Guest Posted August 13, 2020 Share Posted August 13, 2020 I think this is the same problem I had previously that resolved itself. What seems to happen is after the Agent has been updated then until a user, any user, logs in it will say real-time file system protection is disabled. If i log in and get the logs it will show nothing is wrong. ESET Endpoint Antivirus ESET, spol. s r.o. 7.3.2039.0 204 yes 7.3.2039.0 Up-to-date version en_US ESET Management Agent ESET, spol. s r.o. 7.2.1266.0 389 yes 7.2.1266.0 Up-to-date version en_US Real-time file system protection is non-functional This functionality could not be started and your computer is not protected against some types of threats. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 13, 2020 Administrators Share Posted August 13, 2020 Please carry on as follows: - in the adv.setup -> tools -> diagnostics, change the dump type to Complete and click OK - click Create (dump) in the same setup panel - collect logs with ESET Log Collector and upload the generated file here. Link to comment Share on other sites More sharing options...
Guest Posted August 13, 2020 Share Posted August 13, 2020 Can i zip it up with 7 zip and attach it here, tried to run log collecter and it failed with 2020 Aug 13 14:33:33 Operating system Running Task started 2020 Aug 13 14:33:33 ESET Management Agent Starting Starting task 2020 Aug 13 14:32:01 Operating system Failed Log collector archive is too big to be transferred. Log collector output exceeded 150MB and will not be transferred Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 13, 2020 Administrators Share Posted August 13, 2020 Please collect ELC logs as per https://support.eset.com/en/kb3466-how-do-i-use-eset-log-collector If it's really over 100 MB, upload the archive to a safe location and drop me a personal message with a download link Link to comment Share on other sites More sharing options...
Guest Posted August 13, 2020 Share Posted August 13, 2020 It was erroring out if I had Services Registry Key Content ticked so had to untick that eea_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 13, 2020 Administrators Share Posted August 13, 2020 C:\ProgramData\ESET\ESET Endpoint Antivirus\Diagnostics\ is empty, ie. a dump of ekrn was not generated via the advanced setup -> tools -> diagnostics -> create (dump). Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 13, 2020 Administrators Share Posted August 13, 2020 The dump looks ok and real-time protection appears to work. Could you test it with the eicar test file? If you temporarily pause web access protection and download eicar, is it detected by real-time protection? https://secure.eicar.org/eicar.com Link to comment Share on other sites More sharing options...
Guest Posted August 14, 2020 Share Posted August 14, 2020 Thanks for looking at it, Yes it is detected when I log in and test it. The Real-time file system protection is non-functional warning on ESMC also clears as soon as any user local or domain with any permissions logs into a machine so it looks like a false positive from ESMC or something in our setup that is blocking something ESET needs to do until a user logs on that is causing the agent to report to ESMC that real-time is not functional when it is. Remote powershell sessions don't clear the warning but RDP do. ESET Security Management Center (Server), Version 7.2 (7.2.2236.0)ESET Security Management Center (Web Console), Version 7.2 (7.2.230.0)Copyright (c) 1992-2020 ESET, spol. s r.o. All Rights Reserved. End-user license agreement CentOS (64-bit), Version 7.8.2003 Link to comment Share on other sites More sharing options...
Recommended Posts