jimwillsher 65 Posted March 2, 2015 Posted March 2, 2015 (edited) Hi all Latest ERA and latest EEA (at the time of posting). Several of our computers report this in the ERA console: "Windows Security Center indicates that the feature is not installed or is not running properly" The computers have been switched on for about 30 minutes and the error persists. Yet if I Teamviewer to the computers, EEA is running fine and Windows Security Centre is also happy. Can someone from ESET explain how this works please, e.g. does the agent only check the status every hour or so? Also, is there some way to force the agent to recheck? As it stands, it's quite distracting to have a dozen computers all showing in red when there's actually nothing wrong. it's a cry wolf scenario. Many thanks Jim EDIT Okay I see the reason. if I choose a computer and look at the message, and then click the message, I see that the alert was from THREE HOURS AGO. Clearly the computer status has moved on since then, so why does that message still show against the computer? Shouldn't the computers list show the status of the computers at the point of last agent contact, rather than some message that happened hours ago?? Edited March 2, 2015 by jimwillsher
rcraig 4 Posted March 2, 2015 Posted March 2, 2015 Can you check that the Security Center service is running on those systems? If not, then start it and see if that helps you.
jimwillsher 65 Posted March 2, 2015 Author Posted March 2, 2015 Thanks rcraig but yes, it is running. Restarting it doesn't help, nor restarting of the ESET agent service.
rcraig 4 Posted March 2, 2015 Posted March 2, 2015 (edited) Did you make sure to push a remote administrator agent policy to your clients? I have attached the one I created for managing the actual agents. You are welcome to use it and adjust for your purposes. To build your own just use one of the Remote Agent policies, go down to settings, then advanced settings and toggle the security center notifications you don't want to see to off. Hope this helps. Edited March 2, 2015 by rcraig
rcraig 4 Posted March 2, 2015 Posted March 2, 2015 Btw, make sure you add this policy to the folder that encompasses your clients you want to have this policy affect. It will take at least 20 minutes for the policy to be reflected in ERA; may even take 40 minutes; 20 to get the policy and 20 to cease reporting.
jimwillsher 65 Posted March 2, 2015 Author Posted March 2, 2015 Many thanks, but I'm not keen to mask these messages as ther emay be times where security centre is genuinely detecting a problem. My concern is that ERA seems to shout about errors/problem long after they are resolved. It's akin to the "last warning" message in ERA5. isntead, i'd prefer it if the console showed CURRENT errors, and used the CURRENT status as the basis for the red highlighting, rather than errors that have happened but have since been resolved. Thanks anyway Jim
ESET Moderators Peter Randziak 1,182 Posted March 4, 2015 ESET Moderators Posted March 4, 2015 Hello, the messages are reported via API, which reports it differently (not monitored state is reported as well). So the only way is to explicitly suppress it via policy setting. Don't worry about the other notifications it will only suppress notifications from Windows Security Center, other notifications send by AV itself will be handled normally. Regards, P.R.
jimwillsher 65 Posted March 4, 2015 Author Posted March 4, 2015 Sure, but I do want to see *genuine* Windows Update errors, as not all windows updates install cleanly (SilverLight updates are particularly bad). I tend to use the reporting in WSuS to check, as I know that's accurate. But wouldn't it be better if the status reported in ERA were accurate too?
elmolincoln 0 Posted March 4, 2015 Posted March 4, 2015 I too have struggled with this. Thanks for the info rcraig....my issue cleared right up by disabling/unchecking the Report Network Firewall Issues in the Remote Agent Policy.
ESET Staff michalp 20 Posted March 5, 2015 ESET Staff Posted March 5, 2015 Action center (Security center) in Windows pushes notifications about health status (good, poor, not monitored, snooze) for specific security providers (antivirus + anti-spyware, firewall, updates) to ERA Agent by defined API. This information is usually pushed immediately and Agent will produce logs. If some of the logs are with high severity (e.g.: poor health status for firewall), then out of band replication will as soon as possible deliver them to Server. Unfortunately Action center does not exactly map states that are shown in dialog itself to health statuses that are pushed to agent. For example intentionally disabled firewall with Action center set to not monitored, will still push poor health state to Agent. Or completely disabled Action center will push poor states for all security providers. In this cases only possible solution would be to create policy as rcraig said earlier. To force recheck, Agent service restart needs to performed. In case of jimwillsher, that error notification was not cleared is either caused by Action center still pushing this to Agent or there is possibility of not correctly replicated information. We will try to look at it.
ict@flinter.nl 0 Posted November 10, 2015 Posted November 10, 2015 We are having the same issue, action center on the machines reports everything OK, in ESET i see 3 problems.. Only on windows 7 machines btw. Any case it is not acceptable to just switch off the policy settings. So any update on this matter?
epicit 0 Posted November 10, 2015 Posted November 10, 2015 ...Only on windows 7 machines... Same here, but more on Windows 8.1 Machines. At least our Windows 7 and 10 Machines are not affected.
gertassen 0 Posted April 18, 2016 Posted April 18, 2016 Same here on both Windows 7 and Windows 10. Any solution yet?
bohara 0 Posted May 18, 2016 Posted May 18, 2016 Hey everyone, kind of an old topic but I just wanted to chime in. I'm having the same problem but only with Windows 7 machines. Our Windows 10 laptops and Macs (strangely enough) are fine. We only get the false reports on Windows 7. I've verified with a selection of users that there is in fact no issue on their end and everything runs fine. Per my company's security policies I can't just turn off the reporting, as we want to know when there are legitimate issues to look at. Is there any resolution to make this stop? If nothing else is there a way to manually mark it as resolved?
Judg3man 0 Posted January 9, 2017 Posted January 9, 2017 Old post but hoping for a miracle. Straight up windows 7 shop. Only a handful of computers are reporting this error. I thought it mite have something to do with windows update even though its not throwing the windows not updated error. Most computers that have this haven't had updates install in over a month and the PCs don't want to update at all. Just checks for updates for hours. Is this the case with others receiving this error.
Recommended Posts