

- on most computers, restart are eternal. Have to tell users to press the power button.

- on all computers. Cannot use any web browser. If there is any proxy in use, it is the ERA/SCM one

- on most computers cannot even do basic things like contact the AD for domain-aware devices or access any fileservers (SMB and other protocols). This is all kinds of FUN with remote workers that do not have local admin privileges and the fact that the only cached credentials are of one of the domain admins that was used to link the computer to the domain.

Hey at least I was able to generate the All-in-one package of Antivirus + ESET, so there is no need to type in the license code every time 😆

Of course this sort of spontaneous combustion hinders all possibility of log analysis.

Link to comment
Share on other sites

  • ESET Staff

Hello, have you tried "Component upgrade task" targeted to the affected agents? Although it might not upgrade the agents to the "latest version", but it might upgrade it to the "latest compatible version", so via two tasks, you might eventually get them upgraded to 7.2. This is just a guess. What might also influence the agent capability to update is the version of the endpoint client. What are the EP versions that you have installed? 

Link to comment
Share on other sites

8 minutes ago, MichalJ said:

Hello, have you tried "Component upgrade task" targeted to the affected agents? Although it might not upgrade the agents to the "latest version", but it might upgrade it to the "latest compatible version", so via two tasks, you might eventually get them upgraded to 7.2. This is just a guess. What might also influence the agent capability to update is the version of the endpoint client. What are the EP versions that you have installed? 

Hello Michalj,

The component upgrade task did not work, because I selected the the only agent version available on the repository, which is the latest (7.2) or close to it, which I later found out that is not a viable upgrade as per the links in my initial post.

Additionally, the 'Software Install' task does not list any relevant Management Agent, so I assume that the component upgrade is the only viable upgrade method? I am not ready to try the 'alternative' upgrade method via the command task.

By EP, I assume you mean Endpoint. About 100 of 6.3.2016.1 , 6.2.2033.2 or 6.3.2016.0 that still need to be upgraded to 7.3 (a few XP/vistas tha cannot). Unsure whether all of these will start losing connectivity like the others, because these have not had any issues and they do not have the agent installed.

Thanks,

mmadeira

Link to comment
Share on other sites

32 minutes ago, MichalJ said:

Hello, have you tried "Component upgrade task" targeted to the affected agents? Although it might not upgrade the agents to the "latest version", but it might upgrade it to the "latest compatible version", so via two tasks, you might eventually get them upgraded to 7.2. This is just a guess. What might also influence the agent capability to update is the version of the endpoint client. What are the EP versions that you have installed? 

Hello Michalj,

The component upgrade task did not work, because I selected the the only agent version available on the repository, which is the latest (7.2) or close to it, which I later found out that is not a viable upgrade as per the links in my initial post.

Additionally, the 'Software Install' task does not list any relevant Management Agent, so I assume that the component upgrade is the only viable upgrade method? I am not ready to try the 'alternative' upgrade method via the command task.

By EP, I assume you mean Endpoint. About 100 of 6.3.2016.1 , 6.2.2033.2 or 6.3.2016.0 that still need to be upgraded to 7.3 (a few XP/vistas tha cannot). Unsure whether all of these will start losing connectivity like the others, because these have not had any issues and they do not have the agent installed.

Thanks,

mmadeira

Link to comment
Share on other sites

i have created the following thread to cover those ~100 agents that I cannot install automatically using ESET's provided software and alternatives. This issue does not fit the original question in this post.

 

Link to comment
Share on other sites

I handled this issue with ESET support staff. Deployment tool does not work because administrative share is not enable as it shouldn't for security reasons. Cannot use AD on these computers, because of IT policy.

Only way is the manual way, which is unfortunate, because if it were better documented I could have updated the agents on the version that SCM/ERA was at last week.

Edit: I managed to find a solution on my own after a lot of pain. See 

 

Edited by mmadeira
solution
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...