Jump to content

ESET Endpoint Security for Mac OS X - Startup Issue


Recommended Posts

This latest build seems to have resolved the issues for us.

However, not all policies are applying properly, so I assume an updated agent will be required, as well?

Any ETA on an official release date?

Thank you.

Link to post
Share on other sites
  • ESET Staff

Can you be more specific about the policies that are not applying (particular location of the settings).

 Also please provide the version of configuration engine module from "about" section of ERA

Link to post
Share on other sites
7 hours ago, MichalJ said:

Can you be more specific about the policies that are not applying (particular location of the settings).

 Also please provide the version of configuration engine module from "about" section of ERA

The most visible setting is that the ESET icon appears on the dock and is not hidden as it should be.

Event Logging doesn't appear to be happening on the client side; A scan appears to be running now (ESET icon is animating in the menu bar), but there is no status in the GUI, nothing logged in the Event log files.

Updates via the Task Scheduler do not appear to be happening; policy is set to update every 60 minutes, but it shows the last update as over 24 hours ago with the current definition file being March 1. I just ran a manual update successfully. This was not logged in the Event log files, either.

The Configuration Module version is 1461.10 (20170214)

Link to post
Share on other sites
  • ESET Staff

I have consulted it with developers and they have suggested that you contact customer care and open a ticket with them. Ideally ship all the versions (server / agent / product), and their respective configuration module at first. Alternatively also the policies, that are failing to apply / merge.

EDIT: Our QA managed to replicate the issue internally. There will be an update coming soon from my colleagues. 

 

Edited by MichalJ
Link to post
Share on other sites
  • ESET Moderators

Hello J-gray,

 

the update as promised by Michal:

 

21 hours ago, j-gray said:

The most visible setting is that the ESET icon appears on the dock and is not hidden as it should be.

When disabling icons (locally or by ERA), the GUI must be restarted for changes to take effect. The standard way to do this is by logging out and back in.

 

21 hours ago, j-gray said:

Event Logging doesn't appear to be happening on the client side; A scan appears to be running now (ESET icon is animating in the menu bar), but there is no status in the GUI, nothing logged in the Event log files.

First, computer scans don’t normally produce entries in event log, only in computer scan log – and here you need to be privileged user to see all logs. Second, scans initiated by scheduler (by policy or locally) or by ERA client task are not visible in Computer scan pane – this has always been the case. You will see the menubar icon spinning, but not much else

 

Scheduled tasks not executing.

This was a known issue in build .178, which was fixed in build .182 and above.

We have and RC version available to try at http://ftp.nod.sk/~mego/RC/business/6.4.188/ can you please check it it and let us know?

 

In case of any issues please send me and TomasP a private message with issue description, link to download the logs.

 

Thank you, P.R.

Link to post
Share on other sites

Thanks @Peter Randziak, @TomasP, and @MichalJ for working with the community to address these issues.

We have been testing 6.4.178 and 6.4.188 on a handful of machines.  We have not had any reports of the unresponsiveness during login.  So, it seems that the issue has been successfully addressed.

Unfortunately, the opendirectoryd issues are still present.

During the wait for 6.4.178, we have been trying to determine a better way to detect the issue so when a fix was available, we would have a better way to know that it's resolved.  We have been operating on the assumption that the issue revolved around opendirectoryd CPU usage.  We have already reported that the CPU% would increase, but the CPU time also increases greatly compared to a machine without EES (as reported by Activity Monitor).  A machine with EES 6 may have 7:51 (minutes:seconds) of CPU time over 9 days of uptime compared with a machine with 3:12 on a machine with 182 days of uptime that has not had EES installed.  We also checked a machine running NOD32 v4.1.100.2.  After 5 days of uptime, it had 0:34 of opendirectoryd CPU time.

So, even though the unresponsiveness appears to be resolved the opendirectoryd issue is still present.  It appears that they are separate issues that just so happened to occur at the same time.

Recreating the opendirectoryd issue can be easily done by opening the GUI, selecting Setup, and choose any of the categories (Computer, Firewall, or Web and Email) then click any of the Setup… buttons.  For us, there is a 30 second pause of the EES GUI until the new setup window appears.  This will occur only after the first time a Setup… window is opened.  It will occur again after reboot, or simply logging off and back on again.  During this long pause, Activity Monitor will show a high CPU % and greatly increasing CPU time for opendirectoryd.  Switching to the Network tab of Activity Monitor, we see network download activity on Rcvd Bytes by opendirectoryd.  As soon as the downloading of opendirectoryd stops, the setup window will appear.  If the machine is not connected to a network with access to a domain controller, this behavior does not occur.

Without running Wireshark, it seems obvious that many Active Directory objects are getting enumerated causing the long pause.  The higher the number of objects, the longer the pause.  This apparent reading of Active Directory is concerning some parties within the company.

This brings up some questions.

  1. Is this an issue that will be addressed?
  2. Why is Active Directory enumerated in the first place?
  3. Windows EES does not appear to do this, why does the Mac OS product?
  4. How can we explain the need to read so many AD objects to the concerned parties within our company?

Please let me know if you have issues recreating or need log files.

Link to post
Share on other sites
  • ESET Moderators

Hello Plex,

the pleasure is on our side.

Please let me thank you once again for the detailed description of the steps to reproduce the issue.

We were struggling for a long time to reproduce it internally and your instructions were key to success.

When it comes to the OpenDir issue.

We plan to fix it to the next major version i.e. 6.5 as it isn't an easy fix and we do not want to further delay release of 6.4 package with all the fixes planned for it. 

The AD users are being enumerated due to differentiation of privileged and standard users in terms of settings access rights.

Regards, P.R.

Link to post
Share on other sites
  • ESET Moderators

Hello,

@plex pleasure is on our side. I have some good news for you.

It seems that we were able to fix the "OpenDir" issue to the 6.4 version, the build should go to QA and if everything goes well it should be available for customers at the beginning of next month.

It probably makes your inquiry about the 6.5 version unimportant, but anyway we would like to release it in the autumn of this year.

Regards, P.R.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...