Jump to content

So long and thanks for all the fish.... Moving a 1500-2000 node network off of ESET.


Recommended Posts

Okay, I've upgraded from 6.3 to 6.4 and the known issues list just gets bigger.  It's obvious ESET isn't the same company it was years ago.  It feels like they lost their best programmer or something.

 

I can't stand the issues I'm having anymore and it's time to say goodbye to ESET as a corporate solution.  

 

I'm having quotes pulled right now for both Kaspersky and Trend Micro.  ESET isn't even in the top quadrant with Gartner and I know why now.  After using ESET for over 3 years in a business environment I can see this is a home product.  

 

There's still a bug with ESET File Security preventing me from upgrading from 4.5 to 6.X.  This hasn't been fixed and it's still on the ever growing list of known issues with the 6.X product line.  

 

Our contract with ESET ends on 5/2017.  So we are going to have to ride it out until then.  I'll continue to use ESET at home and recommend it for home use.  I will never recommend it for a corporate environment as it lacks the ability to execute, as Gartner would put it.

Edited by cpetry
Link to post
Share on other sites

Ok I'll bite :-)

 

Aside from the File Security item you mention, what other issues are you experiencing? I know that 6.4 has fixed a lot of issues for a lot of people, so I'm surprised that your list of issues appears to have grown.

 

Just curious.

 

 

 

Jim

Link to post
Share on other sites

I can't imagine deploying v6 to 3000 clients...that would be nightmare :D

We have 80 client's and we may consider upgrade to v6 after they reintegrate mirror options back to ERA. Since they don't consider we wait and test each new release.

I would suggest staying on v5 it's still amazing product.

Edited by bbahes
Link to post
Share on other sites

we are currently deploying ESET v6.4 for about 1000 clients.

the less i can say, it is a very very consumming time process, for "just" the antivirus.

most of the time, this works well, but sometime the uninstallation of Enpoint V5 and FS V4.5 is a real nightmare..

I really enjoy the web console, but in my opinion, the whole product is between a beta and a rtm version.

too much bug, to much unachieved are non present fonctions.

Saying that, we have very good results against cryptolockers with v6, unlike with v5, totally ineffective and nightmare for many clients....

Link to post
Share on other sites

we are currently deploying ESET v6.4 for about 1000 clients.

the less i can say, it is a very very consumming time process, for "just" the antivirus.

most of the time, this works well, but sometime the uninstallation of Enpoint V5 and FS V4.5 is a real nightmare..

I really enjoy the web console, but in my opinion, the whole product is between a beta and a rtm version.

too much bug, to much unachieved are non present fonctions.

Saying that, we have very good results against cryptolockers with v6, unlike with v5, totally ineffective and nightmare for many clients....

 

That will be single reason why we might upgrade to v6.

Link to post
Share on other sites

I'd love to have more details on the issues you are having with 6.4. We are on 6.3 and planning to upgrade too. 2500 systems.

 

6.0 was a total nightmare but since 6.2 it's starting to get better. 

Link to post
Share on other sites

I'd love to have more details on the issues you are having with 6.4. We are on 6.3 and planning to upgrade too. 2500 systems.

 

6.0 was a total nightmare but since 6.2 it's starting to get better. 

 

How do you monitor update status?

How do you monitor firewall blocked connections?

Link to post
Share on other sites
  • ESET Staff

@ Bbahes:

  1. You can easily configure a report template for the dashboard, that shows you the current VSDB version reported by clients. You can also configure "maximum database age" in the Endpoint policy, so the client starts reporting a problem with updates, if this is reached (you can set it to one day). This question was already ask, but why you need to know the exact VSDB version, and compare it with the version, that ESET has released (like the data feed from ESET Virus Radar). You still could have a local mirror set-up, which will indicate what is the version on the mirror (you can have two reports). One for mirror, one for the rest.
  2. This is tracked as an improvement, and would be possibly resolved in ERA 6.5 (we are currently analyzing the best way, how to do this).

@cpetry:

  1. The problem with File Security is with the older version, which is currently only in the limited support. Even if you do perform the upgrade locally, restart of the computer is needed. ERA agent currently does not have functionality, that would be able to report task status after a service restart. We are examining options, how to change this behavior for the older versions.
  2. I am interested to hear (as well as others were) what other problems you are experiencing with ESET Remote Administrator 6.4?

Thank you.

Link to post
Share on other sites

I've got some problems with RA 6.4 (some are for all of 6x) i can share from our 2k Antivirus, 100 file security, and shy of a dozen exchange licences. Our Clients are a mix of desktops, laptops and Tablets, all windows 7/8 - 32 and 64bit.

 

1. Agent Deployment  - We are upgrading the agents on our Desktop Clients Agents from 6.3x to 6.4x. I spent an entire weekend attempting to edit the batch file created from RA 6.4 to point to the Agent_x64 and _x86 files on our network share, instead of having to pull all 2k Agents from the internet as happens using the server task. After finally figuring out the adjustment of the batch file (The instructions in the helpfile and on the web are wrong for the current version of the batch file being deployed). I then had to set off a task in RA to run a custom command, use the super arcane throttling options (Too much to ask for an option that says 'Run 3 every 10 min' or something?) and time it so that it does not run during business hours. 

 

2. Client Deployment - We have upgraded from version 5x (some computers are still not on 6x) and within a few versions of 6x -- we have found that the only reliable way to preform an 'automatic' update is to do the following:

Upload ERAUninstaller.exe to client machine

Run command ERAUninstaller.exe

Reboot computer

Run command ERAUninstaller.exe

Reboot computer

Run command ERAUninstaller.exe

Reboot computer

Attempt Install

-- If failure (10% of all install attempts seem to fail) Repeat whole process 

 

Keep in mind that the above process again can only be done when the computer is not being used (I have to run a seperate script out side of eset to determine if someone is logged into the machine, but can't easily import these results into RA so) i have to manually select those computer names within ERA

 

3. 'Proxies' - There are two? Proxy setup options within ERA if i'm not mistaken. One is for if your company has a web proxy in place already for access to the outside Internet. One serves as the 'Mirror' From version 5x. allowing clients to not download their DB updates from the internet (Same with Agent and Software updates??). Unfortunately because of my inability to source the proper documentation this has not been a feature we've been able to properly implement. (Let alone easy setup/deploy from within RA)

 

4. Dynamic Groups Entry Run Task - This seems to be setup strangely, and it appears to run the task on ALL computers in the Dynamic group whenever a new computer enters or leaves the group -- not very helpful if you just want to run a task once on a computer as it enters the dynamic group (run uninstall task on computers that enter the dynamic group).  Maybe this is just not working right on our installation, or there is another option i'm not using?

 

5. Active Infection/Threats - It seems VERY silly to have a system that scans for an infection, determines the infection exists, Cleans it off -- but then relies on human intervention to 'mark as resolved' -- I have an application so i do not HAVE to trust that some staff member has properly determined an infection has been cleaned. 

 

6. Unblocking threats/PUP's - for instance there is an application one of our Admins is downloading, it has something within that is detected as a PUP so the download is canceled. How to unblock? Will this unblock when he attempts to install it? Will this unblock that particular PUP for all applications? There does not seem to be an easy way to manage this?

 

7. Security - In RA it seems i'm not able to limit a users ability to preform much in the application. If i give a user the access to scan a machine for viruses, i've also given them the ability to run tasks that could wipe the drives of every machine on the network (Run command 'Format C: /y' for example). Am i missing more granularity in the security setup or is this really as good as it will get?

 

 

 

 

 

 

I'm personally hopeful that these are issues that are specific to me and not anyone else, including the OP, and that a support ticket can solve most of it (or even a link to some instructions would be helpful!).. but from what i can tell.. this just might be the new ESET.  (Applocker applied judiciously really stopped all of our Cryptolocker issues, and most other viruses dead, eset has really been for PUPs lately on our end(fingers crossed)) and it's either get used to it or ??

 

 

Jdashn

Link to post
Share on other sites

@ Bbahes:

  1. You can easily configure a report template for the dashboard, that shows you the current VSDB version reported by clients. You can also configure "maximum database age" in the Endpoint policy, so the client starts reporting a problem with updates, if this is reached (you can set it to one day). This question was already ask, but why you need to know the exact VSDB version, and compare it with the version, that ESET has released (like the data feed from ESET Virus Radar). You still could have a local mirror set-up, which will indicate what is the version on the mirror (you can have two reports). One for mirror, one for the rest.
  2. This is tracked as an improvement, and would be possibly resolved in ERA 6.5 (we are currently analyzing the best way, how to do this).

@cpetry:

  1. The problem with File Security is with the older version, which is currently only in the limited support. Even if you do perform the upgrade locally, restart of the computer is needed. ERA agent currently does not have functionality, that would be able to report task status after a service restart. We are examining options, how to change this behavior for the older versions.
  2. I am interested to hear (as well as others were) what other problems you are experiencing with ESET Remote Administrator 6.4?

Thank you.

 

ESET sometimes has problems with virus database (mostly false positive detection) and so I need to revert to old version. I could have both info on client and server very easily in few clicks, why you changed something that works great is beyond me. Also you still have problem with Internet Protection Module in v5 products and they are sometimes unable to even connect to ERA or download updates, so I can easily track which clients are problematic.

 

Report stuff is great for someone who wants to look at reports (managers probably love your v6) I need current real time situation like in v5. I guess this could be addressed with dashboard, but please add search box for "Add report" form.

 

Regarding "improvement" that is being tracked I wish you have some bug tracking system that will report things that are to be fixed.

 

 

Anyhow, thank you for your answer :)

 

EDIT: You do have on dashboard "Report" that would show information I would need, however I need to click on grouping and select "Detailed information" and then I would get table view which I have to manually refresh...

Compared to v5 this is step back.

Edited by bbahes
Link to post
Share on other sites
  • ESET Staff

I've got some problems with RA 6.4 (some are for all of 6x) i can share from our 2k Antivirus, 100 file security, and shy of a dozen exchange licences. Our Clients are a mix of desktops, laptops and Tablets, all windows 7/8 - 32 and 64bit.

Jdashn

 

Hello, I would like to provide you with an update:

  1. AFAIK this was solved in the separate thread. There was a change in the live installer scripts, however this was not reflected in the documentation. We will issue a documentation update shortly
  2. We are tracking improvement for "IFTTT" (basically be able to selectively run tasks, after another task being executed). Let me please ask you, why a standard "software install" over the V5 version does not work, as this should be a supported scenario (we have a known issue, that this does not work in case of EFSW 4.5 => EFSW 6 upgrade, as restart is needed in between).
  3. There are two proxies in the "ERA World".
    1. ERA proxy, which allows to aggregate communication from ERA agents to ERA server (could be used for load balancing, or for improving connections of remote branches).
    2. Apache HTTP Proxy (which could be installed together with ERA), which is then used for caching of updates, installers, and also forwarding traffic to ESET Servers when needed (live grid, web control, activation servers ...). hxxp://help.eset.com/era_install/64/en-US/index.html?apache_http_proxy.htm/ hxxp://help.eset.com/era_install/64/en-US/index.html?difference_connectivity.htm / hxxp://support.eset.com/kb3639/. You can use any standard web forward proxy with enabled caching instead, you have then to configure it in server settings & policies for agents (advanced / http proxy), and security products (tools / proxy server & updates / use proxy server). It will then route the communication with ESET via this proxy server, and you will benefit from the decreased network load during deployments / software installs / and updates.
  4. Joined dynamic group trigger task, is executed every time, when clients enters a dynamic group. This is evaluated by agent, meaning that the task is executed only on the applicable agent. There is no way, how this should affect execution of the task on the other clients in the group (the group view in ERA is only a filter, reported by agents, that they reported membership in such dynamic group)
  5. We are working on changing this behavior, so threats will be automatically resolved upon execution of scan task / cleaning / deletion. This is targeted to version 6.5 to be release in December
  6. We are working on changing this behavior, so in case a PUA is detected, you will be able to interactively whitelist is. This is most probably coming later, next year.
  7. This will be changed in ERA 6.5, which will have a completely new / redesigned internal security model, which will achieve / fix the scenario you are talking about. You would be able to grant granular access to users, they won´t see objects of others.
Link to post
Share on other sites

Thanks for the reply!

 

1. Yes this was solved in another thread -- First time poster -- I think my new thread was approved before this first post i made here. -- Totally realized I should just ask most of these questions.. as it's likely just due to my own ignorance.

 

2. I've actually had almost zero luck installing any version of 6x over 5x, or any version of 6x over 6x. Recent upgrade from 6.3x to 6.4x was done by using the outlined method because i could not get an attempt to install 6.4 over 6.3 to work from RA. Usual error messages referenced not being able to stop the service,  or not being able to delete a file, or something similar. The only solution i've been able to find that works is to preform multiple uninstall actions using the ESETUninstaller.exe /nosafemode /force as a Run Command, and sending reboots. 

 

3. I still have some open questions regarding the Apache HTTP proxy and how it can be setup. 

 

 

4-7. Thank you for this information!

 

Jdashn

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...