Rouge clients v3.0.672 on ESET RAC

Discussion in 'ESET NOD32 Antivirus' started by dsi-ap, Dec 6, 2008.

Thread Status:
Not open for further replies.
  1. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    Hi all

    For the last few weeks I keep seeing clients with version 3.0.672 installed on vista machines re-appearing in the 'remote admin console'.
    The machines are already listed with their original computer names but these rogue clients which clone the computer-name of exisiting machines, appear with a ..0001 on the end of their names.

    Does not happen with any other version.

    Why does this keep happening?

    See attached screenshot showing this.
     

    Attached Files:

    Last edited: Dec 6, 2008
  2. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    Hi
    Anyone come across these rogue clients appearing in the admin console after using v3.0.672 ?
    Its becoming a bit of a problem.
     
  3. csedgbeer

    csedgbeer Registered Member

    Joined:
    May 15, 2007
    Posts:
    16
    i've seen this before as well with .001 being added to the end

    i assume it's to do with the clients ip address changing, thats my best guess!

    i just rename them in the rac and they are fine
     
  4. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    Renaming them in RAC?
    Havent done that, but the computer names are registered in AD.
    I will give your suggestion a try, but its not ideal. Someone from ESET should come forward with a soltution to this.
    Thanks csedgbeer :D
     
  5. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    This is still a problem.
     
  6. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    did you try to delete the clients in console (they'll reappear anyway next time they connect), also did you try this
     
    Last edited: Dec 22, 2008
  7. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    In the advanced configuration for the RAS, enable MAC address renaming from Valid to Valid (off by default). Laptops are a problem here because they can be phoning in with different network adapters using different MACs (wired, wireless, aircard, god knows what else) and each time that happens the RAS flags that as a new client. Allowing MAC address renaming from the client fixes this.
     
  8. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    Havent tried that setting, thanks nonoise.

     
Thread Status:
Not open for further replies.