j-gray 31 Posted December 18, 2015 Share Posted December 18, 2015 I have a dynamic group to collect workstations with agent only and no AV. This rule seems to work, however, the dynamic group shows some systems that show AV installed; AV version, recent connection, and Virus DB as updated, etc. But when I look at Installed Applications under the client details, it only reports the agent and no AV. So in short, the RA Console shows some clients with AV and agent installed, but those specific clients' details show only the agent installed. What could be causing the incorrect status? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted December 19, 2015 ESET Staff Share Posted December 19, 2015 I have a dynamic group to collect workstations with agent only and no AV. This rule seems to work, however, the dynamic group shows some systems that show AV installed; AV version, recent connection, and Virus DB as updated, etc. But when I look at Installed Applications under the client details, it only reports the agent and no AV. So in short, the RA Console shows some clients with AV and agent installed, but those specific clients' details show only the agent installed. What could be causing the incorrect status? Hello, is there a chance you reverted or restored AGENT files from older backup? Can you try to restart one of those machine and check if it helped after client connects? Please check also SERVER trace.log for errors related to database. Link to comment Share on other sites More sharing options...
j-gray 31 Posted December 21, 2015 Author Share Posted December 21, 2015 Hi Martin, Thanks for the reply. No, agents have not been reverted or restored at any point. Restart on one client had not effect --I'm able to open the client GUI and communication and database updates are fine. I don't find any errors in client or server Trace logs. I also rebooted the server and no change in behavior. The client alert details does show 'Critical' problem of "No regular updates scheduled", but I'm unable to determine exactly what that means. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted December 21, 2015 ESET Staff Share Posted December 21, 2015 Hi Martin, Thanks for the reply. No, agents have not been reverted or restored at any point. Restart on one client had not effect --I'm able to open the client GUI and communication and database updates are fine. I don't find any errors in client or server Trace logs. I also rebooted the server and no change in behavior. The client alert details does show 'Critical' problem of "No regular updates scheduled", but I'm unable to determine exactly what that means. Could you please check AGENT status log located here: c:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html. It may contain: status of last connection attempt - error in case something is wrong time of last log modification (in case it is very old, AGENT is mot probably not running correctly) Link to comment Share on other sites More sharing options...
j-gray 31 Posted December 21, 2015 Author Share Posted December 21, 2015 Agent status html page shows all Green/OK with current replication date/time stamps. They seem to be updating fine -definitions, policies, etc... Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted December 21, 2015 ESET Staff Share Posted December 21, 2015 Agent status html page shows all Green/OK with current replication date/time stamps. They seem to be updating fine -definitions, policies, etc... Technically there may be problem in two different functionality block - either AGENT is not properly detecting ESET Endpoint Antivirus as installed ESET application or there is some data synchronization problem. We can proceed with next steps: Verifying what is actually detected by AGENT: you have to enable trace logging severity by creating file c:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\traceAll and restarting AGENT service. wait few minutes after service restart and search in trace.log for list of installed applications, i.e. search for "ESET Endpoint Antivirus" string or for keyword APPS_INSTALLED Verifying ESET Endpoint Antivirus is correctly installed please check whether "ESET Endpoint Antivirus" is visible in Control Panel -> Programs and Features -> Uninstall a program and post here version and exact name of vendor/publisher Link to comment Share on other sites More sharing options...
j-gray 31 Posted December 23, 2015 Author Share Posted December 23, 2015 Ok, so it appears the install was botched --only the Agent appears in Add/Remove Programs, and I couldn't find the Antivirus string in the trace.log file. However, the program folder exists, the icon is in the system tray, and I can launch the GUI without issue. Now the tricky part; I can't reinstall the AV, because the ekrn process cannot be stopped (access denied). And I can't uninstall it, because Windows doesn't think it's installed. What's the recommended process to fix a botched install given the above issues? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted December 23, 2015 ESET Staff Share Posted December 23, 2015 What's the recommended process to fix a botched install given the above issues? There is a special tool for uninstalling ESET antivirus products: hxxp://support.eset.com/kb2289/?viewlocale=en_US Link to comment Share on other sites More sharing options...
Recommended Posts