Difference between revisions of "ESET"

From Indie IT Wiki
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
ESET is a Slovakian company formed in 1992 and has its headquarters in Bratislava and specializes in antivirus software with spyware and malware protection.
 
ESET is a Slovakian company formed in 1992 and has its headquarters in Bratislava and specializes in antivirus software with spyware and malware protection.
 +
 +
== '''ESET Blog Site''' ==
 +
 +
https://www.welivesecurity.com/en/
  
 
== '''ESET SysInspector''' ==
 
== '''ESET SysInspector''' ==
Line 9: Line 13:
 
  /privacy (generate report with excluded sensitive information)
 
  /privacy (generate report with excluded sensitive information)
 
  /zip (a report is stored in a compressed file)
 
  /zip (a report is stored in a compressed file)
  /help (display information about usage of command line parameters)  
+
  /help (display information about usage of command line parameters)
  
 
== '''ESET License Administrator''' ==
 
== '''ESET License Administrator''' ==
Line 17: Line 21:
 
[https://buy.eset.com/uk/licence Increase License Numbers]
 
[https://buy.eset.com/uk/licence Increase License Numbers]
  
== Tools ==
+
== '''Tools''' ==
  
 
[https://www.virusradar.com/en/tools/cleaners Cleaners]
 
[https://www.virusradar.com/en/tools/cleaners Cleaners]
Line 48: Line 52:
 
[http://www.eset.com/int/download/utilities/detail/family/239/#offline,151,,,, Web Page]
 
[http://www.eset.com/int/download/utilities/detail/family/239/#offline,151,,,, Web Page]
  
== '''ESET PROTECT (9.x)''' ==
+
== '''ESET PROTECT''' ==
 +
 
 +
=== Installers ===
 +
 
 +
https://support.eset.com/en/kb6114-download-an-earlier-version-of-eset-protect-and-its-components
  
 
=== Upgrade ===
 
=== Upgrade ===
Line 149: Line 157:
  
 
https://support.eset.com/kb2513/?viewlocale=en_US
 
https://support.eset.com/kb2513/?viewlocale=en_US
 +
 +
=== Allow Specific Storage Device ===
 +
 +
https://support.eset.com/en/kb5684-block-removable-media-in-eset-windows-home-products
  
 
=== Configure an ESET endpoint product to function as a Mirror server ===
 
=== Configure an ESET endpoint product to function as a Mirror server ===

Latest revision as of 08:20, 10 May 2024

ESET is a Slovakian company formed in 1992 and has its headquarters in Bratislava and specializes in antivirus software with spyware and malware protection.

ESET Blog Site

https://www.welivesecurity.com/en/

ESET SysInspector

http://us.eset.com/int/support/sysinspector/faq/

sysinspector.exe
/gen (generate report directly from command line without running graphic user interface)
/privacy (generate report with excluded sensitive information)
/zip (a report is stored in a compressed file)
/help (display information about usage of command line parameters)

ESET License Administrator

https://ela.eset.com/

Increase License Numbers

Tools

Cleaners

Online Cleaner

ESET SysRescue Live

ESET SysRescue Live uses GNU Linux OS to run from either an optical disk or USB drive. It is based on the LXDE desktop session environment making it lightweight and fast. The package system APT (Debian package management utility) allows you to install potentially useful packages, for example applications or drivers.

If you are an experienced Linux administrator, you can use LXTerminal console to perform the necessary operations under root privileges (you must enter sudo before each console command), such as fsck for file-system check, cfdisk (console version), or

GParted (graphic user interface version) to open the partition manager.

To access the Internet, use the integrated Chromium web browser by clicking system menu Browser.

Etcher USB Burner (for ISO or IMG files)

Latest Version

ISO File

Live CD / USB Creator

PDF Manual

Web Page

ESET PROTECT

Installers

https://support.eset.com/en/kb6114-download-an-earlier-version-of-eset-protect-and-its-components

Upgrade

Option 1 - In Place Upgrade

This process is more simple and does not require access to the appliance, only to the Web Console. We recommend this procedure for minor and hotfix upgrades.

https://help.eset.com/protect_deploy_va/90/en-US/?va_upgrade_migrate.html

Upgrade the VA using a Components Upgrade task:

  1. Upgrade the ESET PROTECT Server first.
  2. Upgrade a ESET Management Agents sample group.
  3. If the upgrade of the sample is successful and Agents are still connecting, continue with the rest of the Agents.

Option 2 - New Virtual Appliance and New IP Address

This upgrades your whole Appliance (the underlying operating system), not just the ESET PROTECT Server. The process is more complicated and requires having two concurrent appliances during the transition period. We recommend using the database pull for upgrading to the major versions or as a troubleshooting method.

https://help.eset.com/protect_deploy_va/90/en-US/?va_upgrade_migrate.html

  1. Download the latest protect_appliance.ova (or protect_appliance.vhd.zip if you use Microsoft Hyper-V).
  2. Deploy a new ESET PROTECT VA. See ESET PROTECT Appliance deployment process for instructions. Do not configure the new ESET PROTECT VA via its web interface yet.
  3. Pull database from your old VA. See Pull database from other server for a complete step-by-step guide.
  4. Configure ESET PROTECT Virtual Appliance via its web interface.
  5. Verify that your new ESET PROTECT VA behaves the same way as the previous one.
  6. Upgrade a ESET Management Agents sample group using an ESET PROTECT Components Upgrade task.
  7. If the upgrade of the sample is successful and Agents are still connecting, continue with the rest of the Agents.

ESET PROTECT (8.x)

Migrate to a new Certificate Chain

Allow macOS system integration to complete install

Virtual Appliance Upgrade

Components Upgrade

ESET Uninstaller

Using the ESET Uninstaller Tool

ESET Security Management Center (7.x)

Upgrade

Help > Update product

Export the Certificates, then...

mysqldump --host localhost --disable-keys --extended-insert --routines -u root -p era_db > mysqldump-era_db_2021-01-11.sql

Links

Deploy ESET Management Agent

Documentation

Download

Security Management Center Components Upgrade

Unblock a Safe Web Site

ESET Remote Administrator (5.x 6.x)

Backup ERA

Upgrade ERA

Upgrade to latest ESMC 7.x

Component Upgrade Task

Configure ESET Remote Administrator to automatically deploy ESET endpoint products to unprotected computers

https://support.eset.com/kb3702/?viewlocale=en_US

FIX: Error: "Login Failed, Connection has failed with the state of 'Not connected'"

This will happen because the Java version has been upgraded and the ERAServer does not know.

The fix is here: https://support.eset.com/kb6760/

Allow Remote Clients To Connect To ERA

https://support.eset.com/kb3304

https://support.eset.com/kb6130

Generate Custom Paid For SSL Certificate

https://forum.eset.com/topic/4986-era-v6-webconsole-ssl-certificate/

Block USB External Storage Disk Drives

ERA > Admin > Policies > New Policy > 'Block USB Drives' > Endpoint for Windows > Device Control > Integrate into system > Rules > Disk Storage > Block > OK > Save

https://support.eset.com/kb2513/?viewlocale=en_US

Allow Specific Storage Device

https://support.eset.com/en/kb5684-block-removable-media-in-eset-windows-home-products

Configure an ESET endpoint product to function as a Mirror server

http://support.eset.com/kb3641

Clear Resolved Threats

http://support.eset.com/kb5727

Install 3rd Party Software

You may also use "Software installation task" but provided package must be .msi and must support quiet (non-interactive) installation.

Admin > Client Tasks > Software Install > New Task > msiexec /i /q xxxxxxxxx.msi

or

Admin > Client Tasks > Run Command > New Task > setup.exe /switches

Manually Add IP Address Of Computer

http://support.eset.com/kb3609/#manual

ESET ERA VA Virtual Appliance Download

https://www.eset.com/int/business/remote-management/remote-administrator/download/#virtual

ESET ERA Migration Guide

http://help.eset.com/era_install/63/en-US/index.html?migrated_database_different_ip.htm

http://help.eset.com/era_install/63/en-US/index.html?migration_same_version.htm

http://www.woutermakkinje.com/?p=502

http://download.eset.com/manuals/eset_era_5_migration_guide_enu.pdf

ESET ERA Migration Tool

http://support.eset.com/kb3607/?locale=en_US&viewlocale=en_US

http://www.microsoft.com/en-in/download/confirmation.aspx?id=5555

http://download.eset.com/download/ra/v6/standalone-installers/migration-tool/Win32.zip

HOWTO: Update ESET ERA Virtual Appliance Centos System

su - root
yum update
(answer yes)
reboot

Thanks - https://www.centos.org/docs/5/html/yum/sn-updating-your-system.html

Thanks - http://wiki.indie-it.com/wiki/CentOS:_Fixes_Hints_Tweaks_and_Tips#HOWTO:_Check_System_Updates

Allow ICMP Pings To ESET ERA Virtual Appiance

Edit the following file...

nano /root/firewall-ports.sh

Add the following lines to the bottom of the file...

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables6 -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables6 -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

Save the file, and reboot...

reboot

Reset Lost/Forgotten Password For ERA Virtual Appliance

Q: How do I recover a Forgotten password for ERA Virtual Appliance:

A: First, boot your ERA VA in a Single-User Mode, for instructions, see http://www.cyberciti.biz/faq/grub-boot-into-single-user-mode/. Once you are in the shell in Single-User Mode, you can change your root password using the passwd command. To recover your password for ERA Web Console, see the contents of the following file /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini

Thanks to ESET.

Forum

https://forum.eset.com/forum/38-eset-remote-administrator/

Documentation

http://help.eset.com/era_admin/63/en-US/index.html?introduction.htm

ERA Agent

The agent software allows the server to communicate and control the client.

http://support.eset.com/kb3595/?locale=en_GB&viewlocale=en_GB

Downloads

Windows 64-bit

Installing Agent Via GPO

https://support.eset.com/kb3677/

Licensing v5 vs. v6

ESET Remote Administrator 6 requires the new style of license keys, to convert your old style codes click here.

v5:

Licence Username: EAV-xxxxxxxxxx
Password: xxxxxxxxxx

v6:

License Key: ABCD-EFGH-IJK1-LMNO-PQR2
Public LicenseKey: 12A-BCD-E3F
Admin Password: ABC1deFGhi

Reset Lost Login Password

http://kb.eset.com/esetkb/index?page=content&id=SOLN741

Version 6 For Linux

http://download.eset.com/download/ra/v6/Appliances/era_appliance.ova

An installer for Linux is not available, however ESET instead provide a virtual machine image instead.

There are three different options available:

Version 6 For Windows

Installation guide.

ESET Endpoint Security 6

   32-bit: http://www.eset.com/int/download/thank-you-business-v6/file/12592/
   64-bit: http://www.eset.com/int/download/thank-you-business-v6/file/12627/

ESET Endpoint Antivirus 6

   32-bit: http://www.eset.com/int/download/thank-you-business-v6/file/12518/
   64-bit: http://www.eset.com/int/download/thank-you-business-v6/file/12553/

Version 6 - What's New

Guide.

Windows

Downloads

Home

Business

Windows Folders To Exclude From Scanning

This may help with Windows Update Issues.

%windir%\SoftwareDistribution\Datastore

The above contains the Windows Update or Automatic Update database.

%windir%\SoftwareDistribution\Datastore\Logs

The transaction log files

Certain files in the %windir%\security path should be added to the exclusions list:

Edb*.log
Res1.log. # The file is named Edbres00001.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
Res2.log. # The file is named Edbres00002.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
*.edb
*.sdb
*.log
*.chk


Thanks to The Windows Club.

Uninstallers For Other Manufacturers' Products

To ensure the uninstallation of other manufacturers antivirus programmes ESET provides a page with links.

ESET Undetected By The Windows Security Center

  • Non-Windows 8 users: Click Start All Programs Accessories, right-click on Command Prompt and select Run as administrator from the context menu.
  • Windows 8 users: Press the Windows key + Q to open an app search and type cmd into the Search field. Right-click the cmd application when it appears in results and select Run as administrator from the context menu.
COMMAND PROMPT

NET STOP WINMGMT /Y
REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY REP.OLD
   
  • Restart the system. Windows should start normally, but you may be prompted to restart the system once more to complete the changes caused by resetting the core repository. You may also need to restart once more if Windows Security Center still does not detect your ESET product.

Thanks to ESET

Linux:

From ESET's website:

The Linux distributions supported by ESET NOD32 Antivirus 4 for Linux Desktop are as follows: 

Red Hat, Mandriva, SUSE, Debian, Ubuntu and Fedora (32-bit). 

Installing on other Linux distributions may require the administrator to perform additional tasks due to the large variety of Linux distributions. 
These tasks may include the installation of missing packages or init script modification. 

Thanks to ESET.

Desktop Client Installation

ESET NOD32 Business Edition for Linux

Download - ESET NOD32 Business Edition for Linux 64-bit v4.0.90

ESET Business Edition for Linux Desktop 32-bit v4.0.85 (does not crash Firefox)

ESET Business Edition for Linux Desktop 64-bit v4.0.85 (does not crash Firefox)

ESET Business Edition for Linux Desktop 32-bit v4.0.87 LATEST (crashes all web browsers)

ESET Business Edition for Linux Desktop 64-bit v4.0.87 LATEST (crashes all web browsers)

ESET Business Edition for Linux Desktop PDF User Guide

After downloading the installer you will need to first set it as executable then run it:

Terminal:~$

chmod +x YOUR_FILENAME_HERE
sudo ./YOUR_FILENAME_HERE

NOTE: You must follow the steps below to undertake a custom installation and add yourself (the profile that you are using) or others; if want to be able to have access to the full range of options in the ESET NOD32 Linux GUI.

ESET NOD32 Linux AV Setup 001.jpg

ESET NOD32 Linux AV Setup 002.jpg

The user you are logged in as should show on in the left hand side of the screen (blurred out in this case), if you want add other users tick the 'Show all users' box at the bottom of the screen.

ESET NOD32 Linux AV Setup 003.jpg

You should end up with the required username on the right hand side of the screen.

ESET NOD32 Linux AV Setup 004.jpg

Once the installation has completed the system will require rebooting, but this can be delayed.

If you encounter the following error message on reboot (which should not affect the actual reboot itself) or see it in the terminal 'ld.so:_object_.27libesets_pac.so.27_from_.2Fetc.2Fld.so.preload_cannot_be_preloaded:_ignored', the fix for which is listed below.

FIX: ERROR:

ld.so: object 'libesets_pac.so' from /etc/ld.so.preload cannot be preloaded: ignored

https://forum.eset.com/topic/14226-error-message/

sudo nano -w /etc/ld.so.preload

Change to show:-

/opt/eset/esets/lib/libesets_pac.so

Next:

sudo nano -w /etc/rc.local

Before the final line in the file add the following line:

/opt/eset/esets/sbin/esets_daemon

Then manually run the daemon:

sudo /opt/eset/esets/sbin/esets_daemon

Thanks to Ask Ubuntu

ESET Client Fails To Run On Systemd Based Computers

Currently ESET is not supported on Ubuntu 15.04 and Debian 8.0 so after running the installer file undertake one of the following methods to ensure that the installation runs correctly.

Method A

Open a new Terminal window.

sudo cd /lib/systemd/system
nano -w eset.service

Add the following content to the file:

[Unit]
Description=ESET Scanner Daemon
After=network.target

[Service]
ExecStart=/opt/eset/esets/sbin/esets_daemon
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
PIDFile=/var/run/esets_daemon.pid
Restart=always
Type=forking

[Install]
WantedBy=multi-user.target

Save and close the file.

Start the newly created "eset" service:

sudo systemctl start eset

Start ESET NOD32 Antivirus from your Desktop environment.

Method B

Alternatively, you can start and configure the ESET services and GUI from the Terminal:

/opt/eset/esets/bin/esets_gui
sudo systemctl enable eset

Ensure the ESET NOD32 Antivirus for Linux Desktop is starting automatically after logging into the Desktop environment.

Thanks to ESET

Mac OS X

Troubleshooting

Web and Email Protection did not start in ESET products for Mac on macOS Big Sur

ERA Agent installation on Mac OS X terminal failed

Deploy the ERA Agent to a macOS client using Agent Live Installer (6.x)

Excluding Folders

For Time Machine, make sure you have excluded the Backups.backupdb folder on your backup destination

eg. /Volumes/Synology_DS216play/Backups.backupdb/*.*

ESET Forum

Excluding Programmes

Time Machine

Disable Logging

https://forum.eset.com/topic/2324-how-to-disable-systemlog-logging/

Uninstall

sudo "/Applications/ESET Remote Administrator Agent.app/Contents/Scripts/Uninstall.command"
sudo reboot

Log Files

/private/var/log'.
/Applications/ESET Cyber Security.app/Contents/var/log
/Applications/ESET Cyber Security Pro.app/Contents/var/log

https://forum.eset.com/topic/3153-where-are-the-log-files-for-eset-located-on-a-mac/

Android

ESET Mobile Security

http://download.eset.com/download/mobile/ees/android/ees.apk

http://kb.eset.com/esetkb/index?page=content&id=SOLN3166&actp=search&viewlocale=en_US&searchid=1373534029943

HOWTO

Report a Phishing Page

http://phishing.eset.com/report/enu

Report a Virus

https://support.eset.com/kb141/?viewlocale=en_US

Virus Radar Encyclopedia

http://virusradar.com

Exclude a safe website from being blocked

http://support.eset.com/kb2960/

Sage Accounts

https://my.sage.co.uk/public/help/askarticle.aspx?articleid=30304

Disable Notification About Operating System Updates

GUI

http://www.esetscandinavia.com/support/how-do-i-disable-my-eset-security-product-from-notifying-me-about-windows-updates

ERA

Admin > Policies > New > Remote Administrator Agent - Operating System Updates > Advanced Settings > Report if operating system is not up-to-date > Finish
Computers > Linux Computers > localhost > Manage Policies > Add Policy > Remote Administrator Agent - Operating System Updates > Apply

INFO:

https://community.spiceworks.com/topic/1516360-eset-s-sad-end-with-my-organization?page=1