ERA 6 reporting error on all new installs

[uglyb0b 0]

I'm standing up ERA 6 to perform a migration/upgrade. All 4 of the test machines that have the agent/endpoint protection installed display the following error within ERA 6:

 

"Windows Security Center indicates that the feature is not installed or is not running properly"

 

This includes a freshly installed Windows machine. Any ideas or suggestions?

[Marcos 4,694]

Could you please post a screen shot of what you're seeing? Is a firewall (ESET or Windows) enabled on these machines?

[ttabiri 0]

I am getting the same error. Screenshots attached. It is completely random for me and does not occur on all machines. Happens from time to time and goes away so I don't think it is a problem with the local machines themselves. This was tested with both firewalls on and off so I'm not sure if that's the culprit.

 

Endpoint on the local machines also look perfectly fine

 

 

[Drusome 0]

I am having the same issue.  Clients do not seem able to report their status.  I scanned them all, but they are not reporting as being scanned.  You will see that one computer is reporting a number of active threats.  This computer was updated manually a week ago.  ie we didn't use the ERA to update it..

[Marcos 4,694]

As for active threats, a full disk scan must be run and no active threat reported to clear the number of active threats.

As for the other machines in red, is a firewall (ESET or Windows) enabled on them?

If computers haven't connected for a longer time, hadn't you changed server's hostname after the agent was deployed on clients?

[bbraunstein 27]

I don't mean to piggyback on uglyB0b's post, but I'm also encountering the same issue as well. It's not on all of my Windows machines, which kind of makes it a bit more annoying. 

 

I have ESET installed on all of my computers and I have an administratively set Firewall on all computers too. I know WHY I'm getting the error: Windows Security Center is bugging out because my Firewall is modified differently than what Windows recommends. I tried disabling the Network Firewall security messages in Action Center, but the Web Console is still displaying this errors.

 

Now I know exactly why I'm getting these errors. Is there a way to implement acknowledgements or ignoring of warnings/errors on client computers? I think that would be a neat and helpful feature.

 

 

EDIT: I want to give more information how I figured this out and to paint a better picture of my environment. If you click on a client and go to Details > Alerts, it will list more information on the error. There is a "Subproduct" column that indicates what the specific feature it's talking about. In my case, the subproduct is "Firewall". If I log into the client and open Windows Firewall in the Control Panel, there's an error that says, "Update your Firewall Settings: Windows Firewall is not using the recommended settings to protect your computer." But, like I explain in my original post, since I've made a bunch of modifications, Windows is freaking out. '

 

 

EDIT #2: I just deployed to my OSX devices. All of them say Operating System is out of date. When I go to App Store to update, the only update that exists is the upgrade to the latest OS. Some of these computers do not have the hardware for the upgrade and I have no need to upgrade them yet. It really would be great to be able to acknowledge or ignore warnings/errors. 

Edited February 3, 2015 by bbraunstein

[bvj 1]

Experiencing similarly confusing situations with Windows Firewall behavior.  I was under the impression ESET ES 6.x would take over firewall responsibilities similar to what other vendors¹ do; however, the Windows Firewall went "active" on a couple of machines locking out remote access and other services configured with ESET EP.  The Windows Firewall activation may have occurred after an OS patch and reboot. I don't recall. Nonetheless, I'm under the impression EP didn't properly couple with the OS firewall framework on a few (Win7 SP1 32/64) machines.

 

To get into the machines, I ran the following client command task followed by Send Wake-Up Call,  (and waited, got some coffee, read a book, etc...):
 

netsh firewall set opmode disable

On one particular domain machine, I had to disable the firewall via a Local Computer Policy:

Computer Configuration, Administrative Templates, Network, Network Connections:
     Windows Firewall, Domain Profiles: Windows Firewall: 
          Protect all network connections [Disabled]

I'd like to reverse this policy revision, but I can't afford to have the Windows Firewall block the machine's provided services I'm allowing via ESET ES 6.x. And I don't want to deal with firewall rules in two locations (i.e., WIndows Firewall and ESET ES.)

 

And of course, ERA 6.x is reporting  Critical  status because the OS Firewall is inactive, but only for the machine where I applied the above local policy.

Any related tech notes, ESET?

 

Note:

1. The machines had SEP 11.x installed, and subsequently removed by an ERA task.

[rcraig 4]

I found that this happened for us when Security Center is not running on a workstation. If you have a domain where this does not run for workstations you may get this error. On one of the computers, check the Security Center service and if it isn't running then start it, wait 20 mins and check ERA. 

[Peter Randziak 944]

Hello,

 

please see my answer in this thread.

 

Thank you.

 

P.R.