Jump to content

RA console and client status do not agree

j-gray
 Share

Recommended Posts

j-gray

j-gray 35

Posted
Posted

I have a dynamic group to collect workstations with agent only and no AV.

 

This rule seems to work, however, the dynamic group shows some systems that show AV installed; AV version, recent connection, and Virus DB as updated, etc.  But when I look at Installed Applications under the client details, it only reports the agent and no AV.

 

So in short, the RA Console shows some clients with AV and agent installed, but those specific clients' details show only the agent installed.

 

What could be causing the incorrect status?

Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 378

Posted
  • ESET Staff
Posted

I have a dynamic group to collect workstations with agent only and no AV.

 

This rule seems to work, however, the dynamic group shows some systems that show AV installed; AV version, recent connection, and Virus DB as updated, etc.  But when I look at Installed Applications under the client details, it only reports the agent and no AV.

 

So in short, the RA Console shows some clients with AV and agent installed, but those specific clients' details show only the agent installed.

 

What could be causing the incorrect status?

 

Hello,

 

is there a chance you reverted or restored AGENT files from older backup? Can you try to restart one of those machine and check if it helped after client connects? Please check also SERVER trace.log for errors related to database.

Link to comment
Share on other sites
j-gray

j-gray 35

Posted
  • Author
Posted

Hi Martin,

 

Thanks for the reply. No, agents have not been reverted or restored at any point. Restart on one client had not effect --I'm able to open the client GUI and communication and database updates are fine.  I don't find any errors in client or server Trace logs.  I also rebooted the server and no change in behavior.

 

The client alert details does show 'Critical' problem of "No regular updates scheduled", but I'm unable to determine exactly what that means.

Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 378

Posted
  • ESET Staff
Posted

Hi Martin,

 

Thanks for the reply. No, agents have not been reverted or restored at any point. Restart on one client had not effect --I'm able to open the client GUI and communication and database updates are fine.  I don't find any errors in client or server Trace logs.  I also rebooted the server and no change in behavior.

 

The client alert details does show 'Critical' problem of "No regular updates scheduled", but I'm unable to determine exactly what that means.

 

Could you please check AGENT status log located here: c:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html. It may contain:

  • status of last connection attempt - error in case something is wrong
  • time of last log modification (in case it is very old, AGENT is mot probably not running correctly)
Link to comment
Share on other sites
j-gray

j-gray 35

Posted
  • Author
Posted

Agent status html page shows all Green/OK with current replication date/time stamps.

 

They seem to be updating fine -definitions, policies, etc...

Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 378

Posted
  • ESET Staff
Posted

Agent status html page shows all Green/OK with current replication date/time stamps.

 

They seem to be updating fine -definitions, policies, etc...

 

Technically there may be problem in two different functionality block - either AGENT is not properly detecting ESET Endpoint Antivirus as installed ESET application or there is some data synchronization problem. We can proceed with next steps:

  1. Verifying what is actually detected by AGENT:
    • you have to enable trace logging severity by creating file c:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\traceAll and restarting AGENT service.
    • wait few minutes after service restart and search in trace.log for list of installed applications, i.e. search for "ESET Endpoint Antivirus" string or for keyword APPS_INSTALLED
  2. Verifying ESET Endpoint Antivirus is correctly installed
    • please check whether "ESET Endpoint Antivirus" is visible in Control Panel -> Programs and Features -> Uninstall a program and post here version and exact name of vendor/publisher
Link to comment
Share on other sites
j-gray

j-gray 35

Posted
  • Author
Posted

Ok, so it appears the install was botched --only the Agent appears in Add/Remove Programs, and I couldn't find the Antivirus string in the trace.log file. However, the program folder exists, the icon is in the system tray, and I can launch the GUI without issue.

 

Now the tricky part; I can't reinstall the AV, because the ekrn process cannot be stopped (access denied). And I can't uninstall it, because Windows doesn't think it's installed.

 

What's the recommended process to fix a botched install given the above issues?

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...