Restart agent remotely

[jimwillsher 65]

Ok so it seems that most of the errors/warnings showing i the console are bogus, since they may have been fixed hours ago yet the console still shows them as "problematic". Examples are "recent update attempts failed", "Security centre reports that AV is not running", "Windows reports that the OS is out of date" etc. etc.

 

I've made a couple of separate postings (today) highlighting how misleading this is. Hopefully ESET will address this in a future release - no point showing status information in the console if the status information is several hours old, especially if the agent is connecting every minute!

 

So, restarting the agent seems to clear this up, and unfortunately (hint....) there seems to way to restart the agent from the console. However this command does the job nicely (as a "run command" triggered from ERA):

 

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Restart-Service EraAgentSvc

 

 

It's a bit clunky insofar as the path name to PowerShell is hardcoded, and this does assume that PowerShell is installed (it probably is on most systems). But this restarts the agent, which triggers it to send accurate status information to ERA, and ERA then stops shouting!

 

Hope this helps someone.

 

 

 

Jim

 

[bbraunstein 27]

Thanks Jim. This helped me resolve a couple of "problematic" remote clients. 

[dlaporte 14]

Thanks Jim!

I was getting tired of the false readings as well.

[Marcos 4,909]

Restarting the agent is a workaround for a known bug in Endpoint v6 which will be addressed in the next service build.

[jimwillsher 65]

Many thanks Marcos, at least we have a workaround that seems to work okay. We expect bugs with new releases so it's good that they are being detected and addressed.

[zhekdia 3]

Hi,

 

Thanks Jim for the PS command.

 

Hoping someone can clear up this ambiguity.

 

What is the expected duration of the "worst functionality problem" status? It seems logical to display this to the admin for X days/hours/minutes but there is no way of actioning/clearing this event. Or is it supposed to only reflect the current status? To me, it seems logical to display historic events, otherwise the admin does not know they occured unless they go pouring through logs, but we require a way to action or clear the event, once it has been acknowledged.

 

Thanks.

Edited March 4, 2015 by zhekdia

[jimwillsher 65]

I agree, 100% I use it as a "list of things to fix", but they still show eve after being fixed (unless I restart the agent).

[zhekdia 3]

I believe the idea is to show the worst event, which for me is acceptable. For example if the client did not update for 5 days, then just before you check it updates, agent checks in and reports ALL-OK, and no one is the wiser.. You may miss some intermittent issue. My issue is that I would like to be able to action the event(s) or know when the agent will clear it.

[jimwillsher 65]

True....though if it has failed to update fior 5 days but now it is updating fine, I wouldn't be worried since it's now okay.

 

Yes, an "acknowledge" option would do the job.

[dlaporte 14]

I ran this task command on a new Dynamic group I created that has a template that uses the expression "Installed software . Application name =(equal) ESET Remote Administrator Agent".

 I then ran a run as command task to the Dynamic Group.

Worked great!

[Peter Randziak 1,081]

Hello,

 

a fix is planned for the next release so the agent restart will not be required.

 

 

P.R.

[jimwillsher 65]

Thansk Peter; great to hear that our feedback is being taken into account.