Not happy with ERA 6

[jwilkins@adamsaai.com 0]

I am fairly new to administering the product (about a 1.5 years now.) I have to agree that ERA 5 was much easier to use. I have no doubt after digging into v6 that it has some advantages over v5, but ihavent decided if they are worth it. I have a small test group in production. If i cant get past some of the issues i am having i will revert back to v5.

 

I reached out to ESET support via the website email form, and heard crickets (correction, i went back and looked, they replied with a posting to the forum that addresses the issue, which i had already read). Eventually I stumbled through enough forum posts and google searches to solve most of my problems on my own.

 

From an administrative standpoint its taking me more time to setup ERAv6 than it did v5. Perhaps i should have gone to another product if i had to start from scratch. If it wasnt for the fact that i wanted to use the newer AV client i would not have migrated to v6 at all.

 

p.s. i volunteered in the testing for ERA6 and I hated it then as I do now, I communicated this to your dev time. I feel like you lose simiplicity when going to a web based app vs. the fat version, everything feels like it takes more steps. I like the reporting features from the dashboard of the web but thats it (you can keep that). My opinion, scrap web version ERAv6 and give us back a fat console. Don't mean to step on any hearts, im sure your dev team is proud of the product. Maybe i am just old school and like the a a traditional program vs web version. Don't just take my word, do a unbias survey or something. Listen to your customers.

 

As far as your move to a web admin console your not alone, lots of companies are moving toward web based management consoles (i hate most of them), even cisco has versions of it. In some cases thats all you get, in some cases the web version is suplemental. Give us both if you love your web version so much. Thanks for reading my rant.

Edited August 8, 2015 by jwilkins@adamsaai.com

[Alex-Iv 2]

I would strongly urge you to consider continuing with v5.

There will be one more build of ERA v5 (specifically 5.3).

I have tried to make v6 work on a simple network of machines and remain frustrated at its inconsistency and lack of access to configuration that I took for granted with v5.

As of v6, ERA enables you to see the configuration tree in the very same way as it appears on clients. In older versions of ERA, there was a configuration tree which didn't 100% match the appearance of the product settings on clients and caused a lot of confusion to users.

It'd be good if you could clarify what you mean so that we understand what exactly you want to achieve.

With the small network I have used the inbuilt update server on endpoint security and it may be this that is causing issues such as, right click scan menu intermittently not working,

The built-in mirror has never been as efficient as dedicated http servers, such as Apache or IIS and not many clients could be served at a time. Still, if you want to create a local mirror with v6, you can do so by means of an Endpoint v6 product which also supports distribution of updates via the internal http server. Also there should be a tool available soon that will download updates files that can be subsequently distributed to clients by a 3rd party http server or via a local share. The problem with right-click scan is not related to this at all. Honestly, I've never heard about such issue with Endpoint v6 so I'd strongly recommend troubleshooting it further with customer care.

eset icon disappearing from hidden icons

I've never had this problem and haven't seen it reported from customers nor from users in this forum specifically for Endpoint v6. A similar issue was reported for older versions but it wasn't specific to ESET and other application icons exhibited the same behavior.

unable to start eset display from the menus as it runs but never appears on the screen.

Never heard of this issue, further information about the system will be needed. It's not clear if the issue exhibits on all of your systems, what OS is installed, if more users are logged on at a time, etc. Strongly recommend to contact Customer care for further assistance.

the increased security mandates at least 5 username and password combinations to implement it with remote admin

I use only username and password to log in to the console and U/P for ELA portal. What usernames/passwords are you referring to?

and I do not understand the logic of requiring an apache install on pure windows installations.

Apache HTTP proxy replaces the former mirror feature with a more efficient and reliable way of caching downloaded files.

I see little benefit in pure browser based administration on a local network and presume that "someone" thought it would be a nice idea

Administration via the web console was requested by many administrators as it enables them to access ERA from any operating system and are not limited to Windows like it was with ERA v5 and earlier.

Please create a separate topic for each issue so that we don't mix different things in one topic.

I would say you are trying to use nuclear power plant for feeding flashlight where most people will use just Duracell battery. Power plant is more efficient. No kidding. But when you need a simplicity and convince with small flashlight - the battery works much better. As I already suggested you in my earlier posts: you'd seriously have to think about releasing different products for different sizes of businesses. That will remove the irritation from small busines which doesn't want to setup complicated technologies on their small servers to protect 20 - 100 computers. You can give them choice for simplicity and convenience of version 5. Version 5 won a lot a customers for you. Don't toss it. Edited August 7, 2015 by Alex-Iv

[AStevens.SHG 7]

Another sys admin enters the fray.

 

I've used ESET for years in other businesses and was so pleased to finally be able to dump our aging McAfee and Fisher-Price Symantec.Cloud AV setups in the business for ESET.

 

I'd been out of the loop for a bit, discovered ESET has become a rocky road... we have Windows dating back to 2000 (yeah we are trying to upgrade/get rid of them, promise!), Linux (Servers and a couple of Desktops), and an ever growing Mac estate... which from memory I thought ESET would be perfect for and fix all our worries.

 

Not so... despite the new shiny, pretty, webconsole v6... which can run on Linux (although reading this thread even that's rocky), Eset for Linux is still in the dark days of v4, not v5 and not v6.. eh?! Mac ESET Security product is only v6 as well. v6 does not support Linux or Windows Server 2000 therefore, which is a problem for us.

 

So I had to double the server requirement, build a v5, start getting Linux v4 clients on it (NOT easy!), with help of our local office Linux IT guy, we're on the roll there finally, got ESET Linux file server on a few Dev boxes, hoping to rollout to production ones soon. Push installed to a Windows 2000 server, ah that's more like it, easy, will push out to our remaining Windows 2000 servers soon. Now to build the ERA v6 cluster setup..

 

Then like most of you, hitting the problems with v6 documentation... I've done many v5 cluster setup with little problems, although I get the distinct feeling I'm the only one who does an ESET cluster setup from talking to support. In v6 however, they've not thought through or tested a cluster setup, for starters it doesn't like a SQL Cluster, it can't find the instance port and wants us to nail a port down, that won't work when it fails over, if anything is using that port, it will fail to start, port assignments on cluster instances are meant to be dynamic, in v5 of course you could just put a DSN name and configure the db connection by ODBC Administrator and that worked.

 

After that, there's this new certificate requirements, again the documentation is awful.. we're doing a new v6 setup, I want to use our own CA and make whatever certificates it needs but there isn't any proper documentation... normally products generate a CR.

 

Although I've not got ERA v6 installed yet, I also raised with support about the components in v6, it's a culture shock, and a lot more manual work outside of ERA for us, and the documentation is lacking, I shall need further help from others again (SSL for the Apache Update Cache?), most of it is clear now, as I go through it may hit some more bumps in the road.

 

I'm talking to support at the moment, but it's so slow as they have to go to Global and wait for an answer back.

 

It's a real shame, and after I've been singing ESET's praises and we're struggling to get v6 up, not to mention the problems I see on this thread about deploying clients, bit worrying.

[technika 0]

Installing
Getting "It is not possible to store big blocks of data in the database. Please configure the database server first." No difference it's All-in-one install or only Server install.
Windows 10 x64
MySQL server 5.6 x64
MySQL ODBC connector 5.3 x64
I've found my.ini under "C:\ProgramData\MySQL\MySQL Server 5.6". By MySQL documentation these settings should be red first. I've added max_allowed_packet=33M under the [mysqld] tag. Also tried 60M 128M and restarted computer every time. It's the same error on Windows 7 x64 on VMware Player.

Gave up and went with built-in Microsoft SQL server.

 

Adding computers

By this documentation Rogue sensor only detected server itself. Although server can see, ping and use file sharing with every workstation in the network. So only manual entering workstation name/IP works.

 

Deploying products using push install

To upgrade clients ESET software I use Install by direct package URL. After ESET Remote Administrator Push Installation Requirements and Checklist and documentation in Client tasks --> Executions I'm still getting 3 rows in the end:

ESET Remote Administrator Agent - Starting - Starting task

Operating system - Running - Task started

Operating system - Failed - Task failed

with no further information.

trace.log does not indicate anything on this case.

 

I'm spending hours trying to fix one or another issue ESET left. It's bad to test products on your customers.

Edited August 9, 2015 by technika

[rcocchiararo 0]

Hi there.

 

I used to work for a company that distributes and gives support for eset products in my country, and now i work for a company that uses them.

In our building, we have a smaller network (only 29 endpoint antivirus) and a bigger one.

I "upgraded" ERA v5 to V6 on the small network.

 

The upgrade instructions are not really that "doable", since they ask me to leave my whole network without an antivirus, and THEN after ERA V6 is installed, and the agents deployed (a nightmare, really, i had like 10 or less deploy on the first try, then some others did so on other attemts, changing nothing, and finally i had to install some manually).

 

Once all that is clear, i don´t mind the new console (i like being able to access it from many machines).

 

My main issue right now, is that the http proxy seems to do NOTHING similar to the old mirror.

 

 

...the whole 'mirror replacement with Apache' part. Unfortunately, I've got to get it working because we have some OS/x machines that require version 6 clients.

 

If you don't like the new approach with Apache HTTP proxy that has advantages over using the former mirror, you can still create a mirror using Endpoint v6. However, it will download more data as new modules have been added to v6 and other new ones will be added in the future. Using the Apache HTTP server, many more clients can be served at once and only files that are really needed by clients will be downloaded from ESET's servers.

 

 

 

What I did not find:
1. Clean procedure how to setup office under 100 computers with 1 server getting updates from ESET sever and distributing them to client computers in the local network

ERA v6 does not support creation of a local mirror. The feature was replaced by Apache HTTP Proxy which caches downloaded installers and update files. You may choose not to install it if you plan to use another http proxy or create a mirror using ESET Endpoint Antivirus, ESET Endpoint Security or another v6 ESET product, such as ESET File Security.
Let us know what you'd need to help with specifically.

 

The proxy was installed with the bundled installer, and i confirm that the cache folder has files in it (i see a similar structure to what an old squid proxy i had sometime in the past in yet another job).

 

If i shut down the apache proxy, computers can't look for updates.

If i enable it.. they can, but they download ULTRA SLOW, like... from the internet. (i have a 25mb connection, but downloading either ESET updates or installers is always slow, no idea why).

If i enable the mirror in one of my computers, then updates download lightning fast on the other machines (After setting them to use that update server either manually or with the policy).

 

Either  the Apache http proxy is catching the wrong stuff, or something is wrong... i followed every kb, to no avail.

I even contacted my old job for support (i am now their customer ), and they could not help. 

A friend i have that was the main support person there, told me that he had tons of complains for this.

For now, i have "burned" a license on the server where i have ERA V6, installing endpoint antivirus there, and enabling the mirror.

 

 

It is just workaround. As I understand I will have to install ESET software on another computer diirectly connected to internet (which is against our network policy) and have other computers in the network synchronise updates from this computer. In another words I have to setup another "server" which will manage updates. I dont think my boss will be happy to buy extra computer just for that.

 

We first need to understand the scenario you use so that we can provide you with a solution that fits you best. A few questions:

1, Is the computer with ERAS installed connected to the Internet?

2, Is it against your company's policy to install antivirus on that server? If not, what's the reason for not installing ESET there and configuring it to create a local mirror?

3, If you don't use an http server in your company, would it be a problem to install one (e.g. Apache) on the same server where ERAS is installed?

 

 

Using the mirror function requires me to either "waste" a license on a server which only had ERA V5 before, so i must buy an additional license, or use a desktop machine as a server of sorts.

[joloriquelme 1]

Hi!

 

I'm from Chile. I'm an independant IT specialist, supporting compaines of different sizes.

 

Two of them have ESET solutions, all working with ERA 5 and 5.x Endpoints without problems.

 

I just brought licenses for the second company, and decided to install directly ERA 6 and the clients.

 

Just 3 hours had been passed since the install and simply this doesn't work and it's awful. I've tried to install agents, clients, etc, without any luck. Everything seems extremely complicated.

 

Tomorrow I uninstall this sort-of ALPHA Software and install ERA 5.

Very dissapointed of ESET on this.

[Marcos 5,070]

Just 3 hours had been passed since the install and simply this doesn't work and it's awful. I've tried to install agents, clients, etc, without any luck. Everything seems extremely complicated.

 

Please create a new topic for particular issues where we could discuss them and assist you with resolving them. Installation of Agent Live installer via GPO which is a recommended way of installing Agent has always worked like a charm as far as I know.

[rcocchiararo 0]

 

Just 3 hours had been passed since the install and simply this doesn't work and it's awful. I've tried to install agents, clients, etc, without any luck. Everything seems extremely complicated.

 

Please create a new topic for particular issues where we could discuss them and assist you with resolving them. Installation of Agent Live installer via GPO which is a recommended way of installing Agent has always worked like a charm as far as I know.

 

 

Should i also create a topic about my http proxy seemingly not caching or serving or something?

[Monge 0]

In my opinion, ERA 6 is not ready to clients. Like Batman: Arkham Knight for PC,  sales should suspended until is fixed(and improved).

[ronmanp 2]

In my opinion, ERA 6 is not ready to clients. Like Batman: Arkham Knight for PC,  sales should suspended until is fixed(and improved).

This is true, the web console is all cute and shiny but the administration of ERA 6 is awful. After months of tweaking I'm just starting to to be able to sort of make it work like it's supposed to. Unlike many competitors you can't just set it up and stop thinking about it. You'll have to constantly monitor, fix server/agent communication, activation and policies (e.g. HIPS won't disable and yes I have a support case open) because it's a nightmare to manage. Oh and if you want to use AD to manage your endpoints and assign policies just forget about it. Believe me...

For SMB I can recommend it, but for big companies... Brace yourself.

 

Here's 2 of my favorites: we can't use wildcards for drive letters in the real-time exclusions  

Also why not simply have a single setting that says "Use internal server to get definition updates, if it is not reachable then use ESET's servers." instead of having us go through that whole process?

 

Like many have said before, the product has real potential but right now I feel like a beta tester.

[kerin444 0]

 

Marcos, on 22 Jul 2015 - 06:16 AM, said:

Quote

What I did not find:

1. Clean procedure how to setup office under 100 computers with 1 server getting updates from ESET sever and distributing them to client computers in the local network

ERA v6 does not support creation of a local mirror. The feature was replaced by Apache HTTP Proxy which caches downloaded installers and update files. You may choose not to install it if you plan to use another http proxy or create a mirror using ESET Endpoint Antivirus, ESET Endpoint Security or another v6 ESET product, such as ESET File Security.

Let us know what you'd need to help with specifically.

 

The proxy was installed with the bundled installer, and i confirm that the cache folder has files in it (i see a similar structure to what an old squid proxy i had sometime in the past in yet another job).

 

If i shut down the apache proxy, computers can't look for updates.

If i enable it.. they can, but they download ULTRA SLOW, like... from the internet. (i have a 25mb connection, but downloading either ESET updates or installers is always slow, no idea why).

If i enable the mirror in one of my computers, then updates download lightning fast on the other machines (After setting them to use that update server either manually or with the policy).

 

Either  the Apache http proxy is catching the wrong stuff, or something is wrong... i followed every kb, to no avail.

I even contacted my old job for support (i am now their customer ), and they could not help. 

A friend i have that was the main support person there, told me that he had tons of complains for this.

For now, i have "burned" a license on the server where i have ERA V6, installing endpoint antivirus there, and enabling the mirror.

 

I've setup the ApacheHttpProxy and found it quite ineficiant. As there is no LOG feature included in the apache config, I manualy added the "mod_log_config" module and added some log rules to get the cache miss and hits:

<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access.log" combined
CustomLog "logs/proxy-cache-hits.log" common env=cache-hit
CustomLog "logs/proxy-cache-missed.log" common env=cache-miss
</IfModule>

For now I configured two clients to use the ApacheHttpProxy but my "hits" log remains empty and my "miss" fills quickly... There is only 9Mb in the cache after two weeks of usage.

 

The "proxy-cache-missed.log" :

192.168.0.99 - - [17/Aug/2015:07:49:00 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.99 - - [17/Aug/2015:07:49:01 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600
192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:08:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:08:16:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600
192.168.0.96 - - [17/Aug/2015:08:16:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:08:16:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:09:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:09:16:16 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600
192.168.0.96 - - [17/Aug/2015:09:16:18 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:09:16:19 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594
192.168.0.96 - - [17/Aug/2015:10:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 200 12309
192.168.0.96 - - [17/Aug/2015:10:17:15 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:16 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 200 13699
192.168.0.96 - - [17/Aug/2015:11:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:11:17:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594
192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162

I find it strange to have 404 HTTP header on update.ver, it whould be working all the time...

[rcocchiararo 0]

 

 

Marcos, on 22 Jul 2015 - 06:16 AM, said:

Quote

What I did not find:

1. Clean procedure how to setup office under 100 computers with 1 server getting updates from ESET sever and distributing them to client computers in the local network

ERA v6 does not support creation of a local mirror. The feature was replaced by Apache HTTP Proxy which caches downloaded installers and update files. You may choose not to install it if you plan to use another http proxy or create a mirror using ESET Endpoint Antivirus, ESET Endpoint Security or another v6 ESET product, such as ESET File Security.

Let us know what you'd need to help with specifically.

 

The proxy was installed with the bundled installer, and i confirm that the cache folder has files in it (i see a similar structure to what an old squid proxy i had sometime in the past in yet another job).

 

If i shut down the apache proxy, computers can't look for updates.

If i enable it.. they can, but they download ULTRA SLOW, like... from the internet. (i have a 25mb connection, but downloading either ESET updates or installers is always slow, no idea why).

If i enable the mirror in one of my computers, then updates download lightning fast on the other machines (After setting them to use that update server either manually or with the policy).

 

Either  the Apache http proxy is catching the wrong stuff, or something is wrong... i followed every kb, to no avail.

I even contacted my old job for support (i am now their customer ), and they could not help. 

A friend i have that was the main support person there, told me that he had tons of complains for this.

For now, i have "burned" a license on the server where i have ERA V6, installing endpoint antivirus there, and enabling the mirror.

 

I've setup the ApacheHttpProxy and found it quite ineficiant. As there is no LOG feature included in the apache config, I manualy added the "mod_log_config" module and added some log rules to get the cache miss and hits:

<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access.log" combined
CustomLog "logs/proxy-cache-hits.log" common env=cache-hit
CustomLog "logs/proxy-cache-missed.log" common env=cache-miss
</IfModule>

For now I configured two clients to use the ApacheHttpProxy but my "hits" log remains empty and my "miss" fills quickly... There is only 9Mb in the cache after two weeks of usage.

 

The "proxy-cache-missed.log" :

192.168.0.99 - - [17/Aug/2015:07:49:00 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.99 - - [17/Aug/2015:07:49:01 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600
192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:08:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:08:16:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600
192.168.0.96 - - [17/Aug/2015:08:16:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:08:16:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:09:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:09:16:16 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600
192.168.0.96 - - [17/Aug/2015:09:16:18 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:09:16:19 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594
192.168.0.96 - - [17/Aug/2015:10:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162
192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 200 12309
192.168.0.96 - - [17/Aug/2015:10:17:15 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:10:17:16 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 200 13699
192.168.0.96 - - [17/Aug/2015:11:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:11:17:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594
192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 -
192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162

I find it strange to have 404 HTTP header on update.ver, it whould be working all the time...

 

 

my cache directory us way bigger than the mirror directory (more than 300 mb), but downloads are still slow (i have set up all my pcs to use it)

[Marcos 5,070]

HIPS won't disable and yes I have a support case open

 

I didn't have a problem with this - HIPS was disabled in the program's gui on the client. However, why one would like to disable HIPS and lose other important protection layers, such as Exploit blocker and Advanced memory scanner, which can block a huge number of threats upon execution if malware makes it through all other protection layers?  

  

Here's 2 of my favorites: we can't use wildcards for drive letters in the real-time exclusions

 

That's in fact good. Any exclusion creates a security hole as potential malware in excluded files or folders would remain undetected even if ESET was able to block it otherwise. Wildcards are supported for folders and files, however. If you need to use exclusions, I'd strongly suggest consulting it with Customer care as there's a chance we would be able to solve possible issues in a safe manner.

 

Also why not simply have a single setting that says "Use internal server to get definition updates, if it is not reachable then use ESET's servers." instead of having us go through that whole process?

Updates are run via update tasks in Scheduler and this is how it has worked since v2. So you basically need to set up 2 update profiles, each with different setting for updates in different networks. Then you need to create a new update task or edit the existing one and select the primary and secondary update profile. I for one can't think of how this could be made simpler.

If you want to discuss particular issues or have questions or suggestions, please create a new topic for each.

[bbahes 29]

 

HIPS won't disable and yes I have a support case open

 

I didn't have a problem with this - HIPS was disabled in the program's gui on the client. However, why one would like to disable HIPS and lose other important protection layers, such as Exploit blocker and Advanced memory scanner, which can block a huge number of threats upon execution if malware makes it through all other protection layers?  

  

Here's 2 of my favorites: we can't use wildcards for drive letters in the real-time exclusions

 

That's in fact good. Any exclusion creates a security hole as potential malware in excluded files or folders would remain undetected even if ESET was able to block it otherwise. Wildcards are supported for folders and files, however. If you need to use exclusions, I'd strongly suggest consulting it with Customer care as there's a chance we would be able to solve possible issues in a safe manner.

 

Also why not simply have a single setting that says "Use internal server to get definition updates, if it is not reachable then use ESET's servers." instead of having us go through that whole process?

Updates are run via update tasks in Scheduler and this is how it has worked since v2. So you basically need to set up 2 update profiles, each with different setting for updates in different networks. Then you need to create a new update task or edit the existing one and select the primary and secondary update profile. I for one can't think of how this could be made simpler.

If you want to discuss particular issues or have questions or suggestions, please create a new topic for each.

 

 

You made it little bit more simpler in V6 compared to V5.

I could imagine few ways to make it simpler and more configurable...Update Server first comes to mind 

[ronmanp 2]

 

HIPS won't disable and yes I have a support case open

 

I didn't have a problem with this - HIPS was disabled in the program's gui on the client. However, why one would like to disable HIPS and lose other important protection layers, such as Exploit blocker and Advanced memory scanner, which can block a huge number of threats upon execution if malware makes it through all other protection layers?  

  

Here's 2 of my favorites: we can't use wildcards for drive letters in the real-time exclusions

 

That's in fact good. Any exclusion creates a security hole as potential malware in excluded files or folders would remain undetected even if ESET was able to block it otherwise. Wildcards are supported for folders and files, however. If you need to use exclusions, I'd strongly suggest consulting it with Customer care as there's a chance we would be able to solve possible issues in a safe manner.

 

Also why not simply have a single setting that says "Use internal server to get definition updates, if it is not reachable then use ESET's servers." instead of having us go through that whole process?

Updates are run via update tasks in Scheduler and this is how it has worked since v2. So you basically need to set up 2 update profiles, each with different setting for updates in different networks. Then you need to create a new update task or edit the existing one and select the primary and secondary update profile. I for one can't think of how this could be made simpler.

If you want to discuss particular issues or have questions or suggestions, please create a new topic for each.

 

 

I've shared my concerns already through technical support. I was just sharing my experience in this thread as I've noticed I'm not the only one living with issues caused by ERA 6. 

 

The HIPS issue has been acknowledged by ESET and it is not caused by our environment issue. We are working on it.

 

Real-time scanning exclusions and drive letter wildcards. I know they are bad but some of us need it so we should have the option to use them. It shouldn't be your decision. Again this is something competitors allows you to do.

 

For update profiles I believe that simply creating 2 profiles in the policy and choosing a primary one to have ESET fallback to the second one automatically if the first is unreachable would be a lot simpler than going through the 23 steps from your documentation.

[Marcos 5,070]

You made it little bit more simpler in V6 compared to V5.

I could imagine few ways to make it simpler and more configurable...Update Server first comes to mind 

 

We are open for any ideas or thoughts you may have so I encourage you to share them with us in a separate topic. If we find them reasonable and useful for other users, we will definitely consider implementing them to make your work with ERA v6 easier.

[Marcos 5,070]

The HIPS issue has been acknowledged by ESET and it is not caused by our environment issue. We are working on it.

 

I was asking about this because I tested it and it worked just fine. Actually I came across a support case you mentioned but it was denied by developers as invalid - the user was complaining about ehdrv.sys driver and not about HIPS itself. As already mentioned, I'd never disable HIPS as I would lose other crucial protections layers that are almost as important as real-time protection.

[ronmanp 2]

 

The HIPS issue has been acknowledged by ESET and it is not caused by our environment issue. We are working on it.

 

I was asking about this because I tested it and it worked just fine. Actually I came across a support case you mentioned but it was denied by developers as invalid - the user was complaining about ehdrv.sys driver and not about HIPS itself. As already mentioned, I'd never disable HIPS as I would lose other crucial protections layers that are almost as important as real-time protection.

 

I hope this is not my support case as I haven't been told that. I agree HIPS is important but we have in-house tools that will break if we enable it. I'll work on making it work but this won't be possible right now. 

[rcocchiararo 0]

Why is the apache http proxy installed into "program files" in an x64 server, if it is the 32bits version?

 

Just noticed this when i tried to add the mod_log_config and it would not work (i got the 64 bits version)

[Marcos 5,070]

I hope this is not my support case as I haven't been told that. I agree HIPS is important but we have in-house tools that will break if we enable it. I'll work on making it work but this won't be possible right now.

It'd be good to discuss this in a separate topic. I'd be interested in knowing if HIPS remains enabled in gui after applying the policy and restarting the computer. Also if HIPS clashes with another program it's better to contact customer care and solve it other than by disabling HIPS completely and thus losing important protection features.

[BlackMageXIV 0]

I too am seriously considering switching back to v5. In v5 I could install the client on a computer, type in the IP address of the management server on the local client and set the refresh period to 0 and it would grab the default config I had set up on the server immediately. ERA 5's interface looked a bit dated, but it was functional and just plain worked once you knew where the settings were. ERA 6 was a serious PITA to set up, and then activating clients is really hit or miss as to when the server will push the activation task out to the client. I can't tell where to find the computers using my license, as one was stolen and two were re-imaged and I'm not sure how to free up those uses of our license. 

 

Once again this is devs thinking "Wow, it'd be cool if we..." or "We could make this look like a hip website if we just... " and not giving much (if any) thought to user experience. 5 never required an agent and worked great. Now 6 has been mostly hassle and headaches from deployment to activation, to monitoring and control through ERA. Not impressed, and I've been a fan of home and business ESET for years.  

[Marcos 5,070]

 

ERA 6 was a serious PITA to set up, and then activating clients is really hit or miss as to when the server will push the activation task out to the client. I can't tell where to find the computers using my license, as one was stolen and two were re-imaged and I'm not sure how to free up those uses of our license. 

 

You can manage your license (e.g. deactivate particular seats) and check its status via ela.eset.com. To speed up pushing a task. send a wake-up call to the desired client(s) and they will connect to ERAS momentarily, if reachable.

Should you come across any further issue, feel free to ask. ERA 6 is a brand new generation of ERA and it's not just a simple upgrade of ERA v5. Also we're about to release ERA 6.2 within a couple of days which will bring further enhancements requested by users.

[bbahes 29]

 

 

ERA 6 was a serious PITA to set up, and then activating clients is really hit or miss as to when the server will push the activation task out to the client. I can't tell where to find the computers using my license, as one was stolen and two were re-imaged and I'm not sure how to free up those uses of our license. 

 

You can manage your license (e.g. deactivate particular seats) and check its status via ela.eset.com. To speed up pushing a task. send a wake-up call to the desired client(s) and they will connect to ERAS momentarily, if reachable.

Should you come across any further issue, feel free to ask. ERA 6 is a brand new generation of ERA and it's not just a simple upgrade of ERA v5. Also we're about to release ERA 6.2 within a couple of days which will bring further enhancements requested by users.

 

 

Are you bringing mirror server feature to ERA server?

[Alex-Iv 2]

 

Are you bringing mirror server feature to ERA server?

Voting for that!!!

[Marcos 5,070]

Are you bringing mirror server feature to ERA server?

ERA 6.2 will bring a command line tool for creating a mirror which you can subsequently make available to clients via Apache (or another http server) or network shares.