NOD Control center and Enterprise Support

Discussion in 'NOD32 version 2 Forum' started by enduser999, May 10, 2006.

Thread Status:
Not open for further replies.
  1. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    I am putting together a proposal for a client who has SMALL two Windows 2003 servers. One has 2 XP Pro workstations and the other location has 3 workstations. I have narrowed the products down to NOD32 and a competitor. In the past with the stand alone version of NOD32 I have experienced, like others here, the NOD32 control center disappearing from the Systray on Win2k and XP boxes. Am I correct in that this does not signify that the end user's computer is no longer protected ie. it is not as if one exited the control center manually.

    Regarding the Enterprise Edition is sales and support provided by strictly by the one and apparently only reseller in my country or can the Enterprise NOD32 be purchased directly from ESET USA?

    Am I limited in the number of times that I can contact ESET USA tech support via phone in case I run across a problem that I can not solve?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    NOD32 comprises of two main parts - nod32krn.exe (the kernel service) and nod32kui.exe (the control center / graphical interphace). As long as nod32krn is running, NOD32 protects you against threats. The kernel service is protected from being terminated by a threat.
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    We'll try to help with issues here....I do a lot of Ent Edition installs....so many for our clients it's the reason I became a reseller.
     
    Last edited: May 10, 2006
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I would have a chat to Eset in the USA, I'm sure they will be able to answer both your questions, and as YeOldeStonecat said, you also have available some very knowledgeable people on this forum.

    Cheers :D
     
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    You are welcome to contact ESET's U.S. office for technical support regardless of whether you purchase directly from them or through a reseller, however, by purchasing through a a reseller you may be able to receive value-added services such as:
    • local on-site support
    • support during your office hours
    • training
    • assistance with deployment
    The exact set of services provided and fees charged vary by reseller. By buying through a reseller, you may also be able to purchase other services unrelated to information security, such as application development, network design, VoIP telephony systems and custom computer configurations, to name a few of the services I'm aware of from ESET resellers.

    When it comes down to it, there really is no reason not to buy from a reseller.

    Regards,

    Aryeh Goretsky
     
  6. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Aryeh Goretsky

    All of the resellers here in Canada are all in other provinces which are either one time zone behind me or 2 time zones ahead of my location.


    Do have a couple of questions regarding the setup in this case. The client has two Windows 2003 Standard servers (total [3+2] 5 workstations and 2 servers) in separate locations in the city. Since the servers are located apart from each other I would purchase 2 x 5 workstation Enterprise licenses rather than a Enterprise Edition with 10 workstations?

    I am not usually at the client site unless they request help. In this case is it still recommended to set up these workstations to run with Blackspear's settings? Do you suggest also enabling silent mode and having both systems email alerts so that I can be aware of any problems?
     
  7. ASpace

    ASpace Guest

    But this depends only on you and also on your clients. (your and their abilities)

    When I install NOD32 on clients' machines I always explain them all NOD32 abilities and then they decide what they want and what they want not

    http://www.eset.com/support
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England

    Is this network connected via a WAN? If so I'd just get 1x EE for the total count.

    Regarding settings....I have my own settings, it's generally set to take away the choice from the client. As I'm responsible for their network...it's my decision. So in every case..IMON, EMON, all file types set to delete. Network drives are removed from AMON.

    I usually remote in for maintenance on clients networks early each Monday morning to perform various maint tasks..so just taking a peek at RAC is good enough, I don't want to have my inbox flooded with e-mail alerts.
     
  9. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    No two separate systems


    They have disabled remote access so the only way I would know is if they have enough sense to let me know ASAP (not likely <g>). That is why I asked about email option.
     
  10. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Ahh...and they're not a scheduled monthly or anything like that, where you make regular visits? (Windows Updates, bouncing the server, checking backups, etc)

    I stay away from the e-mail notification, well, if I stuck all my clients there I'd be getting hundreds of notifications each day..as some of them get hit pretty hard...generally those who aren't careful with their e-mail addys, constant spam, phishing, ...esp those who have cheaper websites without encoding on their contact links.

    I just eyeball the RAC whenever I get a chance....skim what the offenders are...eyeballing anything new that's especially dangerous, might warrant a checkup. All the normal "found, deleted or quarantined"..not worth the bother though...as it's just the AV doing it's job.
     
  11. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Sigh.. Trying to get the bugs out during my evaluation of NOD32 Enterprise. Have Windows 2003 test box and a WinXP SP2 (on a regular windows workgroup) and a Windows 2000 machine which is logged into the domain on the server. Did a local installation on the XP SP2 box and it seemed to update the definitions during the local installation on the machine.

    I am about to give up on doing a push installation of NOD32 to the Windows2000 box. I am always getting an error when I try to do the installation. The latest one is "Could not set up IP connection to target computer SC Error Code 6 GLE Error code 1326.

    Also in the RAC (installed on the server) the entire "Oldest Version" column (which shows 1.1531 20060511) in the RAC's client tab is red colored for the server as well as the two clients (WinXP SP2 and Win2k). Does this mean that the RAC server can not connect to ESET and get the current definitions and therefor can not updated either of these workstations?

    I am wondering if I decide to install NOD32 on this client's 2 Windows 2003 small LANS whether it would be a whole lot easier if I simply do a local installation on the 2+3 workstations and setup the configuration manually?


    UPdate: It appears that I erroneously pushed the XP/2K client to the Win2k3 server also. The result is that the update mirror no longer is valid and I can not update the information. Will uninstall and reinstall the Administration Version(mirror) on the server.

    Well I did the installation but now when I connect to the Remote Administrator Server via the RAC I can apparently connect to the server ok but now both of the workstations are showing "Update failed (Server connection failure). This is even after I do a "update now" on the XP workstation install of NOD32 (and see "your version of NOD32 is up to date") which has the update server configured as its source of updates. How the heck could it determine it was up to date when I am getting this "Update Failed..." in the RAC screen?

    Have I overlooked something or is there no documentation of doing a local installation on a workstation and have it successfully connect to the update server?

    Update 2:
    It appears that the 2 workstations and my mirror server are current with the RAC showing a defintionof 1.1533. However I have no idea what was wrong nor why both of the NOD32 apps indicated last night that they were up to date when in fact they were not! This is something I certainly do not want to happen IF I have the client purchase NOD32.

    As others have mentioned the documentation for NOD32 needs to be improved. If software has weak/skeetchy documentation then people will get fed up with getting it to work and move onto another product. Keeping a customer costs a lot less than finding a new one.
     
    Last edited: May 12, 2006
  12. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    That "update failed" message is common...it seems to be an entry that will stay even though it did update briefly after. Why it appears..or what causes it..to be honest, I'm not really sure...services either on server, or workstation, or network traffic in between..happen to miss one of the 5 minute interval heartbeats? I'm not sure. I don't treat that as an important alert to fret over..just clear that column from time to time (highlight all..right click).

    What I do keep an eyeball on...is to see that the clients are getting the updates...both defs, and prog versions. And I look at the virus found alerts...to see if it's just common stuff (which I ignore and clear the alerts)...or a potential hot new one that might warrant a closer inspection...see what action was taken, etc.

    I had actually started writing a "Step by step guide" for Enterprise Edition..but recently learned Eset will have an Ent Edi online training guide available soon.
     
  13. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    The thing is that a standalone normal installation of NOD32 on a 3rd computer was updated 8 hours earlier than the Win2k workstation that is connected to the mirror server. This was even after numerous forced "Update Now" operations on the problem workstation.

    Nice to be able to connect to the client remotely to check on the status of their server. Since this client is a small office based envirnoment I doubt that a) they would allow me remote access through their routers to their servers and b) if they did that they would want to pay me on an ongoing basis to provide this service. In other words I will have to rely on the anti-virus software working properly on its own.

    ESET can not get the Step by Step guide out soon enough.
     
  14. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Just now the XP workstation indicated that NOD32 updated to 1.1534. However when I go to the RAC do a F5 on either the CLIENTS tab the mirror server under the OLDEST version shows the prior definition 1.1533, BUT the XP workstation shows the updated 1.1534 version. How the heck was the XP workstation able to update its definitions to one that is apparently not on the mirror server? The only update server defined on the XP NOD32 is this mirror server.

    Update: Sorry I misread what the "Oldest Version Column" shows. It does not show the version of the definitions on the server but what the oldest version found on the computers connected to the RAS. To find out what the version is on the mirror server is you have to go to TOOLS | SERVER OPTIONS. That seems to be a waste of keystrokes. Either have the ability to list the version of the definitions on the server on its line in the server window or at least put a SERVER OPTIONS in the right click menu! THat way one can easily determine whether at least the mirror server is updated.
     
    Last edited: May 12, 2006
  15. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    In the client part, look at the line which show the 'server' computer.
    The Nod32 antivirus installed on the server is also a client for the RAS point of view.
    If it is not shown there, you should add it. Go in the Control Center -> Nod32 system tools -> Nod32 System setup -> remote administration, and link the Nod32 Antivirus to the RAS
     
  16. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Client part of the RAC screen? Are you saying that the Mirror Version of NOD32 which is installed on the Windows 2003 server should also have REMOTE ADMINISTRATION enabled? If so I should have the two workstations
    plus the Server showing up in the upper pane (Server) as well as in lower pane of the RAC?

    I already had the remote administration set up on the two workstations but not on the Mirror Version of NOD32 installed on the Windows 2003 server.
     
  17. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Yes.

    On the server...I install NOD32, RAS (feed key)
    Install RAC
    Install XMON if they're running Exchange

    Bounce server
    Open up NOD32 control center.....go to update section..feed user/pass. Go to system setup...remote admin tab...set it to be admin'd by itself. Go to license key section...import license key(s) (even though you did it during the install)

    Create mirror...you'll make your directory..I'll usually plop on the second partition of the server. Such as D:\Mirror...and share that out to domain users with read writes...and full permissions to Administrators group, and system. Enable http updates...and if you're running Sharepoint on this server (SBS users make note)..it'll conflict with ports..so change the NOD http update port to something like 8088.

    Run another manual update, bounce if necessary due to program updates..then update the mirror.

    I then fire up RAC....configuration utility..and I create my configs.
    I then create my push install package..select the local ndntenst.exe client install that I already have downloaded...and import the config(s) that I've already made...naming the push install appropriately (workstations/laptops/etc)

    I then push those out to the workstations. Here's where you want to make sure you have your network setup correctly, and the local admin passwords pre-set.
     
    Last edited: May 12, 2006
  18. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Having the NOD32 Server remote admin itself ie. enable Remote Administration option in its config is something that I do not think the NOD32 Administration Versions installation manual mentions to do. Guess that way you can see the server showing up in the client's pane in the RAC.

    When I get my nerve up I will try that again by uninstalling the client on the Win2k test workstation and see if I have any better luck the 3rd time around.
     
  19. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Oh yeah...don't forget...when you push out your configs...or custom installs...do not include your RAS box. You want to manually configure your RAS box. That's the one that you setup your update section like a normal stand lone install...entering your user/pass.

    You config files will usually (except for the ones for laptops) have the updates set to pull from your RAS box via http. If you push that config to your RAS box...it'll end up trying to update from its own mirror...never from Esets servers. So after a day...your defs will become outdated...because it's stuck in this perpetual loop.

    I forgot to mention in my install steps....to create the mirror and allow http updates..so I edited that post to reflect so.
     
  20. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    You in Canada? Have your own test bed server?
     
  21. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Yes and yes
     
  22. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    If you wanna do a sandbox install on your own server....I have a gotomeeting account....so I can shadow you...show you stuff. GoToMeeting is neutral, so you have no worry about security.
     
  23. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Sandbox installation of NOD32 apps on the Win2k3 server?.

    I will keep it in mind. For now I will keep an eye on NOD32 (no pun intended) to see if it continues to update properly. Are you using GoToMyPC for admining your clients' installations of NOD32?

    I do not have much time before I purchase the product for the client. I will have to come to a decision between NOD32 and a competitor's product.
     
  24. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    "Sandbox" is a term I use for testbed...if you have your own setup to learn on. For example, I run Enterprise Edition on my home network...from my SBS server. That way I can fiddle around with it..that's now I learned it.

    I use GoToMeeting to help clients...yes. The core of my clients, I usually have routers with VPN at their sites...so I connect and usually Remote Desktop to their servers, or UltraVNC. But GoToMeeting (a big brother of GoToMyPC..from the same company)...I use that to connect to smaller clients who are farther away, what's nice about it is I can connect to anyone...without having to bother walking them opening up ports on the router, finding WAN IP, installing a remote control app, etc. GoToMeeting is wonderfully easy to walk them through..and having them join..within a few minutes you're at their desktop doing whatever you have to do. Well worth the money...only about 50 bucks a month, so only a 1/2 hours worth of work on it...I'll recoop my cost through billing....the rest is gravey.
     
  25. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Since a majority of my clients do not access their servers from outside of their physical premises they do not have VPN or other means currently. So you are using GoToMeeting rather than GoToMyPC since the former allows 2 way access in case you are showing the client something as well as being able to admin their NOD configuration?

    With the GoTo products does the client end have an application running 24x7 to allow you access when ever you need or does the client start up the application on their site when you require access to help them or admin their server?

    I am going to have to work like heck in the next couple of days as they need this software installed ASAP and if I am going to proceed with NOD at this client. The last thing I want to do is to recommend a product which the client has never heard of and then go to install it and not be able to get it functioning properly (like I had on my testbed).

    This includes trying to fix the problem that prevented me from pushing the installation to my Win2k box and determing what the best configuration for NOD is for their server and workstations (default settings, BlackSpear's settings or a combination of the two).
     
Thread Status:
Not open for further replies.