Jump to content

Strange behavior in ERA 6


ucvijan
 Share

Recommended Posts

Hi, 

 

It says in my alets section that there is 44 active threats, but on the mail page, if you count all the computers with active threats its less

 

post-6646-0-65071800-1427623235_thumb.jpg

 

As said in other topic, for this user that has 16 active threats, also all are doubled or tripled, (same file showing multiple times)

This is one thing. 

 

The other, in details, in Info section of the client, it says that the last scan was never done, but when go to the tasks of that client you can see that task was done, i did it manually.There is scheduler set up to run the task every week, and half of the clients show that they have done the scan, but others don't. Following 3 images, shows that details section, its like scan was never done, in task executions, you will see the task i manually performed from ERA, and in configuration from the client, you will see that in scheduler it says that last run of the scheduled scan was done on time, but in the reports, it behaves like that scan never happened. Same case is for half of the clients. In scheduler, it says that scan was done on time, but in details and scan reports it says like the last scan was one week ago.   

 

Like there was no scan.

post-6646-0-93359700-1427624121_thumb.jpg

 

Scheduler says it was done on 28th - 1AM

post-6646-0-13550200-1427624212_thumb.jpg

 

I did manully sent the task from ERA, as there was no report of the scan.

post-6646-0-82771800-1427624120_thumb.jpg

 

And still it shows that scan was never done on this client.

 

Please advise.

Link to comment
Share on other sites

  • Administrators

The information about tasks in ERA only tells if a task has been delivered to the agent and at the next connection to ERAS the agent confirms it's been executed (ie. sent to Endpoint to be executed). If Endpoint fails to run a task for whatever reason and no error is generated, the only way how to find out there was problem executing the task is that you don't see any results from the task (e.g. no scan logs). To reset the number of active threats, click the particular client and select Scan. A full disk scan will be run on the client and if all threats have been cleaned properly, the number of active threats will be reset.

Link to comment
Share on other sites

I get that, but the problem with is that agent is talking every minut to ERAS, and every policy and every change is applied, but only scan time and information is not displayed properly. I even checked on the client itself, and there is scan time, but its like the agent is not sending that info to ERAS. Strange is that that is happening to third of the clients. I think that they did scanning, its just that ERAS does not show that they did. 

Are there any logs I can send you so you can take a look at the issue? Also regarding threats, i did indepth scan and it did not clear them. It was clearing them last week for some clients, now it doesn't, will try again tonight and will tell you how it goes. Will put screenshot of the task if it is finished, and if the threats are not deleted. 

Thank you

Link to comment
Share on other sites

OK, 

 

I did as you said again last nihgt. Indepth scan on two problematic clients, and it didnt remove threats, it added the same threats to the total count. In the pictures below, you can see that task was executed and finished, you can see that in info for that client it says that no scan was done, you can that there are threats (for some reason it is yellow color, but in the threats of the client info there are red ones. You can also see that number of active threats in the left sidebar is 60?? But in the tree windows it says its 44.. ERAS just added the same 16 threats it already counted 2,3 days before.. First it was 16, then 32 for same user, now 48.. So three times he added the same 16 active red threats. Please tell me what to do..Already posted pictures in this topic and other regarding these problems, still no answer.  

 

 

You can see scan completed here on the client

post-6646-0-73552500-1427792498_thumb.jpg

 

You can see that info inthe client says N/A for the scan time

post-6646-0-13635200-1427792499_thumb.jpg

 

You can see active threats present on the client (dont get confused the yellow number, I am also confused why yellow (first it was yellow, then i did indepth scan, and it only added 12 red ones, the same). So last nihgt scan did not remove threat count to 0

 

post-6646-0-42894800-1427792497_thumb.jpg

 

And last, number of active threats is different in the sidebar and in the tree. And also, same 16 threats were counted 3 times, for 3 different indepth scans that were meant to remove the threats. 

 

post-6646-0-02414500-1427792498_thumb.jpg

 

Getting really annoyed, and I am really patient..

 

 

 

 

Link to comment
Share on other sites

  • Administrators

It's quite strange that so much Android malware would be detected on a server. Could you please generate a report "Threat events in last 7 days" that should also contain additional information about detected threats and post a screen shot of it here?

It's also possible to duplicate the template and edit the new one to make a report of threats detected within the last 30 days, if necessary. As for no information about the last scan time, we'll ask our engineers to comment on it.

Link to comment
Share on other sites

Hi Marcos, 

 

Any news? Sent you PM two days ago with report. 

Clients still dont have last scan shown on the last time it was done, threats are still there...

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...