cpetry 4 Posted June 2, 2016 Share Posted June 2, 2016 I'm not sure what's wrong with our config but we've been helped by a total of three ESET engineers. We are looking at our firewall logs and netflow information in Solarwinds and we can clearly see over 30 GB of updates being pulled over port 80 from the ESET update servers. In our policies we have them setup to use the HTTP proxy. Does it also have to be set under Tools > Proxy server? Policies: Endpoint Policy: ESET Security Product for Windows > Update > HTTP Proxy configured with username/password pointing to the installation location of the Apache HTTP Proxy ESET Security Product for Windows > Tools > Proxy server (not configured.. asked support during setup and they told me it wasn't needed) Agent Policy: ESET Remote Administrator Agent > Advanced Settings > HTTP Proxy (this is filled out with the same information above under "Update > HTTP Proxy") Yet, if I go into the directory for the Apache HTTP proxy, I can see a ton of data being cached in it. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted June 2, 2016 ESET Staff Share Posted June 2, 2016 Please try to re-configure Apache HTTP Proxy so that it will trace all operations. Configuration steps are described in Apache manual section Cache Status and Logging. Most of requests to ESET servers should be in "revalidated" log, "uncached" and "invalidated" request logs should contain detailed information of cache miss reason. Enabled tracing may have impact on proxy performance so i would recommend to enable it only for specific time period - until issues are resolved. Link to comment Share on other sites More sharing options...
tmuster2k 22 Posted June 6, 2016 Share Posted June 6, 2016 Not sure if you have it configured properly. When choosing the Apache Http Proxy from the all-in-one installer, it will create default agent polices and one for the Shared local cache- HTTP Proxy Usage. The Remote Admin agent - HTTP proxy Usage and Shared local cache are set to ALL for the default targets. you have to manually assign the HTTP proxy in your policy. 1. Open up your default master policy. 2. Go to >> Tools >> Proxy Server and then over to the right should be the Ip address or FQDN of the ERA 6 server. 3. Proxy is not configured under Update unless you also have internal proxy. 4. for Update >> HTTP PROXY> I would recommend setting to "Do not use proxy server " 5. Force these changes in the policy and now when you go to the GUI on one one of the workstations check >> Tools >> PROXY SERVER and confirm ip or hostname. These systems should be getting their updates from the PROXY now. Link to comment Share on other sites More sharing options...
cpetry 4 Posted June 6, 2016 Author Share Posted June 6, 2016 Yeah, the Tools>proxy server was blank, but under Updates > HTTP Proxy, that was filled out. This is how all three of the ESET engineers had me configure it.. I added the information into all of my policies for Tools>proxy. I kept the HTTP proxy information filled out for now. I have both an ESET and Apache HTTP proxy setup to use the same FQDN internally and externally. I'm going to monitor the behavior of the clients and see if anything still attempts to connect to the ESET update servers directly. I'll post back after a week of usage. It was obviously not working since we have thousands of clients and it was really adding up. We could see it as a top 5 bandwidth hog in our netflow. Link to comment Share on other sites More sharing options...
cpetry 4 Posted June 6, 2016 Author Share Posted June 6, 2016 It should have still worked IMO: https://help.eset.com/ees/6/en-US/index.html?idh_config_connection.htm I set it under tools>proxy and just made sure to enable "Use direct connection if proxy is not available". I remember updates failing with Updates > HTTP Proxy, being set until we fixed the credentials. So it was authenticating. I know it was since the clients were having authentication errors while trying to update until we fixed the username/password in the Apache config. Technically, setting the global setting shouldn't matter since I have it set in Updates>HTTP Proxy to use a proxy server. I have two update profiles, the second is set to use the ESET update servers in the event ours aren't available. Now, if we are using the Updates > HTTP Proxy setting, should the update server be set to auto-select, or should that be the address of the proxy server? Right now it's set to auto-select under Updates>Basic. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,092 Posted June 7, 2016 Administrators Share Posted June 7, 2016 If you set up the proxy, in the update setup leave "Choose automatically" enabled and do not use any custom server (it should be used only when updating from a mirror). The proxy should be set under Tools -> Proxy server, not in the update server setup. The proxy setting in the update setup is only useful when using dual update profiles when one profile uses a proxy and the other doesn't (e.g. when updating outside of LAN). If the proxy is configured only in the update setup, other functions that require communication with ESET's servers, such as activation, Web Control or LiveGrid won't work. Link to comment Share on other sites More sharing options...
Recommended Posts