"ESET LiveGrid servers can't be reached" and "ESET Push notification servers cannot be reached" on Agent PCs without internet

[TinoMontelektro 1]

So here is the thing. I have Eset Protect (management) through web console on windows server 2019. This ESMC machine is on internet, machines that are connecting to ESET Protect through Agents are not on internet because of security reasons. I am getting "ESET LiveGrid servers can't be reached" and "ESET Push notification servers cannot be reached"  warnings for that machines. I presume it is because they are not on internet, even tho I have an http proxy that goes on windows server machine that has internet connection. In linux appliance I can easily remove those two warnings with few commands in terminal (or SSH connection) but when it comes to windows server I am clueless, I tried altering policies, firewall rules and it got me nowhere (maybe I am missing something) . The deal is that this machines will not go on internet so that is not a solution, I tried to disable Eset LiveGrid but that just makes my problem go from warning to security risk. How can I get rid of this two warning and not put my machines directly on internet connection. Advices please.

[Marcos 5,074]

I would recommend installing ESET HTTP proxy on a machine or server with Internet connection so that they can communicate with ESET's servers. Other communication is blocked by the HTTP proxy. Alternatively you could disable the appropriate protection statuses in the Application statuses setup, however, since this would deteriorate protection capabilities, we recommend the former solution.

[TinoMontelektro 1]

Apache HTTP proxy is installed and is set as a global proxy to propagate updates and connection to server. Maybe I have wrong configuration or?

[Marcos 5,074]

As for problems with EPNS, please pay attention to these instructions if you run it on a VA or Linux:

https://help.eset.com/protect_deploy_va/91/en-US/enable_apache_http_proxy.html#troubleshooting

If you get the EPNS service servers are not accessible alert, follow these steps to disable the connection timeout limits:

1.Create a configuration file reqtimeout.conf:
sudo touch /etc/httpd/conf.d/reqtimeout.conf

2.Open the file in a text editor:
nano /etc/httpd/conf.d/reqtimeout.conf

3.Type this setting into the file:
RequestReadTimeout header=0 body=0

4.Save the changes and close the file:
CTRL+X > type Y > press Enter

5.Open the httpd.conf file:
nano /etc/httpd/conf/httpd.conf

6.Add the following line at the end:
IncludeOptional conf.d/reqtimeout.conf

7.Save the changes a close the file:
CTRL+X > type Y > press Enter

8.Restart the Apache HTTP Proxy service:
systemctl restart httpd

 

As for LiveGrid communication issues, the proxy must allow communication with these servers:

https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall#esetlivegrid

However, if you use the default configuration communication with ESET's servers is allowed by default via ProxyMatch directives in httpd.conf.

 

Should the problem persists, I'd recommend opening a support ticket since further logs (including a pcap log from the proxy) will be needed for perusal.

[TinoMontelektro 1]

I am aware of the things you are talking about, but it is not on VA or Linux it is on Windows Server 2019 directly. All-in-one installation.

[Marcos 5,074]

Please open a support ticket then since probably aligned pcap logs both from the proxy server and a client will be needed for perusal.

[TinoMontelektro 1]

Thank you for your advices. I will be sure to open a ticket to try and solve this problem.  

[TinoMontelektro 1]

By the way I think I solved it with reinstalling Eset PROTECT. Some apache http proxy firewall rules did not generate the first time I Installed it.