Jump to content

Archived

This topic is now archived and is closed to further replies.

jimwillsher

Restart agent remotely

Recommended Posts

Ok so it seems that most of the errors/warnings showing i the console are bogus, since they may have been fixed hours ago yet the console still shows them as "problematic". Examples are "recent update attempts failed", "Security centre reports that AV is not running", "Windows reports that the OS is out of date" etc. etc.

 

I've made a couple of separate postings (today) highlighting how misleading this is. Hopefully ESET will address this in a future release - no point showing status information in the console if the status information is several hours old, especially if the agent is connecting every minute!

 

So, restarting the agent seems to clear this up, and unfortunately (hint....) there seems to way to restart the agent from the console. However this command does the job nicely (as a "run command" triggered from ERA):

 

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Restart-Service EraAgentSvc

 

 

It's a bit clunky insofar as the path name to PowerShell is hardcoded, and this does assume that PowerShell is installed (it probably is on most systems). But this restarts the agent, which triggers it to send accurate status information to ERA, and ERA then stops shouting!

 

Hope this helps someone.

 

 

 

Jim

 

Share this post


Link to post
Share on other sites

Thanks Jim. This helped me resolve a couple of "problematic" remote clients. 

Share this post


Link to post
Share on other sites

Thanks Jim!

I was getting tired of the false readings as well.

Share this post


Link to post
Share on other sites

Restarting the agent is a workaround for a known bug in Endpoint v6 which will be addressed in the next service build.

Share this post


Link to post
Share on other sites

Many thanks Marcos, at least we have a workaround that seems to work okay. We expect bugs with new releases so it's good that they are being detected and addressed.

Share this post


Link to post
Share on other sites

Hi,

 

Thanks Jim for the PS command.

 

Hoping someone can clear up this ambiguity.

 

What is the expected duration of the "worst functionality problem" status? It seems logical to display this to the admin for X days/hours/minutes but there is no way of actioning/clearing this event. Or is it supposed to only reflect the current status? To me, it seems logical to display historic events, otherwise the admin does not know they occured unless they go pouring through logs, but we require a way to action or clear the event, once it has been acknowledged.

 

Thanks.

Share this post


Link to post
Share on other sites

I agree, 100% I use it as a "list of things to fix", but they still show eve after being fixed (unless I restart the agent).

Share this post


Link to post
Share on other sites

I believe the idea is to show the worst event, which for me is acceptable. For example if the client did not update for 5 days, then just before you check it updates, agent checks in and reports ALL-OK, and no one is the wiser.. You may miss some intermittent issue. My issue is that I would like to be able to action the event(s) or know when the agent will clear it.

Share this post


Link to post
Share on other sites

True....though if it has failed to update fior 5 days but now it is updating fine, I wouldn't be worried since it's now okay.

 

Yes, an "acknowledge" option would do the job.

Share this post


Link to post
Share on other sites

I ran this task command on a new Dynamic group I created that has a template that uses the expression "Installed software . Application name =(equal) ESET Remote Administrator Agent".

 I then ran a run as command task to the Dynamic Group.

Worked great!

Share this post


Link to post
Share on other sites

Thansk Peter; great to hear that our feedback is being taken into account.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...