Mauricio Osorio 2 Posted June 16, 2021 Share Posted June 16, 2021 I have this case where an agent no matter how many times I reinstall it, it does not report correctly to the console. We show this case because we have an automatic installation task through a dynamic group that identifies the computers that do not have antivirus installed. But this computer always executed the installation task even when it had antivirus installed, that is why we realized that the agent is not reporting correctly in the console. Here you can see an image of the computer with your antivirus: And this is how the same computer looks on ESET Protect Server: As you can see highlighted, it does not report antivirus, or agent. I think it may be an operating system problem, but I would like you to help me find the problem, since I have 2 other computers with the same problem. How can i fix it? Thanks a lot!. You can download a Log Collector from here: Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted June 16, 2021 Administrators Share Posted June 16, 2021 I'll leave it for a colleague of mine to respond. The problem is either a wrong expression for DG "Sin antivirus" (No antivirus) due to the following expression being true: logicOperator: NOR compositeFilters { logicOperator: OR filters { operand { val_string: "ESET Endpoint Security" } symbol_id: 16 used_operator: OP_EQUAL } }' and symbols [16,] is true or there is a problem with WMI: WMI event 'select * from RegistryTreeChangeEvent where Hive='HKEY_LOCAL_MACHINE' and RootPath='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall' group within 60' is not supported on this platform Link to comment Share on other sites More sharing options...
Mauricio Osorio 2 Posted June 17, 2021 Author Share Posted June 17, 2021 14 hours ago, Marcos said: I'll leave it for a colleague of mine to respond. The problem is either a wrong expression for DG "Sin antivirus" (No antivirus) due to the following expression being true: logicOperator: NOR compositeFilters { logicOperator: OR filters { operand { val_string: "ESET Endpoint Security" } symbol_id: 16 used_operator: OP_EQUAL } }' and symbols [16,] is true or there is a problem with WMI: WMI event 'select * from RegistryTreeChangeEvent where Hive='HKEY_LOCAL_MACHINE' and RootPath='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall' group within 60' is not supported on this platform Hi @Marcos thanks for your answer, as you say we are using this DG: The result of the DG for the computers that correctly report the installed software, (we have enabled the detection of third-party software in the agent configuration) is positive. But as you can see in the following image, this computer reports the antivirus to EP: To achieve the result we want, which is that we can detect the computers that have an agent but do not have antivirus installed, should we use a different DG?. Now obviously there is a problem with detecting installed software, which may be a WMI problem, as you say. Can I fix this so that the installed software can be detected again? Because right now it is not detected on that computer: Best regards. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted June 17, 2021 ESET Staff Share Posted June 17, 2021 Could you possibly check how predefined dynamic group "No security product installed" behaves in this case? Not sure how this group/template is named in your instance due to different language but it uses different approach for detecting products, which might be resistant to WMI or similar issues you observed, even that list of installed applications is not fetched using WMI so there might be different problem on the machine... Link to comment Share on other sites More sharing options...
Mauricio Osorio 2 Posted June 17, 2021 Author Share Posted June 17, 2021 Hi @MartinK This is how that DG is configured: And this solve my main problem!. Now, is there a way to solve the WMI issue? Thanks a lot! Link to comment Share on other sites More sharing options...
Mauricio Osorio 2 Posted June 17, 2021 Author Share Posted June 17, 2021 2 hours ago, MartinK said: even that list of installed applications is not fetched using WMI so there might be different problem on the machine... Sorry I did not read your comment in full. If the problem is not the WMI on the computer then what would it be? Regards. Link to comment Share on other sites More sharing options...
Recommended Posts