Eset Product Is Installed But It Is Not Running
Kansas Eiffel
My organization needs to get this one figured out. This error seems to be a recurring theme for your products in the Linux environment, as I've read countless posts with similar issues. Most seem to be closed out with no solutions documented in the threads. Our company is starting to deploy a lot more Ubuntu servers in our environment and need to have this addressed.
During troubleshooting I've tried both the libssl-dev version 1.0.2, and the newer 1.1 that comes with 20.04. I can't find a definitive answer on which one to use, however I think that is less of a problem because both don't seem to work.
I've tried uninstalling and re-installing Efs, via agent and the installer I downloaded from your site, to no avail. The error messages that are in the screenshot I've posted recur in the syslog every few minutes.
I've been looking at similar statuses as the image below shows for all our Linux servers for over a year now in our console. Each release of the software seems to break even more functions for Linux ESET File Security.
sorry to hear, that you have difficulties with our product. From yours screenshot I can see that our services couldn't start correctly. Could be caused by issues during installation or something is preventing them to run correctly.
EFS has its own log collecting script (/opt/eset/efs/sbin/collect_logs.sh), could you please execute it and attach output? Archive you have attached in previous comment is produced by script designed for older versions of linux products.
Could it be possible to generate strace of our service? it could help us identify what going on there.
Before executing this command, please stop our service "systemctl stop efs" and make sure that none of efs service is left there ("ps -ef grep efs" output should not contain any service running, if something is still running, kill it). After executing strace command, it should generate "strace_efs*" files in /tmp folder, please attach them.
You mentioned that you tried also installation from package, during this process didn't you spot any errors/warning? Something like folder couldn't be created or similar (could be that some error occurred, but installation continued further).
since one or two months the ESET virus scanner does not start by itself after a reboot on any Windows server system. Neither on 2016 nor on 2019 or virtual machine or installed on metal sheet. A start of the service afterwards by hand goes without problems but when overlook this after a server reboot, there is no longer a virus scanner running.
yes it affects the Server Security App. I have also just installed the first version 9.0.12017.0 on a server and restarted, then the virus scanner ran afterwards automatically. But I have not installed any updates before the restart.
Good, I recommend to upgrade at least those machines, which had the issue before.
The issue manifests only on the first reboot i.e. the one to finish application of the updates.
based on what we know, the changes in the new builds should address it.
HI @Marcos These are primarily on Mac machines. ESET is installed, but the processes are not running. Is there a script or a way I can re-start the services? We do not want restart end users machines.
Hi Brandon, can you please share couple more details about the machines? What is the OS version, and what is the Mac Endpoint version? If I do recall correctly, this once happened to me, when I have upgraded the mac OS to High Sierra, however non-compatible Endpoint application was installed. But thats just a guess.
This just happened on my own Mac. Was working fine for a few weeks, did a macOS Mojave update, restarted, and now it's saying the ESET kernel extension isn't loading. Maybe something similar is happening to other Macs?
it looks like EFS is running correctly, could you please check also state of eraagent service? Also there are to many warnings for EFS, could you attach full output? (use lslog utility with parameters "ec" - ./lslog -ec)
so for first sight it looks OK for both product, could you please collect logs and send it to me by private message? I will check them and try to identify cause of your issue.
Server Security logs -> -US/collect_logs.html?zoom_highlightsub=collect+logs (execute mentioned script and attach output)
I have checked logs and according what I have seen there, Server Security isn't running correctly, therefore Management Agent can't connect to it and reports error in yours EP. Plenty errors and crashes there.
When i try to install an EMA (Agent) everything works well but when i try to install EES it does not run. It install without any errors, but doesnt run anyway. I have tried to executed manually but does not work either.
Let's start off by gathering logs with ESET Log Collector. It could be that ekrn.exe and egui.exe processes are running but the gui is not showing up for some reason. You can also check if the eicar test file is detected / blocked.
Let's start off by gathering logs with ESET Log Collector. It could be that ekrn.exe and egui.exe processes are running but the gui is not showing up for some reason. You can also check if the eicar test file is detected / blocked.
You have Win32/Agent.AABQ trojan and Win32/TrojanDownloader.Agent.DVC trojan running there. The detection was added in Nov 2018 and Jan 2019 respectively. Please run a disk scan with ESET Online Scanner and clean the malware.
Move the following files to a new folder (e.g. c:\esetvir). Next reboot the machine, compress the content of the folder and submit the archive to samples[at]eset.com. Only after you receive a reply delete the content of the folder:
The client install the Linux agent just fine and it reports in. But when the client install Endpoint 7.1.8.0 for Linux it seems to install without error but my control panel shows. Product is installed but it is not running
I did however read that we should remove secure boot from BIOS of the computer, I have not told the users to try it yet, but i am using a VM in virtualbox for troubleshooting, and I have the same issue and no secure boot is enabled.
On user's side it does not really show any errors, its hard for me to troubleshoot them as everyone is remote, and the users are not very good at Linux... so I installed Ubuntu 20.04.LTS in virtualbox for testing
Please provide me with your ticket ID so that I can check the status of it. This forum is meant for sharing knowledge with users and cases that need further troubleshooting require a support ticket to be created. Forums in general do not provide ticket tracking functionality to ensure that you receive a timely response.
I've inquired our Linux expert about this issue. The conclusion is that recent changes in kernel 5.8 require update of Endpoint. We're working on Endpoint v7.1.9.0 which should be ready in a few days and will be fully compatible with kernel 5.8.
This is not possible. Unlike running a software install task when the program is installed via the Windows Installer (msiexec.exe), auto-updates are installed by the program itself by assembling files using differential update files without the use of Windows Installer which stores its data (including the installation date) in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.
I don't understand. the installed eset endpoint product version is also at that registry place (eg: DisplayVersion). if the registry key "DisplayVersion" can be modified via auto-update to correct value, why not modify "InstallDate" at the same place also?
In this case right now, we have a user, who is on Mac OS X 10.13.3. In, ERA (ESET Remote Administrator (Server), Version 6.5 (6.5.522.0), ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0) on Microsoft Windows Server 2012 R2 Standard (64-bit), Version 6.3.9600), in the computer list it shows that there are no security products installed, and the installation task has failed. But if I go into the computer details view, it actually shows in the "Eset security products" part, that the client (ESET Endpoint Security 6.5.600.1) and the agent (ESET Remote Administrator Agent 6.5.376.0) is installed, and if I go the user's computer, it is actually running perfectly fine (but not activated). However, because ERA thinks otherwise, it won't let me activate it remotely (the task becomes "planned: no" status). Sometimes it lets me run the installation task again remotely, and then after deleting the user from console, it usually comes back in a fixed state. Removing the user without reinstall doesn't fix it alone.
Do you have any idea why is this happening? The only solution that I could come up is to remove the installations manually, and install it again. That usually fixes it, but it's really frustrating, since it's not an individual case.
Sure, it's always the same. The user installs the Agent with "sudo bash EraAgentinstaller.sh", and then when it connects to our ERA, it gets into a dynamic group that triggers the EES installation task.
ff7609af8f