Jump to content

Moving to ESET was dissapointing.


Recommended Posts

Hello.

 

Recently our company purchased bussines licence for ESET Antovirus. Before this purchase, we had using for a long time Kaspersky Antivirus for Bussines.

 

We was impressed by ESET because the Administration Server can run on Linux (no need for a Windows License), uses a opensource DB and also client antivirus software does not consume lot of processing power. Compared to Kasperksy, whose Admin Console is only for Windows and Remote Management Console is also only for Windows.

 

But I want to say that after key delivery we was very dissapointed of lot things that does not correctly work and was not mentioned on the web site which presented the solution. I thought that those problems were related to trial version that we implemented to test, prior to buying.

 

In order to start deploy the Antiviruses, I've choosed a virtual appliance with everything installed in it for ERA. This is a good point for ESET. I could go with regular installation in Linux environment, but there where nowhere mentioned about Debian 8 compatibility or support. So, having a Hyper-V environment, I've setup a VM and pointed to downloaded virtual disk. It started up and I could setup IP, FQDN, DNS and ready to work.

 

How I was dissapointed that the only opensource DB which is supported is MySQL (is it really open as of purchase by Oracle?). Why you don't support other opensource DB, like Postgres, Maria, etc. Especially Postgres is a defacto alternative to propritary MSSQL and Oracle.

 

Then came up other issues.

 

First issue was with Web Console certificate, which is not recognized by browser. This maybe is due to selfgenerated certificate. Why you don't incorporate a signed certificate for Web Console?

 

Next, ERA detected computers on networks and I added them to management. I also adjusted agent's policy, especially to connect every 1 min. Also adjusted policy for Windows Antivirus (we mostly use Windows) for our needs and, as suggested, specified HTTP Proxy to ERA server. All computers are in a domain we Kaspersky antivirus installed, firewall disabled. So first thing to do is install Agent on all those windowses.

 

Oh, my, this is dissapointing. From 300 computers only on 25 computers agent could be installed by the server. The tips to verify about problem are very trivial. Yes, computers a pinging, computers have firewall disabled, even kasperky's firewall, computers have hidden shares enabled, computers have RPC working and accessible, and the user specified in deploy task does have administrator privileges on all computers. Moreover, in ERA console I see lot of errors related to cifs (error 110, 113, 6). I have to mention that this was never an issue in Kaspersky Administration Console.

 

Ok, looking in what happens I was surprised that in order fro an agend to be installed from ERA server, the client's computer has do have internet access. Are you ok with this? Our company's internal policy does not permit access to internet for every computer. And nowhere on system requirement in documentation is mentioned about this for clients. This is not a option to open internet, even for several sites. Kasperksy does not needed this. Only Administration server had to have internet access to download updates.

 

Next, lets try using a offline install of the agent, like Kaspersky have (actually during windows automation install, agent is installed automatically with all configuration). Oh, again dissapointing. No way to specify commandline options like ERA server FQDN, password or certificate. More other, there is only a batch file which downloads from internet the agent and uses vbscript (!!!!) to install. I could modify batch script to download from our web server. But why so much pain to install an agent?

 

Then again an issue. Even after installing from msi and specifying all options to connect to server (manually in gui), the ERA server does not show that this client have any agent installed. I've digged to find the status html file of the agent on the client which shows succesfull syncronization with server every 1 min as I configured in the policy. But ERA server shows the client does not have any agent, so I can not go to install antivirus.

 

I again created a task to deploy the agent on this computer and received again a task fail with thouse access tips. Also I created a tasj to deploy agent on other client, but this task hanged and 'Starting' status.

 

One big plus for Kaspersky is that it runs task for multiple computers in parallel on all targets. ERA runs this sequentially, which lead to lot of spent time.

 

Next, I've moved to clients wich have agents installed and ERA shows this. Also it shows antivirus warning. I've created a task to install on those clients antivirus (Several clients to test how it is going). At start I deployied incorrect antivirus for our license. I want to mention that the policy for antivirus in our company is to password protect agent and antivirus for modification and uninstallation by unauthorised users. I was dissapointed that uninstall task from ERA server didn't do the job. I've found that I can specify PASSWORD option in the field for task, but it didn't help. I have to login to the windows client and manually uninstall. This is dissapointing as how ERA server cannot uninstall its software. I've read then that first thing to do is apply a policy with no password. But this is non-sense. What if the software works wrong on client and don't receive any policy? In Kaspersky's Administration Server this was not a problem to uninstall and/or reinstall the software on client (agent/antivirus).

 

After manually uninstalling wrong version of antivirus I again deployied the installation of correct version. On several computers I've got BSD. I had to back to a previous point in time to start windows. After this, agent wasn't showing in ERA despite it was running on client. Antivirus was incomplete. ERA couldn't deploy again agent on this client. I had to use thirdparty tools to clean up of agent and antivirus. This problems are very pointless to resolve in such way for hundreds of clients.

 

The other issue arised is the next day, for several succeded clients with agents and antivirus, ERA server shows that no antivirus is installed, despite the fact that on client antivirus runs, shows success database update, the license is ok, policy applied with success. Its non-sense. Yesterday this client had all issues resolved and was with green mark, today it reports in ERA as non-protected.

 

What to do with clients to which ERA server cannot deploye agents? So, using very non-optionall msi setup (how do you suggest me to setup for autoinstall the agent during windows installation?), I've installed agent, specifying ERA server, accepting certificate, typing password. Client shows in logs - it succesflully connected to server and sinchronized. But ERA server does not see this. I'm stuck at impossibility to use the ESET antivirus for this clients. Nor ERA want to install remotelly, nor offline install is detected. Windows client remains unprotected.

 

To conclude, switching to ESET Bussines solution brought us more trouble than the pluses it could have compared to Kaspersky solution.

Link to comment
Share on other sites

Hello.

 

Recently our company purchased bussines licence for ESET Antovirus. Before this purchase, we had using for a long time Kaspersky Antivirus for Bussines.

 

We was impressed by ESET because the Administration Server can run on Linux (no need for a Windows License), uses a opensource DB and also client antivirus software does not consume lot of processing power. Compared to Kasperksy, whose Admin Console is only for Windows and Remote Management Console is also only for Windows.

 

But I want to say that after key delivery we was very dissapointed of lot things that does not correctly work and was not mentioned on the web site which presented the solution. I thought that those problems were related to trial version that we implemented to test, prior to buying.

 

In order to start deploy the Antiviruses, I've choosed a virtual appliance with everything installed in it for ERA. This is a good point for ESET. I could go with regular installation in Linux environment, but there where nowhere mentioned about Debian 8 compatibility or support. So, having a Hyper-V environment, I've setup a VM and pointed to downloaded virtual disk. It started up and I could setup IP, FQDN, DNS and ready to work.

 

How I was dissapointed that the only opensource DB which is supported is MySQL (is it really open as of purchase by Oracle?). Why you don't support other opensource DB, like Postgres, Maria, etc. Especially Postgres is a defacto alternative to propritary MSSQL and Oracle.

 

Then came up other issues.

 

First issue was with Web Console certificate, which is not recognized by browser. This maybe is due to selfgenerated certificate. Why you don't incorporate a signed certificate for Web Console?

 

Next, ERA detected computers on networks and I added them to management. I also adjusted agent's policy, especially to connect every 1 min. Also adjusted policy for Windows Antivirus (we mostly use Windows) for our needs and, as suggested, specified HTTP Proxy to ERA server. All computers are in a domain we Kaspersky antivirus installed, firewall disabled. So first thing to do is install Agent on all those windowses.

 

Oh, my, this is dissapointing. From 300 computers only on 25 computers agent could be installed by the server. The tips to verify about problem are very trivial. Yes, computers a pinging, computers have firewall disabled, even kasperky's firewall, computers have hidden shares enabled, computers have RPC working and accessible, and the user specified in deploy task does have administrator privileges on all computers. Moreover, in ERA console I see lot of errors related to cifs (error 110, 113, 6). I have to mention that this was never an issue in Kaspersky Administration Console.

 

Ok, looking in what happens I was surprised that in order fro an agend to be installed from ERA server, the client's computer has do have internet access. Are you ok with this? Our company's internal policy does not permit access to internet for every computer. And nowhere on system requirement in documentation is mentioned about this for clients. This is not a option to open internet, even for several sites. Kasperksy does not needed this. Only Administration server had to have internet access to download updates.

 

Next, lets try using a offline install of the agent, like Kaspersky have (actually during windows automation install, agent is installed automatically with all configuration). Oh, again dissapointing. No way to specify commandline options like ERA server FQDN, password or certificate. More other, there is only a batch file which downloads from internet the agent and uses vbscript (!!!!) to install. I could modify batch script to download from our web server. But why so much pain to install an agent?

 

Then again an issue. Even after installing from msi and specifying all options to connect to server (manually in gui), the ERA server does not show that this client have any agent installed. I've digged to find the status html file of the agent on the client which shows succesfull syncronization with server every 1 min as I configured in the policy. But ERA server shows the client does not have any agent, so I can not go to install antivirus.

 

I again created a task to deploy the agent on this computer and received again a task fail with thouse access tips. Also I created a tasj to deploy agent on other client, but this task hanged and 'Starting' status.

 

One big plus for Kaspersky is that it runs task for multiple computers in parallel on all targets. ERA runs this sequentially, which lead to lot of spent time.

 

Next, I've moved to clients wich have agents installed and ERA shows this. Also it shows antivirus warning. I've created a task to install on those clients antivirus (Several clients to test how it is going). At start I deployied incorrect antivirus for our license. I want to mention that the policy for antivirus in our company is to password protect agent and antivirus for modification and uninstallation by unauthorised users. I was dissapointed that uninstall task from ERA server didn't do the job. I've found that I can specify PASSWORD option in the field for task, but it didn't help. I have to login to the windows client and manually uninstall. This is dissapointing as how ERA server cannot uninstall its software. I've read then that first thing to do is apply a policy with no password. But this is non-sense. What if the software works wrong on client and don't receive any policy? In Kaspersky's Administration Server this was not a problem to uninstall and/or reinstall the software on client (agent/antivirus).

 

After manually uninstalling wrong version of antivirus I again deployied the installation of correct version. On several computers I've got BSD. I had to back to a previous point in time to start windows. After this, agent wasn't showing in ERA despite it was running on client. Antivirus was incomplete. ERA couldn't deploy again agent on this client. I had to use thirdparty tools to clean up of agent and antivirus. This problems are very pointless to resolve in such way for hundreds of clients.

 

The other issue arised is the next day, for several succeded clients with agents and antivirus, ERA server shows that no antivirus is installed, despite the fact that on client antivirus runs, shows success database update, the license is ok, policy applied with success. Its non-sense. Yesterday this client had all issues resolved and was with green mark, today it reports in ERA as non-protected.

 

What to do with clients to which ERA server cannot deploye agents? So, using very non-optionall msi setup (how do you suggest me to setup for autoinstall the agent during windows installation?), I've installed agent, specifying ERA server, accepting certificate, typing password. Client shows in logs - it succesflully connected to server and sinchronized. But ERA server does not see this. I'm stuck at impossibility to use the ESET antivirus for this clients. Nor ERA want to install remotelly, nor offline install is detected. Windows client remains unprotected.

 

To conclude, switching to ESET Bussines solution brought us more trouble than the pluses it could have compared to Kaspersky solution.

 

Before using v6 in production you should have done few tests then you would have known all this in advance.

But, all that's left for you is:

 

a) ask for refund and return to Kaspersky

 

or

 

b) try ESET v5

 

I would suggest b). This way you will stay protected and still be able to test v6. v5 is really complete product and show you why ESET is amazing!

Yes, they have gone in wrong direction with v6, but let's wait and see for two more major releases this year.

Link to comment
Share on other sites

  • Administrators

Hello,
we are sorry for the first impression you've got after installing ERA v6. This forum is also supported by ERA engineers so I'm sure that all your questions could have been answered and issues sorted during the evaluation period. We listen to our users and improve ERA to meet their needs; also posts in this forum have been a source of inspirations for improvements that we have already implemented in ERA 6.1, 6.2, the latest version 6.3 with many more to be implemented in future builds.

 

I'll try to answer your concerns below:
 

First issue was with Web Console certificate, which is not recognized by browser. This maybe is due to selfgenerated certificate. Why you don't incorporate a signed certificate for Web Console?

For instructions how to set up HTTPS connection and use your own certificate for the ERA web console, please refer to hxxp://support.eset.com/kb3724/.

 

From 300 computers only on 25 computers agent could be installed by the server. The tips to verify about problem are very trivial. Yes, computers a pinging, computers have firewall disabled, even kasperky's firewall, computers have hidden shares enabled, computers have RPC working and accessible, and the user specified in deploy task does have administrator privileges on all computers. Moreover, in ERA console I see lot of errors related to cifs (error 110, 113, 6).

 

The recommended way for deploying the ERA Agent is via GPO as there are quite many system (not ESET's) requirements that must be met for push install to succeed.

 

in order fro an agend to be installed from ERA server, the client's computer has to have internet access

 

This is not true. Clients don't necessarily need Internet access if you use Agent Live installer. Only installing Agent via push install requires Internet connection at least through a proxy server.

As I've learned in the mean time, push install from Linux is problematic in general (be it ERA or a competitive product).

 

Regarding Endpoint, you can install it from a network share as well and update it either via an http proxy or from a local mirror. As for activation, even completely isolated computers can activate using an offline license file.

 

Only Administration server had to have internet access to download updates.

 

The same holds true for ERA v6.

 

No way to specify commandline options like ERA server FQDN, password or certificate.

 

All parameters can be set in the Agent Live installer. As you said, it's a batch file where you can also modify the path to the installer and point to a local share.

 

But ERA server shows the client does not have any agent, so I can not go to install antivirus.

 

Not sure what you mean. If you see a particular computer in the Lost and found group, it must have agent installed which has connected to ERAS at least once. Please provide a screen shot, we should be able to clear

 

 

I again created a task to deploy the agent on this computer and received again a task fail with those access tips. Also I created a task to deploy agent on other client, but this task hanged and 'Starting' status.

 

I'd suggest creating a separate topic for particular issues. Also include the ERAS trace log which contains valuable information for determining the cause of an issue.

 

I want to mention that the policy for antivirus in our company is to password protect agent and antivirus for modification and uninstallation by unauthorised users. I was dissapointed that uninstall task from ERA server didn't do the job. I've found that I can specify PASSWORD option in the field for task, but it didn't help.

 

Hard to say what went wrong but uninstalling agent from ERA should work, this was tested and we haven't been reported any issues with this as far as I know. Agent itself is protected against uninstallation on workstations by Self-defense which is part of Endpoint. Again, we will be glad to help you troubleshoot this issue in a separate topic.

 

On several computers I've got BSD.

 

Should you get BSOD again, we'd need a kernel or complete memory for analysis. Make sure that systems are configured to generate kernel or complete memory dumps (see hxxp://support.eset.com/kb380/for instructions). We are not aware of any issues haven't been reported any issues with BSOD

 

After this, agent wasn't showing in ERA despite it was running on client. Antivirus was incomplete. ERA couldn't deploy again agent on this client. I had to use thirdparty tools to clean up of agent and antivirus. This problems are very pointless to resolve in such way for hundreds of clients.

 

Check the agent's trace log as well as status.html for possible errors. Re-creating Agent Live installer and re-deploying it (preferably via GPO instead of push install) should fix issues with agents not connecting to ERAS in most cases.

 

 

ERA server shows that no antivirus is installed, despite the fact that on client antivirus runs, shows success database update

 

Is Windows Security Center / Action center reporting the protection status on the target pc correctly?

 

 

Client shows in logs - it succesflully connected to server and sinchronized. But ERA server does not see this

 

We'd need to check both trace logs from the ERA server and client for possible issues or errors. Please report the issue in a new topic and supply us with both trace log.

 

I believe that all (or most) of the issues could be sorterd out reasonably quickly with the assistance of other experienced users and ESET's staff. Our aim is to bring you features and enhancements that you require; we listen to users' feedback, suggestions and concerns and want to make working with ERA easy and effective for you.

Link to comment
Share on other sites

Before using v6 in production you should have done few tests then you would have known all this in advance.

But, all that's left for you is:

 

a) ask for refund and return to Kaspersky

 

or

 

b) try ESET v5

 

I would suggest b). This way you will stay protected and still be able to test v6. v5 is really complete product and show you why ESET is amazing!

Yes, they have gone in wrong direction with v6, but let's wait and see for two more major releases this year.

Well, asking a refund is not an option, as the procedure is not very simple for commercial companies in our country, especially when here is no direct representatives, only dillers.

 

I've thought about version 5, but as I mentioned - the biggest advantages I've seen is not paying microsoft for the Windows Server to run administrativ console. Kaspersky won't move to linux. Also I hope ESET will start using an opensource Postgres as an alternative for MSSQL (which have to be buyied with Windows Server just for protection against viruses on windowses?)

Link to comment
Share on other sites

  • ESET Insiders

From an ESET 5 user to ESET ERA 6, there is a huge learning curve. I tripped, stumbled, and fell face first my first two weeks of deploying ERA 6. But I did this in a development environment. I was deep in the console reading installer logs on the appliances, looking at error logs, inspecting traffic, rebuilding the DEV boxes not once, not twice, not three times, but four times, and a whole host of things that every IT professional should be doing before they put a new product of this magnitude into a production environment.

 

And you know what happened after (well, we still are) deploying in a limited production environment? I'm still debugging, troubleshooting, and tweaking things. It has now been four months since we purchased ESET. The slow deployment is not because of our inability to deploy new products but because we want to know every intricacy of ESET ERA 6 and EES 6, how to break, fix, break, and fix again our "customers" (company staff) so that we have future smooth deployments.

 

Read the documentation.

Watch the YouTube videos.

Post on these forums.

Reach out to ESET Business Support (they probably hate my emails, sorry support folks)

 

Don't be afraid to try new things. Don't do it in a production environment though.

 

I'm so comfortable with ERA 6, I cringe at how clunky ERA 5 was and when I started down this road I told the ESET sales rep and the sales engineer that I though V6 sucked. My how opinions change.

 

Anyways, you need to spend some intimate time with your product. Be the IT hero that deploy ERA V6 and don't get sucked into all these other grumblings about how ERA V6 is bad.

"Complaining about a problem without proposing a solution is called whining." The solution: get intimate with ERA 6. You can do it!

Link to comment
Share on other sites

From an ESET 5 user to ESET ERA 6, there is a huge learning curve. I tripped, stumbled, and fell face first my first two weeks of deploying ERA 6. But I did this in a development environment. I was deep in the console reading installer logs on the appliances, looking at error logs, inspecting traffic, rebuilding the DEV boxes not once, not twice, not three times, but four times, and a whole host of things that every IT professional should be doing before they put a new product of this magnitude into a production environment.

 

And you know what happened after (well, we still are) deploying in a limited production environment? I'm still debugging, troubleshooting, and tweaking things. It has now been four months since we purchased ESET. The slow deployment is not because of our inability to deploy new products but because we want to know every intricacy of ESET ERA 6 and EES 6, how to break, fix, break, and fix again our "customers" (company staff) so that we have future smooth deployments.

 

Read the documentation.

Watch the YouTube videos.

Post on these forums.

Reach out to ESET Business Support (they probably hate my emails, sorry support folks)

 

Don't be afraid to try new things. Don't do it in a production environment though.

 

I'm so comfortable with ERA 6, I cringe at how clunky ERA 5 was and when I started down this road I told the ESET sales rep and the sales engineer that I though V6 sucked. My how opinions change.

 

Anyways, you need to spend some intimate time with your product. Be the IT hero that deploy ERA V6 and don't get sucked into all these other grumblings about how ERA V6 is bad.

"Complaining about a problem without proposing a solution is called whining." The solution: get intimate with ERA 6. You can do it!

 

If I pay for product it should be well documented and work out of box. If I pay for product I have at least some right to say I am not happy with quality.

I have been deploying v6 in test lab since 6.1 and I don't see it for production ready. One day transition to v6 will be inevitable, but not yet.

 

Having to do all these things you say is something someone from beta test team should have done.

Doing test in test lab is just that. Test. Not searching for unknown bugs. Go ahead and look for example documentation on Active Directory deployment from Microsoft. You are guided step-by-step on what to do. Nowadays you even get online virtual lab for test.

Edited by bbahes
Link to comment
Share on other sites

From an ESET 5 user to ESET ERA 6, there is a huge learning curve.

Well, we didn't use ESET before. So I use v6 from start. I am not familiar with v5 at all.

 

 

I tripped, stumbled, and fell face first my first two weeks of deploying ERA 6. But I did this in a development environment. I was deep in the console reading installer logs on the appliances, looking at error logs, inspecting traffic, rebuilding the DEV boxes not once, not twice, not three times, but four times, and a whole host of things that every IT professional should be doing before they put a new product of this magnitude into a production environment.

I could agree with you if this were an opensource freeware product. In such software, indeed, each one should test, test and test. But we've selected the ESET based on the presentation on the site and buyied it. We espect it will work as it should without any development from us. Look at this like you buy a tv-set. Your walk into store and see different tv. You look at specifications and choose what suits you better and buy it. But, at home you have to develop some interfaces, you have to construct, you have to test and test and find bugs and ask support to fix what it should already work. Is it ok with you?

 

We've paied for a working solution, but there are a lot of issues on basic things. I as an IT specialiast in our company don't have time to test a paied product if the features advertised works or not. If ESET says that ERA can deploy authomatically agents to different clients, then it should do it smoothly, leaving behind only several problem clients. Here I see that only several clients are succesfull. This is not ok for a business product.

Link to comment
Share on other sites

BDeep, I couldn't agree more. I've used v6 for more than a year and will never consider even looking at V5 now. I'm not a fan of the browser interface for v6 as I find it slow to jump between computers and admin - invariably I end up with two browser tabs to help this - but I really like the task processing options in 6.3, e.g. easily run or rerun an existing task. That function was badly missing in 6.2 and earlier.

 

v6 is definitely the way forward. I'm managing 175 computers across 7 sites with it and it works very well.

Link to comment
Share on other sites

For instructions how to set up HTTPS connection and use your own certificate for the ERA web console, please refer to hxxp://support.eset.com/kb3724/.

Why should I use my own certificate? We have a self signed certificate for our products. But I asked about including in your products signed by authorised companyes certificates which are recognised by browsers, or don't use certificates at all.

 

The recommended way for deploying the ERA Agent is via GPO as there are quite many system (not ESET's) requirements that must be met for push install to succeed.

Why should we buy SCCM with windows server to do this? GPO is not oportune for unattended windows install. What are the system requirements for a push install? Send it to administrative share with administrator login and run it using documented possibilities. The your setup, as a standart windows msi setup, should determine if system meets minimal requirements, like other products do, and install or report back what is missing. Then I could resolve problem on particular computer.

But in ERA's case, from 400+ omogenous windows XP and 7 pro domain workstations centralised updated from WSUS, only several went ok in remote installing the agent. All others failed with impossible to access share? The user specified in task does have adminstration right to all computers and can access ADMIN$ without problem. Kaspesky and psexec does this without problem - running remote application.

 

 

Clients don't necessarily need Internet access if you use Agent Live installer. Only installing Agent via push install requires Internet connection at least through a proxy server.

As I've learned in the mean time, push install from Linux is problematic in general (be it ERA or a competitive product).

Clients does need an Internet access using push install or agent live installer. I've already tested this several times. Agent live installer is the same batch file which is used using push install. It does not contain msi file, it download it from internet. Yes, I can tamper batch script to download it from our web server. But, wait. I should have a file server share and a web server to install agent? It is non-sense. Why not use only msi and specify command line options to it? And what is need then for ERA if no centralised administration and automatisation is done? I don't have time to go thru all computers. And GPO is not an options. Ok, I could spare time, activate other ppl in process, but remains the problem that after offline installing agent, ERA server does not see the client. (While writing this a client which was offline installed agent didn't appear in ERA list, but ESET Antivirus was deployied and activated and update without any command from me using Web Console. How was that done?)

 

And yes, linux have problem deploying to windows. But there should be any logs about this reported via Web Console, not only in samba logs. And for each error code, Web Console should suggest some tips to resolve on the client. How should I know what cifs mount error to what client is related? I manage several linux servers which are joined to microsoft active directory and I can use shares on workstations without problem. Yes, I did some tweaks to samba and keberos, and I think that Web Console should have an interface in order for ITs to tweak this in the appliance.

 

Regarding Endpoint, you can install it from a network share as well and update it either via an http proxy or from a local mirror.

You mean that I have to install a proxy or a share mirror? Where then is centralised administration? If I have to use manual install Endpoints and setup proxy, then I could stick with your freeware version and don't pay anything.

 

Bussines package does mean that the administration is centralised and smooth without neeading for third party software (even GPO and SCCM). Thats why we pay for.

 

 

As for activation, even completely isolated computers can activate using an offline license file.

Why should I need an antivirus for completly isolated computer? :)

 

Yes, I can manually do activation with offline license, then why is the scope of ERA? Were is centralisation?

 

 

Not sure what you mean. If you see a particular computer in the Lost and found group, it must have agent installed which has connected to ERAS at least once. Please provide a screen shot, we should be able to clear

I mean that nowhere on ERA Web Console the computer is displayied, nor in All group, nor in Lost and Found. Agent does connect (because I specify server and accept certificate). It shows this in its log. But ERA does not list it. Adding it manually in Web Console does not help. The computer is in list with no ESET software installed and unknown status.

 

 

Hard to say what went wrong but uninstalling agent from ERA should work, this was tested and we haven't been reported any issues with this as far as I know. Agent itself is protected against uninstallation on workstations by Self-defense which is part of Endpoint. Again, we will be glad to help you troubleshoot this issue in a separate topic.

That is. On clients log the error is incorrectly specified password for uninstalling. ERA says only about failed uninstal (why it isn't more specific about what went wrong?). I've tried using option PASSWORD as in some FAQ on the eset site is suggested. So ESET Security wasn't uninstalled remotely. I had to do it manually.

 

A want you to mention that before installing ESET I created a task in Kaspers's Administration Console to uninstall password protected antivurs. I didn't specify any passord in the task parameters. Only choosed what to uninstall and the targets. After half a hour 300 computers were without kaspersky antivirus. That was quick. No problems. No issue.

 

 

Should you get BSOD again, we'd need a kernel or complete memory for analysis. Make sure that systems are configured to generate kernel or complete memory dumps (see hxxp://support.eset.com/kb380/for instructions). We are not aware of any issues haven't been reported any issues with BSOD

The BSOD was due to tcpip.sys. It arrised when Kaspersky Antivirus was installed at computer too. Why in conflict between two antiviruses tspip.sys is the problem? On other computers Kaspersky and ESET antiviruses worked together without problem. I understant that it is a particular computer problem. But if this will be a regular problem on much of computers without any antivirus, then it will be a problem.

 

 

Check the agent's trace log as well as status.html for possible errors. Re-creating Agent Live installer and re-deploying it (preferably via GPO instead of push install) should fix issues with agents not connecting to ERAS in most cases.

status.html shows Success connection to ERA server and synchronisation. No errors. Trace log also does not have any error. Intalling and reinstalling multiple times the agent implies lot of work. Where is the centralisation? At least, deploying agent should not have any problem at all, execpt problem between linux and windows shares. And manual install using offline installer should push client in ERA's Web Console list under computer list as installed agent. If such a simple thing is not working, then this is not production ready, and therefor sale ready.

 

 

Is Windows Security Center / Action center reporting the protection status on the target pc correctly?

First, why should ERA relay other what reports Windows' Security Center? ERA thru the agent should detect any problem with ESET products by itself.

Mostly we configure windows XP not to report any protection status to user with a popup. In windows 7 we disable only reporting of firewall.

 

So this is a problem of ESET agent. It must not asks Windows about ESET products, but detect it by itself. In kaspersky this was never an issue.

 

 

I believe that all (or most) of the issues could be sorterd out reasonably quickly with the assistance of other experienced users and ESET's staff. Our aim is to bring you features and enhancements that you require; we listen to users' feedback, suggestions and concerns and want to make working with ERA easy and effective for you.

I hope that ESET stuff will help me in resolving the issues. Ok. I can spare time on debugging and making ERA better in working. Only I need a quick help in resolving problem with agent to deploy antivurs - we are now unprotected because of this.

 

Also I would like ESET stuff to resolve the problem with taks running sequentially on specified targets. Why ERA does not start task (any task) concurently on all targets?

Link to comment
Share on other sites

 

Why should we buy SCCM with windows server to do this? GPO is not oportune for unattended windows install. What are the system requirements for a push install? Send it to administrative share with administrator login and run it using documented possibilities.

 

Who needs SCCM? You don't need SCCM, just create a software install task in a GPO with the files on a share. And you can edit the batch file to get the Agent files from the same share.

 

 

Why should I need an antivirus for completly isolated computer?

 

Does the isolated computer have a USB drive or CD drive? Then that is why you need AV.

 

 

On other computers Kaspersky and ESET antiviruses worked together without problem

Never, EVER, run two AV solutions on the same computer. They will fight with each other.

 

 

Rather than trying to compare ESET with Kaspersky, why not instead give a simle list of the issues you are facing so that people can help you to resolve them. The key to making it all work is to get the Agent installed onto the computers and communicating with ERA. Once that happens, everything else is easy.

 

 

Jim

 

PS Windows XP???? What is that ;-)

Link to comment
Share on other sites

From an ESET 5 user to ESET ERA 6, there is a huge learning curve. I tripped, stumbled, and fell face first my first two weeks of deploying ERA 6. But I did this in a development environment. I was deep in the console reading installer logs on the appliances, looking at error logs, inspecting traffic, rebuilding the DEV boxes not once, not twice, not three times, but four times, and a whole host of things that every IT professional should be doing before they put a new product of this magnitude into a production environment.

 

And you know what happened after (well, we still are) deploying in a limited production environment? I'm still debugging, troubleshooting, and tweaking things. It has now been four months since we purchased ESET. The slow deployment is not because of our inability to deploy new products but because we want to know every intricacy of ESET ERA 6 and EES 6, how to break, fix, break, and fix again our "customers" (company staff) so that we have future smooth deployments.

 

Read the documentation.

Watch the YouTube videos.

Post on these forums.

Reach out to ESET Business Support (they probably hate my emails, sorry support folks)

 

Don't be afraid to try new things. Don't do it in a production environment though.

 

I'm so comfortable with ERA 6, I cringe at how clunky ERA 5 was and when I started down this road I told the ESET sales rep and the sales engineer that I though V6 sucked. My how opinions change.

 

Anyways, you need to spend some intimate time with your product. Be the IT hero that deploy ERA V6 and don't get sucked into all these other grumblings about how ERA V6 is bad.

"Complaining about a problem without proposing a solution is called whining." The solution: get intimate with ERA 6. You can do it!

 

This is exactly what I do not want to do. I have no intention of making troubleshooting ESET V6 my full time job as I have so much more to do. These days I have come to expect most of the stuff work more or less smoothly out of the box. I'm willing to test and troubleshoot of course, but with ESET V6 this is just beyond pathetic. The documentation is a non-existent mess (compare that to exemplary documentation library of Kaspersky). We had experienced all the same problems as OP and more, and frankly, we are sick and tired of this product. ESET V6 ERA is a total POS, a complete garbage even after being out a full year. It's the worst remote administration product of any antivirus vendor. After being a loyal ESET client since the NOD32 Antivirus V2 we are ditching ESET for Kaspersky. I have always found Kaspersky to be resource hog on clients and the remote management to be a convoluted mess and bloatware but compared to this POS, that the the ESET V6 is, Kaspersky is a pinnacle of leanness and user friendliness. As things stand at the moment Kaspersky blows ESET out of the water when it comes to central remote management.

And, after all, if moving to ESET V6 is like starting from scratch anyway then why not start with a product that offers the best protection in industry? Especially as ESET has lost all its strong points compared to competition.

 

I'm sorry to say, but we are so very frustrated with the V6.

Link to comment
Share on other sites

PS Windows XP???? What is that ;-)

I can't communicate with one, which thinks nobody uses Windows XP, even in a joke way. We have even Windows 2000 for legacy software tied to machines.

 

And I did list my issues in my posts. Please read them.

 

Ok, I've got contacted by ESET support for our region to resolve the problems.

 

First, licensing. Its a mess.  Why so much trouble? Why computer needs internet to be able to activate when there is a centralised administration? Ok, offline activation file thru server. Why so much steps to have a simple activation? There is the license number, or the license file uploaded to server once for all seats. That must be all needed.

 

Second. We found up that if installing agent manually (I had to completly rewrite batch script to get agent from a samba share, not from http), then on computer after several minutes authomatically is deployed antivirus, activated and update, policy applied and so on. How?!?! How it was done? I didn't create any tasks or triggers on server for this. This is unappropriate, as I want agent to be installed on some computers and no antivirus (other antivirus will be), but using agent I will know about that computer.

 

But, even agent is syncronizing succesfully, computer does not appear on computer list at the server. The support guy suggested that it is because the mysql DB in appliance is not configured optimally. What? Seriously? Preconfigured virtual appliance is not confugured optimally by ESET experts? Ok. We changed an option - didn't help. As he suggested, that for DB it must be a dedicated server, I moved DB to our production server. And guess what - same problem. Computers does not appear in list. So this is definetly a server bug. He said that will contact main office for this. Plus other minor interface bugs, as the list of computer is not really sorted on open first time. It is need to click on column name to fully sort the list. Also there are about 30 alerts about viruses found on a computer in some files. The problem that this alerts never goes away and computer name changes with same file paths and names. Computers dont even have such paths, but interface reports about viruses unresolved. Again - its a software bug on server.

 

Next, agents not always deploy to clients. Even more, server says that computer could not be contacted to deploy agent, but agent was deployed. Another bug found using forums, that script which mounts windows shares in linux lacks sec=ntlm option. Moreother, I asked about where can I change deploy agent script which is sent to clients to point a download url from our servers, or using eset server as a proxy, and he answered that he does not know how to do it and will ask at head office.

 

Another problem I found that mail alert from server does not work. It needs a deep inspection in linux logs. Why? Why the appliance was not tested and configured properly?

 

Also I had to manually add the eset appliance's system to active directory. Editing xml file didn't do the job.

 

That is the progress for now.

Link to comment
Share on other sites

  • ESET Staff

Uau!! :o

 

In other hand, from my experience I can tell: >Any< software developed on/for Linux (who started on Windows) is and will be slow on develop/evolving, despite the desire/thoughts of the Linux community.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...