whether eset management agent for linux can be directly entered into the static group in esmc on install?
Are there parameters entered?
if someone has already done it, maybe it can be shared please,
↧
Install ESET Management agent for linux
↧
ESET SMC Server Syslog Strange Characters
Hi,
I've enabled syslog in ESET SMC (v7.1) and I'm able to see logs generated in syslog daemon. The configuration is the following:
However, the message of syslog contains non-printable characters at beginning and end:
# xxd /var/log/eset/RemoteAdministrator/Server/ERAServer.log
00000000: efbb bf7b 2265 7665 6e74 5f74 7970 6522 ...{"event_type"
00000010: 3a22 4175 6469 745f 4576 656e 7422 2c22 :"Audit_Event","
00000020: 6970 7634 223a 2231 302e 3235 302e 312e ipv4":"10.100.0.
...
00000160: 7222 3a22 222c 2272 6573 756c 7422 3a22 r":"","result":"
00000170: 5375 6363 6573 7322 7d23 3031 3523 3031 Success"}#015#01
00000180: 320a 2.
I know that the last two were escaped to #015 and #012 by the syslog daemon (rsylogd) automatically.
Does anyone know if this is expected? I tried both formats BSD and Syslog and they seem to give the same result.
Thanks!
↧
↧
Advance Heuristic Whitelist
Hello,
We have a problem with the Advance Heuristics, it's deleting emails from one of our customers, when the email reaches users outlook , it's deleted, when checked the log it shows, advance heuristic score 100, Is there any way to whitelist the sender? Funny thing is ESET Mail protection on Exchange server does not see any problem with the email, however when the email hits the mailbox of the users its automatically deleted because of advanced heuristics.
Please advise.
↧
Computer rename + licensing + ESMC
Greeetings!
I can't seem to understand myself or to find detailed info on computer rename process in regards of its "relationship" with ESMC.
Situation is as follows - there is domain computer with ESET managemnt agent and Endpoint Security installed (using business license). It's visible in ESMC and any kind of interaction through ESMC is possible. I change computer name (i.e. hostname not ESMC client name though Rename computer fuction), reboot it, sync static groups in ESMC. The very same computer wth new name is displayed as computer having no agent/security product installed. Endpoint secuirty works fine, i can update it and etc. but ESMC doesnot display the fact that it's a known client and has the software installed.
When I uninstall Endpoint security this computer falls back to its old name in ESMC and displays the fact that it has just the management agent installed. Complete reinstall of all ESET products solves the situation - computer has new name and is manageable from ESMC - but definitely shouldn't be default option for such situations...
Question - what's the correct procedure for situation when computer changes name? How is computer name linked to security product license and its ESMC client status?
↧
Outlook 365 doesn't sync for some users
We recently begun rolling out ESET Endpoint Antivirus 7.2 to our user base. Out of 200 or so users, we have about a dozen complaining that Outlook no longer syncs for them. We've tried enabling the option to "disable checking upon inbox content change" without any luck. We're going to try disabling the Outlook Add-in for now, but that's not a good long term fix. I have a support ticket open with ESET, but wanted to try this avenue as well.
As some background, these are all Windows 10 Pro x64 laptops running Office 365. We are using on-prem Exchange, however. There is no pattern to mailbox size or anything else we can determine. This is a pretty common setup, so I was hoping someone had come across this issue before.
↧
↧
Client not connected to ESMC
One of the client isn't connecting to the ESMC, and in trace log is generating errors : "No detected log filter or realm change" right before 4am. Status log shows no errors, modules are being updated regularly, and I checked the event viewer that shows nothing on the server that could be related to the problem I'm having. One thing I noticed is that there are trace log zip files generated every day before it stop connecting to the ESMC. ESET File Security v7.0 is currently on the client machine.
↧
Server installation questions
We have EES installed on all the client desktop machines, but also have servers running. Read this:
https://support.eset.com/en/kb2299-which-eset-security-solution-should-i-install-on-a-server
1) One server has Exchange on it, but it is not our primary Exchange (which we have moved to Office 365 in the cloud), but our old Exchange which we have no new mail coming in, but occasionally need to connect to because it does have some old emails we need to retrieve on occasion for legacy reasons. It also has a SQL server instance on it. Is the Mail Security for Exchange Server the option still?
2) The other server has IIS and acts as a file server. I am assuming the ESET File Security for Windows Server is appropriate for it. That is the machine I currently have ESMC installed.
3) I do not see the first server in the list of computers in ESMC. So, I tried to manually add it by clicking Add New at the bottom of the computer listing in ESMC, I get the message:
Some issues occurred during adding computers.
FAIL> XXXXX.XX.local (Duplicity on server)
↧
eCMD not opening
I'm having an issue where I set the policy in the ESMC to enable advanced ecmd commands for a machine running ESET Endpoint v7.2.2055.0. I try to run eCMD through both file path and CLI, but it would pop up then close immediately.
↧
Protection statistics feature
In the Eset Tools menu for 6.x used to be the "Protection Statistics" feature. This was useful because you could see the files in realtime that Eset was scanning. Then you could exclude some files (eg. temporary files etc) that were scanned in order to improve performance on the client PC. Is this feature gone - or is it available somewhere else in the 7.x menu?
↧
↧
ARP Cache Poisoning attack
Hi,
Our current network is running on class C "192.168.10.x/24" and few of my clients receiving "ARP Cache Poisoning attack" when cross check it found out that the source and target within the trusted network which is 10.x/24 network.
Steps taken: Have added our trusted network (given above) under IDS but seems not resolve.
Kindly advice further
↧
esmc 7 update server help
Hello ESET Forum Gurus
I'm in the process of setting up esmc 7.1 for the first time and and wow is it different
I'm currently using ERA 5.3 and have been for years however am now forced to upgrade
I'm really confused i'm in the process of creating new policies from scratch and having issues with the update part
in ERA i just made the server a mirror and pointed all the clients via policy to that server for updates
I can't find that option in ESMC 7 can someone point me in the right direction as this not all my clients have direct internet access so they need to update from a an update servers
once I have all the policies and updates running i will be mass deploying the new client 7.1 to the workstation.
Thank you for your time and effort in advance.
↧
Endpoint Linux v7
08/03/20 11:45:36 Real-time protection service Syscall init_module returns error: Operation not permitted root
08/03/20 11:45:36 Real-time protection service Initialization of system handler for on-access scan has failed. Please update your OS and ... root
08/03/20 11:51:01 Updating service Unauthorized access. eset-eea-updated
08/03/20 11:55:41 Logging service Connection to 5973 was unexpectedly closed: Agent not authorized eset-eea-logd
08/03/20 12:00:31 Configuration service Cannot write to socket: Broken pipe eset-eea-confd
08/03/20 12:00:31 Configuration service Cannot write to socket: Broken pipe eset-eea-confd
08/03/20 12:01:16 Licensing service Cannot receive data from server: Network is unreachable eset-eea-licensed
08/03/20 12:01:16 Licensing service Cannot receive data from server: Network is unreachable eset-eea-licensed
08/03/20 12:01:16 Licensing service Cannot receive data from server: Network is unreachable eset-eea-licensed
08/03/20 12:01:16 Licensing service Cannot receive data from server: Network is unreachable eset-eea-licensed
08/03/20 12:01:16 Real-time protection service Syscall init_module returns error: Operation not permitted root
08/03/20 12:01:16 Real-time protection service Initialization of system handler for on-access scan has failed. Please update your OS and ... root
08/03/20 12:01:16 Updating service Product is not activated. eset-eea-updated
08/03/20 12:01:34 Updating service Unauthorized access. eset-eea-updated
I have removed it for now , same as v4 because it stopped my Chromioum from working but different way not like other people , I keep getting in Chromium , waiting for socket.
The modules had up-to-date versions , so I don't really know what is the cause of all of this and I believe the protection wasn't working because it didn't detect the EICAR.
CPU is more relaxed compared to when v4 was installed.
And If I am not mistaken the " You have a system error " message has disappeared also from Ubuntu. - UPDATE : no it's not related to ESET..
System is :
Release 18.04.4 LTS (Bionic Beaver) 64-bit
Kernel Linux 5.3.0-40-generic x86_64
I have activated the product twice , and when I activate it I get that the product has been activated successfuly , and I can update after that , but I look at the logs it shows like this , I tried the EICAR , it passed fine , so it seems that nothing is running.
↧
ESET firewall blocks me from using ssh tunnel
My company requires me to activate the firewall but it blocks me completely from using ssh tunnel. And I just can't work now without ssh tunnel.
I tried deactivating firewall and everything works fine, this really discourages me from using ESET
↧
↧
Product is not connected. No connection attempt occured in ESET RA
Hi,
Most frequently we are facing the same issue for the warning alerts regarding “Product is not connected. No connection attempt occurred.” Which is related to the Linux servers which are running Server security v4.5.9.0.
Currently we are using ESET RA-
ESET Remote Administrator (Server), Version 6.5 (6.5.417.0)
ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)
These Host/Computers last connect was seen to be most recent i.e., ERA login time. As part of daily operations we have been following one procedure to resolve this issue which worked well for few but since last three months we are facing the same issue with more alerts getting triggered daily.
Procedure followed is as below –
1. We observe the last connected time of the host.
2. Later we check the current status of the host (running/stopped).
3. If running we go ahead with the Module update (Client Task) of the triggered host.
4. The host gets trigged and at the end result we have been seeing the update was failed with reason as “failed to start the task.”
I need this to be resolved ASAP as this was the major issue we were struggling to get this solved.
↧
NOD32 Antivirus update offline download
Hi,
Just wonder if i can download updates offline? I see that it´s possible to use mirror but sadly that won´t work in my environment.
BR
Erik
↧
Outlook Sync and conflict errors
Marco - an administrator has written a few times about these errors stating a newer version will solve the issue. We are now on 7.2.2055 and still get the sync and conflict issue. Any resolution other than "it will be fixed in the next version"?
"In this case it's the PR_TRANSPORT_MESSAGE_HEADERS_W property which is in conflict. The property contains transport-specific message envelope information for email and this modification cannot be avoided. If email is scanned on the mail server, disable integration with MS Outlook.
As of Enpoint 7.1, processing email messages will be completely revamped and will ultimately prevent sync issues from occurring."
↧
Product is not connected. No connection attempt occurred in ESET RA
Hi,
Most frequently we are facing the same issue for the warning alerts regarding “Product is not connected. No connection attempt occurred.” Which is related to the Linux servers which are running Server security v4.5.9.0.
Currently we are using ESET RA-
ESET Remote Administrator (Server), Version 6.5 (6.5.417.0)
ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)
These Host/Computers last connect was seen to be most recent i.e., ERA login time. As part of daily operations we have been following one procedure to resolve this issue which worked well for few but since last three months we are facing the same issue with more alerts getting triggered daily.
Procedure followed is as below –
1. We observe the last connected time of the host.
2. Later we check the current status of the host (running/stopped).
3. If running we go ahead with the Module update (Client Task) of the triggered host.
4. The host gets trigged and at the end result we have been seeing the update was failed with reason as “failed to start the task.”
I need this to be resolved ASAP as this was the major issue we were struggling to get this solved.
↧
↧
Peer certificate is invalid
Hi I have about 40 pcs that shows me this error
Peer certificate is invalid
What should I check?
Server:
ESET Security Management Center (Server), Version 7.1 (7.1.503.0)
ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0)
Clients:
Agente 6.5.522.0
ERA 7.1.2053.0
↧
ESMC Adding Server and File Server identificators to Linux Workstation
Hello there,
I have added new Linux machine with CentOS 7 to the ESMC and is automatically reporting that the machine is Server and Fileserver:
Is there any way to change this? How is ESMC detecting that this is Server/FileServer?
Thank you!
↧
How to add rules in ESMC from Learning mode created rules on the Endpoint?
Hello,
For the life of me I can't find single ESET guide that describes how the things works. They are like the joke for Windows' HELP - Extremely accurate but equally useless.
Here for example we have the Learning mode. The only description is few lines, containing nothing specific:
Automatically creates and saves rules; (ok. We know that from all other vendors) this mode is best used for the initial configuration of the Firewall, but should not be left on for prolonged periods of time. (Again we know how those modes works) No user interaction is required, because ESET Endpoint Security saves rules according to predefined parameters. (nothing new) Learning mode should only be used until all rules for required communications have been created to avoid security risks.(Great! How are the rules created?! Manually? Automatically? Export > Import!? How?!)
Nothing is explained in those guide. Same things with the tags - "Tags can be created and assigned manually by the user." Really? How?!? I needed 3 days to realize that I need to write non existing Tag in the search box to create it.
Anyway. The question I have now is "How to add the rules created by the Learning mode from the endpoint to the ESMC?"
Thank you!
↧