Raynor

Member
  • Content Count

    95
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by Raynor


  1. One more Question:

    What are your "official" recommendations concerning Windows Defender on Windows Server 2016
    when EAM is to be installed on the Server ?

    A) Remove Windows Defender completely as a feature via the "Add Roles and Features" wizard ?

    B) Leave it installed, just disable realtime protection via the following Powershell command:
    Set-MpPreference -DisableRealtimeMonitoring $true

    C) Leave it installed, do nothing, as Windows Defender gets disabled automatically by EAMs Installer?
        (does it ??? if so, only the realtime protection???)

     

    Thank you
    Raynor


  2. Thank you.

    We are planning to deploy EAM on a Windows Server 2016 that uses "classic" MBR-style legacy boot,
    so I assume that there will (hopefully) be no problems....

    One more thing: Is there any difference between the installer that you can download from
    the "normal" EAM section of your website and the installer that can be downloaded from the "EAM for Server"
    section ?


  3. On 10/6/2017 at 11:41 PM, Frank H said:

    Hi,

    We are currently updating the manual, as it might be a bit confusing here and there.
    Best practice is when you check the batchfiles yourself and see what they do, it's not that special, and apply that in your GPO.

    Yes, it is indeed a bit confusing, that's what I noticed as well.

    But back to my question: So it is possible to set everything required on the Server via GPO,
    so that all the clients are automatically configured via the GPO they get from the sever, right ?

     


  4. Thank you,
    now it's clear to me.

    One more thing:
    If you look at Page 83 and the following pages of the "Getting Started" user guide (see attached screenshot),
    instructions are given there on how to configure a couple of Group Policy settings on the server (mostly firewall execptions).
    I am talking about "Allow inbound File&Printer Sharing", "Allow Remote Administration", "AllowICMP",
    and "Enable Remote UAC LocalAccountTokenFilterPolicy".

    This is the way I would plan on preparing everything. Would setting all these GPOs on the server (for all client computers)
    be enough, or would it STILL be necessary to run a batch script file  Prepare_PC_for_Deployment.bat) on a client PC ?

    Serverconfig.png
    Download Image


  5. 1 hour ago, Frank H said:

    The EEC service performs all actions, like deploy, and therefore needs to impersonate on the server, as local admin.

    this is the -Local administrator- account.

    So, If I understand you correctly, the Windows Server 2016 LOCAL Administrator account would have to be entered here,
    so that the EEC service can run in the background on the server with Admin privileges , even when no user is logged on, right ?

     

    1 hour ago, Frank H said:

    The EAM installer requires a local admin account to be able to run.

    This is the -Remote Administrator account for selected computers-

    This I do not fully understand. If you look at the screenshot it says "Domain\User:" at the top just under "Remote Administrator Account".
    But we do not use domain administrator accounts (i.e. users with administrative rights listed in Active Directoty), just the normal users have domain user accounts.
    There is just a local admin on every PC, (the admin-like user created during the Windows installation).

    How would I enter that user ? Just the Username, without any Domain name in front of it?
     

    1 hour ago, Frank H said:

    Please note that you need to run a prepare batch script on the target clients, which you can find in the folder C:\Program Files\Emsisoft Enterprise Console\server\Scripts

    There are 2 batchfiles:

    Prepare_PC_for_Deployment.bat
    Prepare_PC_for_Deployment_UAC_Disabled.bat

    The latter one needs to be run when UAC is disabled on the client.

    Well, The local admin (which will be used to start the scripts) is just the admin-like user created during windows installation, as mentioned above.
    So UAC should be active for that user (as that user is nor a "real" admin and just gets its privileges elevated when required).
    So I would just run the first script, right ?

    Thanks again and best regards
    Raynor


  6. First of all, sorry for this noob-like question ;)

    I am currently evaluating if Emsisoft Enterprise Console (combined with EAM) might be a future option
    for our small business network (one Windows Server 2016, mainly used as file server, Active Directory domain,
    about 30 client computers). EEC would be installed on our Win 2016 server, EAM on all of the clients.

    So far, I have skimmed across the EEC manual (we have not installed anything yet / decided on buying anything yet).
    And while most things seem pretty clear to me, there is one thing I can't get my head around:

    What is meant by Remote & Local Admin credentials (see screenshot)?

    Our 30 or so client computers all have a local admin account that is used for all admin purposes concerning the client PCs.
    I am talking about the "admin-like" local user account that is created during a standard windows installation
    (the one you get to choose a user name for), NOT the "Administrator" account (which is disabled by default, and still is).

    Users logon their computers with domain user accounts that only have user privileges (no roaming profiles or other fancy stuff).

    And, of course, the server itself has its own (local) Administrator account, which is used when administering the server.
    That's about it.
     

    So what would have to be entered for Remote & Local Admin ?
    Do both fields have to be filled in ?
    If so, why ?

    Yes, I know it's a beginner's question (sorry), but right now I'm a bit stumped ;)

    Thanks
    Raynor

     

     

     

     

    Admins.png
    Download Image


  7. After more digging around for possible causes, it turns out that the Windows 10 Indexing Service is the culprit.

     

    I found it odd that the freezing only occurred on the HDD containing my data (which was added to the indexed locations),

    and not on my system HDD. So I removed my data HDD from the Windows Search index and the freezing is gone.

     

    I also found a thread on www.tenforums.com yesterday that pointed me towards the indexing service:

    http://www.tenforums.com/general-support/65418-sometimes-file-explorer-freezes-when-renaming-folder.html

    Quote: " I think this is related to Windows Search as I have seen this issue complained of on other sites but so far the only

    workaround is to turn off Search. [...]"

     

    I'm not sure why the problem also seemed to have disappeared after uninstalling Emsisoft Internet Security, but maybe

    that just happened by chance, possibly the Indexing Service was not running/performing any indexing at that time,

    or some similar combination of circumstances.

     

    Anyway, please let me sincerely apologize for raising this false alarm. :o

     

     

    Thanks and all the best,

    Raynor


  8. When I create a new folder in the Windows Explorer via right-click and then immediately enter a name

    for the folder before hitting enter (and thus creating the folder), Explorer sometimes freezes directly after hitting enter.

     

    Then I am left with two options:

     

    a) Trying to close the frozen Explorer window. This makes Explorer crash and the whole shell & task bar etc. is restarted.

    Result: The folder is created, but NOT renamed (i.e. it is still called "New Folder")

     

    b) Just waiting for a minute (or so). Then the folder is created AND renamed successfully.

     

    When I uninstall Emsisoft Internet Security, the problem goes away. Folders can be created and renamed without any Explorer freezes whatsoever.

     

    My gut feeling tells me that the ransomware protection part of the behavior blocker might prevent the folder from being renamed.

    In other words, the ransomware protection might be a bit too overzealous here...

     

    Is my gut feeling pointing me in the right direction?

     

    I am using Win 10 x64 v1607 and  EIS 12.01.xxxx (latest version)

     

    Thanks,

    Raynor


  9. Thank you, I will use this as a workaround from now on.

     

    And I will most definitely be keeping my fingers crossed hoping that the hardware ID derivation

    algorithm can be toned down a bit in the future, so that hotswappable SATA HDDs

    can be used without any license reactivation prompts ...

     

    Again, I'm just talking about adding (and later removing) one measly additional HDD,

    not changing the whole HDD config ...

     

    :unsure::)^_^

     

    Best regards,

    Raynor


  10. First of all, sorry for digging up this thread again :P

     

    I just wanted to say once again that this issue is still rather annoying for me when doing backups using hot-swappable HDDs.

     

    I event tried shutting down the protection (using the tray icon menu), but even then it would revert to a trial license, thus forcing me to reenter

    my license after finishing the backup (after removing the backup HDD).

     

    Is is possible (in the future) to implement one of these workarounds:

     

    1) Why don't you just use the FIRST (system) hard disk to generate a hardware ID and skip additional hard drives? That would solve the issue,

    as adding and removing additional SATA drives triggers the license reactivation, whereas the system disk is of course not changed.

     

    2) Temporarily disable the hardware checks while the protection has been shut down. That would at least enable me to temporarily shut down the protection

    before the backup and reenable it afterwards.

     

    After much thinking about the whole issue (after all, I'm always srminded of it whenever I perform a backup :unsure::wacko:)

    I am still of the opinion that it is fairly wrong to make it hard for users to use hot-swappable SATA hard disk drives for backup (or similar) purposes.

    The "use an USB drive" recommendation just doesn't cut it, sorry :excl:

     

    So please let me finish by kindly asking you to at least think about implementing a workaround (or fix) for this issue.

     

    Thank you and all the best

    Raynor


  11. Unfortunately, I am a bit short on time right now. I have switched back to the delayed feed for the time being.

    I can't experiment with betas / debug logs right now. The firewall issue has already eaten up enough of my time :unsure:.

     

    You guys should really be able to reproduce the issue, as four people have already confirmed it.

    (Me, "fax", "Aura" and "herisson" in this thread http://support.emsisoft.com/topic/22472-firewall-blocking-things-it-shouldnt/).

     

    Use Win 10 x64 (fully updated), set the firewall to "always ask" (i.e. turn off automatic rule creation for both signed and unsigned apps),

    and have recurring popups for different ports on program startup even though "allow always" was already clicked multiple times before

    and there already is a "allow all" rule for that program.

     

    IF there should really be a need for further debug logs etc. I might be able to provide them at some later time perhaps,

    but right now I'm on the delayed feed and out of time :wacko:.

     

    Sorry, and thanks for your understanding :unsure:

    Raynor

     

    EDIT: Thanks @Aura for providing the logs, makes me feel less bad :)


  12. It's unusable due to constant firewall messages for all my local software despite clicking 'allow all'. I've had to restore my system to get back to a previous release then it automatically updated anyway.

    As ever since OA was dropped it is very high maintenance.  I have now gone back to the 'delayed' release which is supposed to be stable but of course it's not as it has the firewall issues so I've had to switch it off again. I cannot switch off updates!

    I await a 'stable' release to test again.

     

    Thanks for another confirmation of this issue. I was having the exact same issue with the BETA. I also had to switch back (to the delayed feed).

    See this thread for more info:

     

    http://support.emsisoft.com/topic/24430-beta-11906513-network-issue-solved-but-now-pesky-recurring-firewall-alerts/


  13. With the new beta, the network connectivity issue (homegroup and normal network shares inaccessible) that

    has been discussed here quite a bit recently is solved for me as well. I can access my network shares again without disabling

    the EIS firewall.

     

    BUT:

     

    Now I'm getting constant, recurring and thus very annoying firewall alerts whenever I start Firefox.

    Clicking on "Allow all connections" does not help, I'm getting an alert again (for another port) the next time I start Firefox.

    Please see the attached screenshots 1 & 2 for reference.

     

    Note that my Firewall is set to "ASK" for all connections in the automatic rule settings in the advanced configuration

    (all four dropdown fields are set to "Ask").

     

    Also note that there already is a rule for Firefox allowing all connections, inbound and outbound (see screenshot 3).

     

    I also get a similar alert for Logitech SetPoint on Windows startup.

     

    Seems like the fixes in the beta have turned the firewall into something a bit too overzealous :P

     

    EDIT: This also happens when starting Mozilla Thunderbird.

     

    EDIT #2: This quickly became so annoying that I had to switch back to the stable version (now the alerts are gone again - as expected).

    Having to disable the firewall for the time being is less of a hassle than getting bombarded with firewall alerts. :blink:

    This Beta is a dud :D:lol:

     

     

    Thanks and all the best,

    raynor

     

    PS: My OS: Windows 10 x64

     

    post-37542-0-28163400-1467232617_thumb.png
    Download Image

     

     

    post-37542-0-32428400-1467232622_thumb.png
    Download Image

     

     

    post-37542-0-64043600-1467232626_thumb.png
    Download Image


  14. If you add a hard drive, that changes the Machine Key. If you then remove the hard drive, it changes it back. If an update happens after the first Machine Key change, and then again after the second Machine Key change, then that counts as two remappings.

    [...]

    I apologize for not mentioning the timeout is 24 hours. After 24 hours the license can be remapped again.

    [...]

    There is no problem with it, however if the license key is locked out in our system it won't allow you to activate it again until it is unlocked again (24 hours after it gets locked out). If it's locked out, then you can use the free trial for the 24 hours until it's unlocked again.

     

    Thanks a lot for your detailed reply. Now the whole thing seems much clearer to me.

     

    As HDDs in my 5.25" drive bay can be hot-swapped, I will just disable automatic updates before inserting my backup HDDs and then

    eject and remove the backup drive before re-enabling auto updates. This should hopefully revert the machine key to its original state.

     

    This is of course a slight annoyance, but one that I can live with as I only do HDD backups on a weekly to monthly basis. :unsure::lol:

     

     

     

    Unfortunately it is difficult to generate a unique ID for each computer that is reliable. Since the vast majority of users don't change hard drives often enough to trigger license issues, using hardware such as hard drives to generate it is usually fairly safe. Even in a corporate situation

    [...]

    We've tried a number of other methods, and we keep running into issues with them. Not every motherboard has a serial number embedded in their firmware, for instance. Many OEM computers are indistinguishable from each other because the exact same hardware is used, and since it's almost always cheap hardware many things get overlooked. For Microsoft this probably isn't an issue, since they got their money from these OEM computers and in most cases don't need to worry about whether or not they can uniquely identify them. Windows also doesn't have a free trial that's tied to a Machine Key like our software does, and we had issues where the free trial was already expired on many computers because they all had the same Machine Key.

    Obviously if we think we can make generating Machine Keys better in the future, then we will. For now, the best recommendation I can make is to use USB since it is the cheapest alternative that won't cause license issues.

     

    Also, thanks for clearing that up. I'm keeping my fingers crossed for future improvements in this area.

     

    Thanks again and all the best

    Raynor


  15. Emsisoft Internet Security and Emsisoft Anti-Malware will generate a unique ID ("Machine Key" or "Machine ID") that our license and update system uses to identify your computer. Hard drives (or at least certain information about them) are used in creating the Machine Key for your computer. If the hard drives connected to the computer change, then a new Machine Key will be generated, and the next time updates are downloaded the license will be remapped since the Machine Key is different. If a license is remapped 5 times in a day, then it gets locked out from being remapped again in our system, which could easily cause the issue you are experiencing (assuming it switched to the free trial due to being unable to remap the license key).

     

    Thanks for your reply. Unfortunately, some details still remain sketchy to me ...

     

    I have been switching HDDs quite frequently (as posted above), but not five times a day ?!

    What happens if a key gets "locked" from being "remapped" ??? Is this a temporary lock, just for the same day? This is still not clear to me.

     

    It did indeed revert to some kind of trial key (This happened twice so far). Both times I then reentered my original purchased license key,

    which worked without any problems. Is there a problem reentering my original key straight away? Could it be permanently blocked ?

    Should I wait a few days before restoring my original license for safety reasons (this would be possible, as I am granted ... 30 days :P) ?

     

    In other words: I could live with having to reenter my key at times (which should not happen too often in the future, as the HDD changing bonanza

    that I've started a few days ago days won't happen again so soon after it is finished), but I wouldn't want to run the risk my key getting blocked...

    So any advice on when to reenter my original key would be appreciated.

     

    Hard drives connected to the computer via USB are ignored when generating the Machine Key, as are NAS drives, so we recommend connecting backup drives via one of these two methods instead of using SATA/eSATA. Obviously USB hard drive enclosures are cheaper than NAS, and access/transfer speeds should be faster with USB, so that might be the best place to start.

     

    I am really sorry that I have to say that this piece of advice is not satisfactory.  :blush:  An AV program (no software for that matter) should not dictate the way how I connect my backup HDDs.

     

    I have a 5.25" internal docking station in my computer that easily lets me switch normal (i.e. not contained in an enclosure) SATA HDDs,

    which then are connected directly to the mainboard's SATA port 4.

     

    This is the one I use:

    https://en.sharkoon.com/product/1686/12640#desc

     

    This is a very cost-effective way of doing backups as I just have to buy simple standard HDDs, and don't have to fork out more money for the cases/enclosures.

     

    I would like to reiterate that the algorithm used to calculate the key seems too STRICT and DUMB ^_^ , as I have only been switching ONE HDD, while three other drives

    (the ones that are permanently in my computer's case) remained the same (see HDD config as posted above).

     

    This should really be possible and not cause any license key issues :(. I certainly won't be switching the way I do my backups

    because of some piece of software. Don't get me wrong, I really like Emsisoft Internet Securiry a lot, but this behavior seems a bit overbearing ...

     

    All the best,

    Raynor

     

    PS I absolutely understand that you guys need a way to uniquely identify a PC in order to check If a license is not used

    too often ... but maybe the machine ID could be calculated a bit differently (graphics card ? some other serial numbers?

    MAC address? etc.), or the HDD part could be toned down a bit ... After all, Windows itself doesn't seem to mind and stays activated,

    so MS must have figured out a smarter way of identifying computers (AFAIK they especially focus on mainboard changes which seems smart to me).


  16. I have just been struggling with the same issue.

     

    See:

    http://support.emsisoft.com/topic/20326-eis-sudden-change-license/

     

     

    Using several Backup HDDs connected via SATA causes the license to change to a 30 days trial :unsure:.

     

    BUT I have been using SATA-connected backup HDDs it the past together with Emsisoft (for over a year)

    and have never had this issue before. It first happened to me a few days ago...

     

    Perhaps there as been a change it the "sensitivity" / the way the unique machine key is calculated ?

     

    PS looking through the forum, I am getting the impression that there have been quite a few posts recently about

    strange / unwarranted license changes back to a 30 day trial ... any you can add me to that list  :unsure:.

     

    Something is definitely wrong, please investigate :ph34r:

     

    Compare:

    http://support.emsisoft.com/topic/20305-eam-license-troubles/

    http://support.emsisoft.com/topic/20301-trouble-with-license/


  17. Do you connect and disconnect hard drives to your computer frequently, or perhaps use some sort of virtual hard drives?

     

    I have also just been shown another prompt saying that "my licencse would expire in 30 days".

    I thus had to enter my license details again. This is the second time that this happened to me in the last few days.

     

    Incidentally, I have indeed been changing my backups HDDs quite a bit during the last few days as

    I am in the process of restructuring my backup HDDs (formatting new ones, erasing old ones).

    They get connected via SATA, so they might be seen as "normal" HDDs (HDD config details see below).

     

    But I have always used several extra HDDs for backups and have never been shown such a prompt in the last year.

     

    Something is fishy here :unsure::wacko: .

     

    Has Emsisoft's "sensitivity" towards HDD changes been increased in one of the recent updates ?

    Could this be the reason for receiving those erroneous messages that the license would expire in 30 days ?

     

    My HDD configuration:

     

    SATA Port (1): Intel SSD ("system disk"), never changes

    SATA Port (2): Western Digital HDD ("data disk"),  never changes

    SATA Port (3): Western Digital HDD (another "data disk"), never changes

    SATA Port (4): Backup drives, only those disks have frequently changed in the last few days.

     

    --> Various HDDs have been connected and disconnected to the fourth SATA port as I am in the process of

    getting rid of old backup HDDs (erasing them) and formatting new ones for future use...

     

    It seems to me that the algorithm used to calculate the machine ID seems to be too strict AND dumb

    as I have not changed my first three HDDs (System & Data), only the fourth connected HDD has been changed several times,

    which seems to be repeatedly causing the program to revert to a "30 days" license :blush::angry:

     

     

    Thanks,

    Raynor

     

    (PS: please let me know If you need my email address to take a look at my licenses (if this helps with your investigations),

    I use different email addresses in the forum and in the license center.)