ESET
ESET is a Slovakian company formed in 1992 and has its headquarters in Bratislava and specializes in antivirus software with spyware and malware protection.
ESET Blog Site
https://www.welivesecurity.com/en/
ESET SysInspector
http://us.eset.com/int/support/sysinspector/faq/
sysinspector.exe /gen (generate report directly from command line without running graphic user interface) /privacy (generate report with excluded sensitive information) /zip (a report is stored in a compressed file) /help (display information about usage of command line parameters)
ESET License Administrator
Tools
ESET SysRescue Live
ESET SysRescue Live uses GNU Linux OS to run from either an optical disk or USB drive. It is based on the LXDE desktop session environment making it lightweight and fast. The package system APT (Debian package management utility) allows you to install potentially useful packages, for example applications or drivers.
If you are an experienced Linux administrator, you can use LXTerminal console to perform the necessary operations under root privileges (you must enter sudo before each console command), such as fsck for file-system check, cfdisk (console version), or
GParted (graphic user interface version) to open the partition manager.
To access the Internet, use the integrated Chromium web browser by clicking system menu Browser.
Etcher USB Burner (for ISO or IMG files)
ESET PROTECT
Installers
https://support.eset.com/en/kb6114-download-an-earlier-version-of-eset-protect-and-its-components
Upgrade
Option 1 - In Place Upgrade
This process is more simple and does not require access to the appliance, only to the Web Console. We recommend this procedure for minor and hotfix upgrades.
https://help.eset.com/protect_deploy_va/90/en-US/?va_upgrade_migrate.html
Upgrade the VA using a Components Upgrade task:
- Upgrade the ESET PROTECT Server first.
- Upgrade a ESET Management Agents sample group.
- If the upgrade of the sample is successful and Agents are still connecting, continue with the rest of the Agents.
Option 2 - New Virtual Appliance and New IP Address
This upgrades your whole Appliance (the underlying operating system), not just the ESET PROTECT Server. The process is more complicated and requires having two concurrent appliances during the transition period. We recommend using the database pull for upgrading to the major versions or as a troubleshooting method.
https://help.eset.com/protect_deploy_va/90/en-US/?va_upgrade_migrate.html
- Download the latest protect_appliance.ova (or protect_appliance.vhd.zip if you use Microsoft Hyper-V).
- Deploy a new ESET PROTECT VA. See ESET PROTECT Appliance deployment process for instructions. Do not configure the new ESET PROTECT VA via its web interface yet.
- Pull database from your old VA. See Pull database from other server for a complete step-by-step guide.
- Configure ESET PROTECT Virtual Appliance via its web interface.
- Verify that your new ESET PROTECT VA behaves the same way as the previous one.
- Upgrade a ESET Management Agents sample group using an ESET PROTECT Components Upgrade task.
- If the upgrade of the sample is successful and Agents are still connecting, continue with the rest of the Agents.
ESET PROTECT (8.x)
Migrate to a new Certificate Chain
Allow macOS system integration to complete install
Using the ESET Uninstaller Tool
ESET Security Management Center (7.x)
Upgrade
Help > Update product
Export the Certificates, then...
mysqldump --host localhost --disable-keys --extended-insert --routines -u root -p era_db > mysqldump-era_db_2021-01-11.sql
Links
Security Management Center Components Upgrade
ESET Remote Administrator (5.x 6.x)
Configure ESET Remote Administrator to automatically deploy ESET endpoint products to unprotected computers
https://support.eset.com/kb3702/?viewlocale=en_US
FIX: Error: "Login Failed, Connection has failed with the state of 'Not connected'"
This will happen because the Java version has been upgraded and the ERAServer does not know.
The fix is here: https://support.eset.com/kb6760/
Allow Remote Clients To Connect To ERA
https://support.eset.com/kb3304
https://support.eset.com/kb6130
Generate Custom Paid For SSL Certificate
https://forum.eset.com/topic/4986-era-v6-webconsole-ssl-certificate/
Block USB External Storage Disk Drives
ERA > Admin > Policies > New Policy > 'Block USB Drives' > Endpoint for Windows > Device Control > Integrate into system > Rules > Disk Storage > Block > OK > Save
https://support.eset.com/kb2513/?viewlocale=en_US
Allow Specific Storage Device
https://support.eset.com/en/kb5684-block-removable-media-in-eset-windows-home-products
Configure an ESET endpoint product to function as a Mirror server
http://support.eset.com/kb3641
Clear Resolved Threats
http://support.eset.com/kb5727
Install 3rd Party Software
You may also use "Software installation task" but provided package must be .msi and must support quiet (non-interactive) installation.
Admin > Client Tasks > Software Install > New Task > msiexec /i /q xxxxxxxxx.msi
or
Admin > Client Tasks > Run Command > New Task > setup.exe /switches
Manually Add IP Address Of Computer
http://support.eset.com/kb3609/#manual
ESET ERA VA Virtual Appliance Download
https://www.eset.com/int/business/remote-management/remote-administrator/download/#virtual
ESET ERA Migration Guide
http://help.eset.com/era_install/63/en-US/index.html?migrated_database_different_ip.htm
http://help.eset.com/era_install/63/en-US/index.html?migration_same_version.htm
http://www.woutermakkinje.com/?p=502
http://download.eset.com/manuals/eset_era_5_migration_guide_enu.pdf
ESET ERA Migration Tool
http://support.eset.com/kb3607/?locale=en_US&viewlocale=en_US
http://www.microsoft.com/en-in/download/confirmation.aspx?id=5555
http://download.eset.com/download/ra/v6/standalone-installers/migration-tool/Win32.zip
HOWTO: Update ESET ERA Virtual Appliance Centos System
su - root yum update (answer yes) reboot
Thanks - https://www.centos.org/docs/5/html/yum/sn-updating-your-system.html
Thanks - http://wiki.indie-it.com/wiki/CentOS:_Fixes_Hints_Tweaks_and_Tips#HOWTO:_Check_System_Updates
Allow ICMP Pings To ESET ERA Virtual Appiance
Edit the following file...
nano /root/firewall-ports.sh
Add the following lines to the bottom of the file...
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables6 -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT iptables6 -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
Save the file, and reboot...
reboot
Reset Lost/Forgotten Password For ERA Virtual Appliance
Q: How do I recover a Forgotten password for ERA Virtual Appliance:
A: First, boot your ERA VA in a Single-User Mode, for instructions, see http://www.cyberciti.biz/faq/grub-boot-into-single-user-mode/. Once you are in the shell in Single-User Mode, you can change your root password using the passwd command. To recover your password for ERA Web Console, see the contents of the following file /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini
Thanks to ESET.
Forum
https://forum.eset.com/forum/38-eset-remote-administrator/
Documentation
http://help.eset.com/era_admin/63/en-US/index.html?introduction.htm
ERA Agent
The agent software allows the server to communicate and control the client.
http://support.eset.com/kb3595/?locale=en_GB&viewlocale=en_GB
Downloads
Installing Agent Via GPO
https://support.eset.com/kb3677/
Licensing v5 vs. v6
ESET Remote Administrator 6 requires the new style of license keys, to convert your old style codes click here.
v5:
| Licence Username: | EAV-xxxxxxxxxx |
| Password: | xxxxxxxxxx |
v6:
| License Key: | ABCD-EFGH-IJK1-LMNO-PQR2 |
| Public LicenseKey: | 12A-BCD-E3F |
| Admin Password: | ABC1deFGhi |
Reset Lost Login Password
http://kb.eset.com/esetkb/index?page=content&id=SOLN741
Version 6 For Linux
http://download.eset.com/download/ra/v6/Appliances/era_appliance.ova
An installer for Linux is not available, however ESET instead provide a virtual machine image instead.
There are three different options available:
Version 6 For Windows
ESET Endpoint Security 6
32-bit: http://www.eset.com/int/download/thank-you-business-v6/file/12592/ 64-bit: http://www.eset.com/int/download/thank-you-business-v6/file/12627/
ESET Endpoint Antivirus 6
32-bit: http://www.eset.com/int/download/thank-you-business-v6/file/12518/ 64-bit: http://www.eset.com/int/download/thank-you-business-v6/file/12553/
Version 6 - What's New
Windows
Downloads
Windows Folders To Exclude From Scanning
This may help with Windows Update Issues.
%windir%\SoftwareDistribution\Datastore
The above contains the Windows Update or Automatic Update database.
%windir%\SoftwareDistribution\Datastore\Logs
The transaction log files
Certain files in the %windir%\security path should be added to the exclusions list:
Edb*.log Res1.log. # The file is named Edbres00001.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. Res2.log. # The file is named Edbres00002.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. *.edb *.sdb *.log *.chk
Thanks to The Windows Club.
Uninstallers For Other Manufacturers' Products
To ensure the uninstallation of other manufacturers antivirus programmes ESET provides a page with links.
ESET Undetected By The Windows Security Center
- Non-Windows 8 users: Click Start All Programs Accessories, right-click on Command Prompt and select Run as administrator from the context menu.
- Windows 8 users: Press the Windows key + Q to open an app search and type cmd into the Search field. Right-click the cmd application when it appears in results and select Run as administrator from the context menu.
COMMAND PROMPT NET STOP WINMGMT /Y REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY REP.OLD
- Restart the system. Windows should start normally, but you may be prompted to restart the system once more to complete the changes caused by resetting the core repository. You may also need to restart once more if Windows Security Center still does not detect your ESET product.
Thanks to ESET
Linux:
From ESET's website:
The Linux distributions supported by ESET NOD32 Antivirus 4 for Linux Desktop are as follows: Red Hat, Mandriva, SUSE, Debian, Ubuntu and Fedora (32-bit). Installing on other Linux distributions may require the administrator to perform additional tasks due to the large variety of Linux distributions. These tasks may include the installation of missing packages or init script modification.
Thanks to ESET.
Desktop Client Installation
ESET NOD32 Business Edition for Linux
Download - ESET NOD32 Business Edition for Linux 64-bit v4.0.90
ESET Business Edition for Linux Desktop 32-bit v4.0.85 (does not crash Firefox)
ESET Business Edition for Linux Desktop 64-bit v4.0.85 (does not crash Firefox)
ESET Business Edition for Linux Desktop 32-bit v4.0.87 LATEST (crashes all web browsers)
ESET Business Edition for Linux Desktop 64-bit v4.0.87 LATEST (crashes all web browsers)
ESET Business Edition for Linux Desktop PDF User Guide
After downloading the installer you will need to first set it as executable then run it:
Terminal:~$ chmod +x YOUR_FILENAME_HERE sudo ./YOUR_FILENAME_HERE
NOTE: You must follow the steps below to undertake a custom installation and add yourself (the profile that you are using) or others; if want to be able to have access to the full range of options in the ESET NOD32 Linux GUI.
The user you are logged in as should show on in the left hand side of the screen (blurred out in this case), if you want add other users tick the 'Show all users' box at the bottom of the screen.
You should end up with the required username on the right hand side of the screen.
Once the installation has completed the system will require rebooting, but this can be delayed.
If you encounter the following error message on reboot (which should not affect the actual reboot itself) or see it in the terminal 'ld.so:_object_.27libesets_pac.so.27_from_.2Fetc.2Fld.so.preload_cannot_be_preloaded:_ignored', the fix for which is listed below.
FIX: ERROR:
ld.so: object 'libesets_pac.so' from /etc/ld.so.preload cannot be preloaded: ignored
https://forum.eset.com/topic/14226-error-message/
sudo nano -w /etc/ld.so.preload
Change to show:-
/opt/eset/esets/lib/libesets_pac.so
Next:
sudo nano -w /etc/rc.local
Before the final line in the file add the following line:
/opt/eset/esets/sbin/esets_daemon
Then manually run the daemon:
sudo /opt/eset/esets/sbin/esets_daemon
Thanks to Ask Ubuntu
ESET Client Fails To Run On Systemd Based Computers
Currently ESET is not supported on Ubuntu 15.04 and Debian 8.0 so after running the installer file undertake one of the following methods to ensure that the installation runs correctly.
Method A
Open a new Terminal window.
sudo cd /lib/systemd/system nano -w eset.service
Add the following content to the file:
[Unit] Description=ESET Scanner Daemon After=network.target [Service] ExecStart=/opt/eset/esets/sbin/esets_daemon ExecReload=/bin/kill -HUP $MAINPID KillMode=process PIDFile=/var/run/esets_daemon.pid Restart=always Type=forking [Install] WantedBy=multi-user.target
Save and close the file.
Start the newly created "eset" service:
sudo systemctl start eset
Start ESET NOD32 Antivirus from your Desktop environment.
Method B
Alternatively, you can start and configure the ESET services and GUI from the Terminal:
/opt/eset/esets/bin/esets_gui sudo systemctl enable eset
Ensure the ESET NOD32 Antivirus for Linux Desktop is starting automatically after logging into the Desktop environment.
Thanks to ESET
Mac OS X
Troubleshooting
Web and Email Protection did not start in ESET products for Mac on macOS Big Sur
ERA Agent installation on Mac OS X terminal failed
Deploy the ERA Agent to a macOS client using Agent Live Installer (6.x)
Excluding Folders
For Time Machine, make sure you have excluded the Backups.backupdb folder on your backup destination
eg. /Volumes/Synology_DS216play/Backups.backupdb/*.*
Excluding Programmes
Disable Logging
https://forum.eset.com/topic/2324-how-to-disable-systemlog-logging/
Uninstall
sudo "/Applications/ESET Remote Administrator Agent.app/Contents/Scripts/Uninstall.command" sudo reboot
Log Files
/private/var/log'.
/Applications/ESET Cyber Security.app/Contents/var/log
/Applications/ESET Cyber Security Pro.app/Contents/var/log
https://forum.eset.com/topic/3153-where-are-the-log-files-for-eset-located-on-a-mac/
Android
http://download.eset.com/download/mobile/ees/android/ees.apk
HOWTO
Report a Phishing Page
http://phishing.eset.com/report/enu
Report a Virus
https://support.eset.com/kb141/?viewlocale=en_US
Virus Radar Encyclopedia
Exclude a safe website from being blocked
http://support.eset.com/kb2960/
Sage Accounts
https://my.sage.co.uk/public/help/askarticle.aspx?articleid=30304
Disable Notification About Operating System Updates
GUI
ERA
Admin > Policies > New > Remote Administrator Agent - Operating System Updates > Advanced Settings > Report if operating system is not up-to-date > Finish
Computers > Linux Computers > localhost > Manage Policies > Add Policy > Remote Administrator Agent - Operating System Updates > Apply
INFO:
https://community.spiceworks.com/topic/1516360-eset-s-sad-end-with-my-organization?page=1
