Troubleshooting

Service does not work

I have configured ESET Dynamic Threat Defense, but it is still not working

How to get logs?

I do not see some submitted files in ESMC Web Console

Behavioral flags do not seem to be correct

How can I exclude a detected file from being moved to the Quarantine?

What if the license expires?

What if the Status field in the Submitted files window is empty?

ESMC is not downloading the ESET Dynamic Threat Defense data

What if I am getting "Sent to LiveGrid" status for files submitted to ESET Dynamic Threat Defense

The product refuses my ESET Dynamic Threat Defense license

I am getting one of following error messages under Computer Details > Alerts

Files sent to ESET Dynamic Threat Defense do not display in Webconsole

I am getting the following error: Your license does not include a file behavior report

I have a suspicious sample, what should I do?


Service does not work

Verify ESET Dynamic Threat Defense is activated and configured.

Also verify the following items:

Is the ESET Dynamic Threat Defense license used?

Is the ESET Dynamic Threat Defense Policy applied?

 

I have configured ESET Dynamic Threat Defense, but it is still not working

Verify there is a working network connection between the ESET Management Agent and the ESMC Server.

View connectivity issues between the ESMC Server and ESET Dynamic Threat Defense directly in the ESMC Web Console in Dashboards > Security Management Center Server > Security Management Center network peers with problems.

You can also check the HTTP Proxy settings in ESMC Server Settings.

 

Collect the log files

You can review log files section in the ESMC Online Help guide.

 

I do not see some submitted files in the ESMC Web Console

This is typical behavior if you are using a roaming endpoint.

 

Behavioral flags do not seem to be correct

If the reported behavioral flag does not seem to be correct you can:

Report it to ESET support or send the sample to samples@eset.com. See our article about submitting samples.

Visit the ESET Security Forum and consult the ESET community for information about issues you may encounter.

 

How can I exclude a detected file from being moved to the Quarantine?

If you are sure that the detected file is safe, you can whitelist it.

 

What if the license expires?

When the ESET Dynamic Threat Defense license expires, you are still able to submit suspicious files for malware analysis. However, you will not receive the file analysis results or the file behavior report.

 

What if the Status field in the Submitted files window is empty?

1.Check the ESMC Dashboard as described here: I have configured the ESET Dynamic Threat Defense, but it is still not working

2.Click Reports > Security Management Center management > Audit log > Download > PDF. You can attach this log when requesting support from ESET Technical Support or inspect it for yourself.

 

If there are ESET Dynamic Threat Defense related errors or problems, get the trace logs and contact ESET Technical Support (see the steps below). Otherwise, you can restart the results retrieval process at the ESMC server.

 

How to get the trace log:

1.To enable trace verbosity logging in the ESMC Web Console, click More… > Server Settings > Advanced Settings > Logging > Trace log verbosity > Trace.

2.Restart the ESMC service or the machine and wait 15 - 20 minutes.

3.Logs are located on the ESMC Server machine:

i.Windows: C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs

ii.Linux: /var/log/eset/RemoteAdministrator/Server/

troubleshooting_1

 

How to restart the download of the ESET Dynamic Threat Defense results

Restart the data retrieval process on the ESMC Server. A restart can help when ESMC is not downloading new data from the ESET cloud or the download is too slow.

1.Turn off the ESMC Server service.

2.Log in to the ESMC database using SQL Server Management Studio or the MySQL client on Linux systems.

3.Modify the table tbl_key_value_pairs in the ESMC database:
 
When using SSMS, open the table and remove the line containing string eset-dynamic-threat-detection-customers
 
When using MySQL, open the database and execute the command delete from tbl_key_value_pairs where pair_key = 'eset-dynamic-threat-detection-customers';
 
When using ESMC Virtual Appliance:

a)Log in to the Terminal on the virtual machine where the appliance is running.

b)Log in to the database: mysql -u root -p era_db

c)Enter the password. It is usually the same as your Web Console Administrator's password.

d)Run the following command:
delete from tbl_key_value_pairs where pair_key = 'eset-dynamic-threat-detection-customers';
 

4.Turn on the ESMC Server and do not restart or switch it off for 24 hours.

 

What if I am getting "Sent to LiveGrid" status for files submitted to ESET Dynamic Threat Defense

Possible causes:

The file or spam email you submitted was already detected.

The ESET Dynamic Threat Defense license was not imported using EBA but was directly imported to the security product or ESMC.

 

To enable sending files to ESET Dynamic Threat Defense:
 

1.Remove the license from your ESMC License Management.
 

troubleshooting_2

 

2.Import your license to EBA.

3.Synchronize your EBA with your ESMC Server.

4.Certain modules need to be reloaded on client machines. There are two options to reload modules:

Wait for a few hours until modules are reloaded.

For immediate reload you can "restart" ESET Dynamic Threat Defense on clients. To restart, send a deactivation policy for ESET Dynamic Threat Defense, and when the policy is applied, send another one for activation.

 

 

The product refuses my ESET Dynamic Threat Defense license

After entering your ESET Dynamic Threat Defense license key in the ESMC Web Console, you received the following error message:

    Failed to add license by license key: License is issued for a product that can not be managed with ESET Security Management Center. Please enter a different license.

After entering your ESET Dynamic Threat Defense license key directly in the security product, you received the following error message:
Activation failed. License and product do not match.
 

The license must be entered only via EBA. Read more about importing the license.

 

I am getting one of following error messages under Computer Details > Alerts

Problem

Problem detail

Cause and solution

ESET Dynamic Threat Defense is not accessible

ESET Dynamic Threat Defense is not working. Connection to authentication servers failed.

The ESET license servers are not accessible.

Firewall (another setting) is blocking the communication.

The service is temporarily unavailable.

Check your firewall settings.

ESET Dynamic Threat Defense is not accessible

ESET Dynamic Threat Defense license has expired.

Your ESET Dynamic Threat Defense license was functional and is now expired. Re-new the license or disable the ESET Dynamic Threat Defense setting in the policy.

ESET Dynamic Threat Defense is not activated or the license is invalid.

ESET Dynamic Threat Defense is not activated or the license is invalid.

You have enabled ESET Dynamic Threat Defense on the target computer, but the machine is not activated with a proper license. Disable the ESET Dynamic Threat Defense setting in the policy or activate the machine with an ESET Dynamic Threat Defense license.

ESET Dynamic Threat Defense is not accessible

The ESET Dynamic Threat Defense servers cannot be reached. This could be due to an outage or a problem with the network connection.

Your machine cannot reach ESET Dynamic Threat Defense servers. This is usually caused by a proxy service failure. Try to restart the Apache HTTP Proxy service. If the problem persists, the proxy could be overloaded. You can:

Divide the load from agents to more proxies

Upgrade hardware on the proxy machine

Use the Apache HTTP Proxy 64-bit build (if are using the 32-bit, and your system is x64 architecture)

Temporarily stop using the proxy to confirm that it is causing the issue

Web Console is not showing any results

Analysis results are not delivered to the ESMC Server.

The HTTP Proxy could be overloaded. Try moving the HTTP Proxy to a different server or/and adding more resources. When you move the HTTP Proxy to a new address, you need to update the endpoints' policy too.

ESET Dynamic Threat Defense is not accessible

ESET Dynamic Threat Defense offline license error.

ESET Dynamic Threat Defense does not support offline license activation. Check your license.

ESET Dynamic Threat Defense is not accessible

ESET Dynamic Threat Defense is not working. Unknown authentication error.

ESET authentications servers are not reachable from the client machine. Verify you can reach edf.eset.com.

note

Note  

ERA 6.x does not support ESET Dynamic Threat Defense. The Web Console only displays the Problem column, not the Problem detail column. If you keep getting one of ESET Dynamic Threat Defense errors in ERA 6.x, you have probably enabled ESET Dynamic Threat Defense in a policy.

Files sent to ESET Dynamic Threat Defense do not display in the Web Console

If your OS—usually an older Windows Server—does not trust the ts.eset.com certificate, files are not sent to the  ESET Dynamic Threat Defense servers. To fix this trust issue, import DigiCert Global Root G2 and Thawte TLS RSA CA G1 root certificates to your operating system.

The Web Console can display submitted files only when the client Management Agent is connecting (replicating) to the ESMC Server. Files submitted from roaming endpoints are displayed after the Agent connects the Server again.

important

Important information

When using ESET Dynamic Threat Defense in an enterprise-level environment (hundreds of machines or more), we recommend deploying HTTP Proxy on a dedicated server. Running the HTTP Proxy service on a heavily utilized server (e.g., besides the ESMC Server or database) may result in ESET Dynamic Threat Defense connection problems.

You can exclude selected folders and processes to decrease the number of submitted files and improve the overall performance.

I am getting the following error: Your license does not include a file behavior report

If your are using EBA to manage your licenses and your total seat count for ESET Dynamic Threat Defense licenses is below 100, you are not eligible for Behavioral report. You need to raise your seat count to 100 or more to get the report.

hmtoggle_plus0        Error screen

I have a suspicious sample, what should I do?

See the Recommendations for users with a suspicious sample.