Jump to content

Restart agent remotely

jimwillsher
 Share

Recommended Posts

jimwillsher

jimwillsher 65

Posted
Posted

Ok so it seems that most of the errors/warnings showing i the console are bogus, since they may have been fixed hours ago yet the console still shows them as "problematic". Examples are "recent update attempts failed", "Security centre reports that AV is not running", "Windows reports that the OS is out of date" etc. etc.

 

I've made a couple of separate postings (today) highlighting how misleading this is. Hopefully ESET will address this in a future release - no point showing status information in the console if the status information is several hours old, especially if the agent is connecting every minute!

 

So, restarting the agent seems to clear this up, and unfortunately (hint....) there seems to way to restart the agent from the console. However this command does the job nicely (as a "run command" triggered from ERA):

 

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Restart-Service EraAgentSvc

 

 

It's a bit clunky insofar as the path name to PowerShell is hardcoded, and this does assume that PowerShell is installed (it probably is on most systems). But this restarts the agent, which triggers it to send accurate status information to ERA, and ERA then stops shouting!

 

Hope this helps someone.

 

 

 

Jim

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Restarting the agent is a workaround for a known bug in Endpoint v6 which will be addressed in the next service build.

Link to comment
Share on other sites
jimwillsher

jimwillsher 65

Posted
  • Author
Posted

Many thanks Marcos, at least we have a workaround that seems to work okay. We expect bugs with new releases so it's good that they are being detected and addressed.

Link to comment
Share on other sites
zhekdia

zhekdia 3

Posted
Posted (edited)

Hi,

 

Thanks Jim for the PS command.

 

Hoping someone can clear up this ambiguity.

 

What is the expected duration of the "worst functionality problem" status? It seems logical to display this to the admin for X days/hours/minutes but there is no way of actioning/clearing this event. Or is it supposed to only reflect the current status? To me, it seems logical to display historic events, otherwise the admin does not know they occured unless they go pouring through logs, but we require a way to action or clear the event, once it has been acknowledged.

 

Thanks.

Edited by zhekdia
Link to comment
Share on other sites
zhekdia

zhekdia 3

Posted
Posted

I believe the idea is to show the worst event, which for me is acceptable. For example if the client did not update for 5 days, then just before you check it updates, agent checks in and reports ALL-OK, and no one is the wiser.. You may miss some intermittent issue. My issue is that I would like to be able to action the event(s) or know when the agent will clear it.

Link to comment
Share on other sites
jimwillsher

jimwillsher 65

Posted
  • Author
Posted

True....though if it has failed to update fior 5 days but now it is updating fine, I wouldn't be worried since it's now okay.

 

Yes, an "acknowledge" option would do the job.

Link to comment
Share on other sites
dlaporte

dlaporte 14

Posted
Posted

I ran this task command on a new Dynamic group I created that has a template that uses the expression "Installed software . Application name =(equal) ESET Remote Administrator Agent".

 I then ran a run as command task to the Dynamic Group.

Worked great!

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...