Jump to content

Agent does not report antivirus to the management console


Recommended Posts

I have this case where an agent no matter how many times I reinstall it, it does not report correctly to the console. We show this case because we have an automatic installation task through a dynamic group that identifies the computers that do not have antivirus installed.
But this computer always executed the installation task even when it had antivirus installed, that is why we realized that the agent is not reporting correctly in the console. Here you can see an image of the computer with your antivirus:

image.thumb.png.9e1a6ad135e359cedf35b8e05ea67095.png

And this is how the same computer looks on ESET Protect Server:

image.png.0dd77a67c101b843656edc11e066ccb5.png

As you can see highlighted, it does not report antivirus, or agent. I think it may be an operating system problem, but I would like you to help me find the problem, since I have 2 other computers with the same problem.


How can i fix it?

Thanks a lot!.

You can download a Log Collector from here: 

 

 

Link to comment
Share on other sites

  • Administrators

I'll leave it for a colleague of mine to respond.

The problem is either a wrong expression for DG "Sin antivirus" (No antivirus) due to the following expression being true:

logicOperator: NOR compositeFilters { logicOperator: OR filters { operand { val_string: "ESET Endpoint Security" } symbol_id: 16 used_operator: OP_EQUAL } }' and symbols [16,] is true

or there is a problem with WMI: WMI event 'select * from RegistryTreeChangeEvent where Hive='HKEY_LOCAL_MACHINE' and RootPath='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall' group within 60' is not supported on this platform

Link to comment
Share on other sites

14 hours ago, Marcos said:

I'll leave it for a colleague of mine to respond.

The problem is either a wrong expression for DG "Sin antivirus" (No antivirus) due to the following expression being true:

logicOperator: NOR compositeFilters { logicOperator: OR filters { operand { val_string: "ESET Endpoint Security" } symbol_id: 16 used_operator: OP_EQUAL } }' and symbols [16,] is true

or there is a problem with WMI: WMI event 'select * from RegistryTreeChangeEvent where Hive='HKEY_LOCAL_MACHINE' and RootPath='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall' group within 60' is not supported on this platform

Hi @Marcos thanks for your answer, as you say we are using this DG:image.thumb.png.d673608e9a6489621a5cf6e81f03d5c8.png

The result of the DG for the computers that correctly report the installed software, (we have enabled the detection of third-party software in the agent configuration) is positive. But as you can see in the following image, this computer reports the antivirus to EP:

image.thumb.png.e22b91c144a8a6bd7c46149de9ef2bf1.png

To achieve the result we want, which is that we can detect the computers that have an agent but do not have antivirus installed, should we use a different DG?.

Now obviously there is a problem with detecting installed software, which may be a WMI problem, as you say. Can I fix this so that the installed software can be detected again? Because right now it is not detected on that computer:

image.thumb.png.0fdb266fb36ac105d89bc23c9878fda8.png

Best regards.

Link to comment
Share on other sites

  • ESET Staff

Could you possibly check how predefined dynamic group "No security product installed" behaves in this case? Not sure how this group/template is named in your instance due to different language but it uses different approach for detecting products, which might be resistant to WMI or similar issues you observed, even that list of installed applications is not fetched using WMI so there might be different problem on the machine...

Link to comment
Share on other sites

2 hours ago, MartinK said:

even that list of installed applications is not fetched using WMI so there might be different problem on the machine...

Sorry I did not read your comment in full. If the problem is not the WMI on the computer then what would it be?

Regards.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...