Jump to content

ERA 6 experience + ERA 6 with ESET 5.x


Vilca
 Share

Recommended Posts

Hello,

I spent last weekend with upgrading ERA 5 to ERA 6. After two days at Sunday night I did my first agent and Antivirus push from ERA 6 and all looks fine. After few tests on five PCs I scheduled server and client jobs to deploy the Agent and Antivirus ones per day. On the first run nothing happened. With small amount of PCs it works fine but pushing agents on 100 PCs failed at all. I ran the agent deploy jobs again manually before few hours and it success approx on 5 PCs. That's better but really not fine. I don't have idea how to troubleshoot this. Many PCs already have ESET 5, pushing ERA agents failed but suddenly, after few runs of job, it's successfully installed on some PCs. ...on last run the agent is installed on two PCs from 80. I made no changes on all PCs so the error is somewhere else than on the PCs...

I tried to generate the report about agent deployment in last 30 days but it cannot be export to some readable format. In ERA I can't filter the result of the reports. ERA tried to install ERA agent with SSH on the WIndows PCs and I don't want to go through all these records. ERA 5 is more comfortable is this way. 

 

What's wrong from my POV?

  1. Documentation is really vague as some said on this forum:
  • no point about compatibility of ESET 5 with ERA 6 - what settings of ESET 5 I can setup in the ERA, how can I push it on the client and where I can find in ERA 6 the configuration for ESET 5
  • documentation for ERA 6 need to be linked on ESET security products 5 - how to create mirror, how to configure ESET 5 from ERA 6 and so on
  1. Under left click on PC in Computers section I can choose "new job". Will be better if I can choose from existing job and run it immediately.At this moment I can just configure new job. If I want to run existing job on some PC I must duplicate the job and change the scope of the job. It not ideal.
  2. Again the documentation. Dynamic group is great idea but no documentation for this. I want to create dynamic group which contain all computers without ERA agent. Can you help me with this? I can't use the static group "Computers" or "Lost and found". Will be great to have "ERA 6 Codebook" for dynamic groups and many and many examples.
  3. Agent deploy job - will be great to setup how it's run. I believe my problem with deployment is something about running parallel tasks but I didn't find how to setup how much parallel jobs I want to run. Will be nice to see in ERA how many PCs are in job, where the task is... Right now the ERA just want to run the job on all PCs at the same time? In the same way I cannot choose the way how the ERA agent is install on the PC and ERA trying SSH on the Windows... This wasting time and resources.
  4. point 3 is same for client tasks. 

I ran the Agent deploy job again and next 3 PCs appear in ERA.... it's in the pure AD environment with WIn7 and 8 with ESET 5. Can you help me how to troubleshoot this problem?

 

When I reading the documentation I found this article hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3668 . I really want to hear that this is just for previous version and in the future ERA 6 will have more comfortable way for updating. Uninstall and reinstall of the ERA? New ERA agent deploy across whole network? You promised easier way of adminsitration....

 

I want to believe you're on the good way but this product is not prepare for use in production, sorry. Anyway I want to break the wall and have ERA 6 in out network.

Thanks for any help advance.

Link to comment
Share on other sites

  • Administrators

1, With ERA 6, you can configure all settings the very same way as they appear on clients as it uses a brand new configuration system also used by v6 products. With ERA 5, you had to use the Configuration editor which used a configuration template that didn't 100% correspond with the program setup tree by design. The configuration of Endpoint v5 is found in client details after deploying the ERA Agent on it.

As for creating mirror, this is only possible with Endpoint v6. The all-in-one package of ERA v6 contains Apache HTTP Proxy through which clients update and the proxy server caches downloaded files.

 

2, Computers without an agent installed should appear in the Lost and found group. Once the agent has been installed, they can appear in particular dynamic groups as well.

 

The rest will be answered later after a discussion with engineers.

Link to comment
Share on other sites

In my environment, when I tried pushing out the agent on 40+ clients in one job, it failed on most of them with some SSH "unable to connect" errors. The error didn't make sense at all as all clients are online, are members of the same domain, and the run as account specified in the task has exactly the same (admin) rights on all these computers.

Moreover, the same task worked with about 50% success rate on the very same clients (which it said it couldn't connect to earlier), after I edited the job and left only a few of targets there.

After wasting hours on a weekend, I found in experimental way that to get more or less stable results (but still not 100% success), I should select no more than 6 targets in the agent deployment task. Also, it seems that even with this small number of targets (6), the task actually runs only on three of them at a time (I figured it by watching how status of these computers change in Computers, and also by refreshing the Recent Agents Deployments report). And if I had added more than 6 targets in my task, I risked that the task will fail on most of them. Again, this is based on what I noticed in my environment. 

 

In any case, ESET could have done MUCH BETTER job testing it out in their own lab rather than waiting until we test it for them. Even something as simple as warning us "Don't try to deploy the agent on more than 6 (or whatever the number is) of targets in one go, or you're looking for troubles!", could have saved us a lot of time...

Edited by terrum
Link to comment
Share on other sites

1, With ERA 6, you can configure all settings the very same way as they appear on clients as it uses a brand new configuration system also used by v6 products. With ERA 5, you had to use the Configuration editor which used a configuration template that didn't 100% correspond with the program setup tree by design. The configuration of Endpoint v5 is found in client details after deploying the ERA Agent on it.

As for creating mirror, this is only possible with Endpoint v6. The all-in-one package of ERA v6 contains Apache HTTP Proxy through which clients update and the proxy server caches downloaded files.

 

2, Computers without an agent installed should appear in the Lost and found group. Once the agent has been installed, they can appear in particular dynamic groups as well.

 

The rest will be answered later after a discussion with engineers.

Hello Marcus, thank you for your answer.

1. I discover what you wrote but will be great to put this information in to the documentation or create KB "What to do if you want manage ESET 5.x with ERA 6" - create mirror on some server because HTTP proxy is not server old clients, you need to install ERA agent and so on...

 

2. I know about the lost and found group but I can't use it for two reasons. First is that I don't want to push ERA agent on all PCs in the lost and found group and the second is that's not possible to push the ERA agent on the large group. So I wanna create the dynamic group based on a static group but I didn't success. Again the documentation is very vague about dynamic group. I think the dynamic group is very powerful but without documentation is useless. For example I tried to create dynamic group base on the Status but is not possible to choose the "unmanaged" status in the dynamic group rules. So it's not possible to create a dynamic group with the PCs which don't have the ERA agent?  ERA Agent is a must for membership in the dynamic group? If so, the documentation need some improvements.

 

Thank you for your help Marcos 

 

In my environment, when I tried pushing out the agent on 40+ clients in one job, it failed on most of them with some SSH "unable to connect" errors. The error didn't make sense at all as all clients are online, are members of the same domain, and the run as account specified in the task has exactly the same (admin) rights on all these computers.

Moreover, the same task worked with about 50% success rate on the very same clients (which it said it couldn't connect to earlier), after I edited the job and left only a few of targets there.

After wasting hours on a weekend, I found in experimental way that to get more or less stable results (but still not 100% success), I should select no more than 6 targets in the agent deployment task. Also, it seems that even with this small number of targets (6), the task actually runs only on three of them at a time (I figured it by watching how status of these computers change in Computers, and also by refreshing the Recent Agents Deployments report). And if I had added more than 6 targets in my task, I risked that the task will fail on most of them. Again, this is based on what I noticed in my environment. 

 

In any case, ESET could have done MUCH BETTER job testing it out in their own lab rather than waiting until we test it for them. Even something as simple as warning us "Don't try to deploy the agent on more than 6 (or whatever the number is) of targets in one go, or you're looking for troubles!", could have saved us a lot of time...

 

Same problem here. One PC failed in one run but success in the next run.Same job, same PC, same domain... No reason for this fail. I think it's a performance problem but how to the performance tuning? No documentation about this nor about how the ERA serve hundreds of ERA agent installations. 

Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

please submit us tracelogs in case you have such issues with deployment via private message, with reference to this topic, we will check it.

 

Thank you.

 

P.R.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...