Jump to content

LocknetSSmith

Members
  • Posts

    108
  • Joined

  • Last visited

About LocknetSSmith

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA
  1. Anyone have any information on when the ESET Cloud Administrator will be (or if it will be) launched? So far we've only see the ERAS VM for Azure and what not. Any chance this Cloud Administrator is going to move forward?
  2. Is this bug within MS Office still a problem regarding Document Protection?
  3. Here is exactly what happened: - A customer with hostname (just for example's sake) was computername.domain.local and was actively checking into our ERA Server, and visible within my ERA Web Console - no errors present from the Eset side. ESET Remote Administrator Agent 6.4.283.0 was installed, along with ESET Endpoint Antivirus version 6.4.2014.0 - The customer requested that we reformat the computer, as in, wipe the hard disk, and reload the OS. During this process, the computer was still showing in our ERA Web Console, but was obviously not actively connecting (we use a 30 min. check-in interval). I didn't know this was going on, so never deleted the computer from our console (another technician was working with this customer) - Upon reloading Windows, the hostname the customer previously had was used again (I realize that's not what I said above... I just got this new detail). The technician used an Agent Live Installer I had created for him previously to reinstall the ESET RA Agent. - The technician logged into our ERA Web Console with the intent to create a Software Installation task to remotely push ESET Endpoint Antivirus. When he logged in however, the computer, computername.domain.local was showing as actively checking in, and furthermore showed that ESET Endpoint Antivirus was already installed, although he knew it wasn't. - He reported this to me, unsure of what to do. SO, I'm reading your post and see how the server is supposed to be acting, but this is actually what is happening. My question is, should I have done something previous to him reformatting the computer (had I known about it), such as deleting the device from our Web Console, or running the Stop Managing task against it? To answer your questions: - It is an Agent Live Installer. The Agent Live Installer was configured with the customer's ERA Certificate, our ERAS server's public facing hostname (the address the agent should check in to) was configured, and a Parent Static Group was defined. - Reverse DNS: Results in the same name as the "old" computer - The FQDN in the client details is identical. The end result is that the ERA Server "thinks" this computer still has Endpoint AV on it. The status.html log on the endpoint is showing all green - all OK, but Endpoint AV is really not installed on it. It (ESET Endpoint AV) was never reinstalled after the reformat.
  4. Neither - Meaning, full disk reformat. Wiping the hard drive, and reloading the operating system. No image involved in this particular case.
  5. We are having an issue wherein we have a computer that has been, say, reformatted. Upon reloading Windows, and so on, we install the most recent Eset RA Agent. From what we can tell, the computer checks in again, thinking it is the "old computer." Even when the hostname has changed, a "new" computer reflecting the new hostname never shows up in our console, yet the "old" computer continues to check in. The status.html log on the computer shows all Green, all OK. What is the proper procedure for this? Meaning, is there a task that should be ran from the ERA Console prior to reformatting the computer? What if a computer has already been reformatted, but the ERA Agent is still showing as checking in to our server? ESET Remote Administrator (Server), Version 6.4.295.0 ESET Remote Administrator (Web Console), Version 6.4.266.0
  6. If you follow the directions in the ESET KB provided, they walk you though setting up a quick process where you can generate a system crash on demand, and get the dump they are requesting.
  7. I felt I should circle back on this - the end result was that Eset v6.x is not compatible with VMWare Horizon. The suggested course of action was to roll our customer back to v5.x which worked in their VDI environment and then to look at ESET Virtual Security when it comes out of beta.
  8. Just checking - is there any documentation out there describing more specifically how the rogue detection sensor works? The ERA user guide is pretty generic on the matter, and I was unable to find anything substantial on the Knowledge Base. We're asking simply so we can determine why it picks up certain devices that are "false positives," such as printers. Specifically, how does it look for rogues, or maybe the better question, what is is looking for and where? Thanks.
  9. Hoping someone else may have went through this and might be able to help. I'm looking to see if I can create essentially two rules in the Mail Security for Exchange product (version 6.2) for one of our customers. Rule A.) would indicate that if an incoming email has a .zip attachment, that the attachment would be quarantined, but the email still delivered, with some type of notification so that the end user knows they had an email attachment quarantined. Rule B.) would have to supercede Rule A and say, if the incoming has a .zip attachment, with certain keywords in it (two specific words), that the attachment is "not" quarantined, but delivered. Rule A is somewhat negotiable. Our customer indicated that it "doesn't have to" notify the end-user that they had something quarantined, but it would be nice. They are currently using Vipre Mail Security, and have these rules set up, so I'm hoping we can do this for them now that we talked them into dropping Vipre!
  10. Can I ask - any of you who have been posted to this thread - do you use VMWare Horizon in your VDI environments? (version 5.x)
  11. We started using v6.x Eset RA Server right out of the gate at the end of December 2014, and believe you me, there have been times that I've wanted to throw the whole thing out the window, but we stuck with it, grew with Eset as they continued to improve the system (as they always do), and as of 6.2, managing some 6900 endpoints, I can't imagine life without it anymore. I used the v5.x ERAS/ERAC for two years and yes, I missed it, and there are a few things I still do miss, but I "get what they are doing with six." And when you consider where they can take it, with things like the Rogue Detection Scanner (let's add some SIEM functionality yeah?), and all the tools they've provide us sys admins - well, my hats off to the engineers on this one.
  12. I see this topic is a bit old, but I was having issues like this with an MSP customer (ESET Endpoint Antivirus for Mac OSX version 6.1.12.0 running on Mac OS X "Lion" 10.7.5) - specifically the following websites were given to me as examples: - aol.com (page never loads) - pandora.com (site loads, but cannot stream music) Working with Eset support, we did end up disabling the ERA_Proxy to resolve. Things have been working great since, but I haven't received word on whether it's OK to reinstall the proxy or if it's still an issue? I'm wondering what protection they've lost not having that proxy running?
  13. Is it possible to send syslog data from the Remote Administrator Server in v6? If so, are there directions anywhere on how to configure?
×
×
  • Create New...