LocknetSSmith 6 Posted July 2, 2015 Posted July 2, 2015 Hoping for a quick response on this one! I have a managed service client who I deployed v6 ERA to. Everything has been working great, but they wanted to test the policy Security Product for Windows - Visibility - Invisible Mode as they want to truly make AV invisible to the end user (or as close to it as they can get). So they applied the policy to a group of about 20 computers, and restarted them. Now, the ekrn.exe process has stopped - that is to say, the computers came back from a reboot, and the ekrn.exe process didn't start. Is that how invisible mode works? Are these computers still protected? Or did something go wrong? Thanks~
Administrators Marcos 5,461 Posted July 2, 2015 Administrators Posted July 2, 2015 Did you get an error message that ekrn.exe could not start? Do you see any such error in the system event log?
LocknetSSmith 6 Posted July 2, 2015 Author Posted July 2, 2015 Maybe - I can look! I thought perhaps this was because of the invisible mode policy. I wasn't sure how it was supposed to work from the description and couldn't find a KB on it or anything in the user guide (that's not to say that there isn't anything, but maybe that I just missed it). I'll check the logs
LocknetSSmith 6 Posted July 2, 2015 Author Posted July 2, 2015 So, I'm waiting for a call back from this customer for permission to connect to one of these computers. Can anyone explain how Invisible Mode is supposed to work?
Administrators Marcos 5,461 Posted July 2, 2015 Administrators Posted July 2, 2015 It's not clear what mode you mean by invisible as the following options are available: Full, Minimal, Manual, Silent. Perhaps you mean silent mode, don't you? Anyways, regardless of what mode you choose egui.exe and ekrn.exe must remain running.
LocknetSSmith 6 Posted July 2, 2015 Author Posted July 2, 2015 In the ERA v6, in Admin -> Policies, there is a pre-existing policy that comes with the ERA Web Console, so I'm assuming it was built by ESET. The title of the policy is Security Product for Windows - Visibility - Invisible Mode That is what I am referring to.
LocknetSSmith 6 Posted July 2, 2015 Author Posted July 2, 2015 Description: Disabled Notifications, Alerts, GUI, integration to the context menu. No egui.exe will run. Suitable for management solely from ERA.
Recommended Posts