ESET Agent: unable to install Agent | GOLINE
Goline Logo

Home

    About Us

      Services

      Solutions

      Systems Architecture

      Support

      FAQ

      News

      • GOLINE SA partners with PowerDMARC April 24th, 2024
        In the supply and logistics sectors, email communication is pivotal. However, organizations face threats like email fraud and phishing. GOLINE SA's clients struggled with configuring email authentication protocols manually. To address this challenge, GOLINE SA became an MSP Partner of PowerDMARC, collaborating to streamline implementation and management. PowerDMARC's cloud-based platform automated DMARC, SPF, and DKIM protocols for GOLINE SA's clients. This streamlined the transition to DMARC enforcement policies, bolstering domain protection without compromising email deliverability. The intuitive platform facilitated easy navigation and provided detailed reporting for proactive issue resolution. GOLINE SA's clients experienced tangible benefits: Enhanced Email Security: Automated protocols...
      • Route RPKI validation April 1st, 2022
        RPKI is a security framework by which network owners can validate and secure the critical route updates or Border Gateway Protocol (BGP) announcements between public Internet networks. BGP is essentially the central nervous system of the Internet and one of its fundamental building blocks. The main function of BGP is to facilitate efficient routing between Autonomous Systems (AS), by building and maintaining the Internet routing table. The Internet routing table is effectively the navigation system of the Internet and without it, traffic would be unable to flow between its constituent networks. Unfortunately, routing equipment alone cannot distinguish between legitimate and malicious routing announcements,...
      • RIPE – Atlas Anchor February 17th, 2022
        We have become an even more integral part of the RIPE Atlas project by hosting an anchor, a device that allows for latency analysis of traffic between autonomous systems.https://atlas.ripe.net/probes/7073/RIPE Atlas anchors play an integral role in the RIPE Atlas network by acting both as enhanced RIPE Atlas probes with more measurement capacity, as well as regional measurement targets within the greater RIPE Atlas network. Anchors are able to perform many more measurements than a regular RIPE Atlas probe, and the large amount of data they collect is made available to everyone. In addition, anchors act as powerful targets that can...

      ESET Agent: unable to install Agent

      Davide Gandini Security 29 June 2022

      Seguire questa guida:

      Manually uninstall ERA components

      1. Open an Administrative Command Prompt. Click Start → All Programs → Accessories, right-click Command Prompt and then click Run as administrator. If prompted, click Yes in the User Account Control window.

        Type the following commands in to the command prompt to delete the services:

        • For the ERA Agent: sc delete EraAgentSvc
        • For the ERA Server: sc delete EraServerSvc
        • For the ERA Proxy: sc delete EraProxySvc

      2. Erase the following directories and all of the files inside the folders (these addresses are default and may be different on your system). Adjust the address according to the component you are uninstalling (Agent / Server / Proxy).

      • C:Program FilesESETRemoteAdministratorAgent

      • C:ProgramDataESETRemoteAdministratorAgent
      If you changed the Destination Folder during the installation

      You could have changed this address during the installation. You can retrieve this information from the Registry Editor.

      1. Run regedit and navigate to the registry key of the ERA component you want to uninstall:

        • Agent: HKEY_LOCAL_MACHINESOFTWAREESETRemoteAdministratorAgentCurrentVersionInfo
        • Server: HKEY_LOCAL_MACHINESOFTWAREESETRemoteAdministratorServerCurrentVersionInfo
        • Proxy: HKEY_LOCAL_MACHINESOFTWAREESETRemoteAdministratorProxyCurrentVersionInfo

      2. The paths are in values (on the right side of the window) AddDataDir and InstallDir

      The directory ProgramData is hidden by default, you may need to enable Show hidden files under Control Panel → Folder Options → View.

      1. Open regedit (press the Windows key + R, type regedit and click OK), navigate to HKEY_LOCAL_MACHINESOFTWAREESETRemoteAdministrator and delete the appropriate registry key of the component you want to uninstall.

      Use caution when editing the registry

      Make only the edits specified below to the system registry. Unnecessary changes to the registry can negatively affect system performance.

      Determine your UUID using wmic (recommended)

      1. Open the Command Prompt (CMD).

      2. Run the code below in the Commnad Prompt. Substitute the string Agent for Proxy or Server if you are unisntalling that component.

        WMIC Product WHERE 'Name LIKE “ESET%Agent”' GET Name, IdentifyingNumber

      3. Save the IdentifyingNumber from the response for next steps, where you use it as UUID. Continue with Remove matching registry entries.

      Determine your UUID manually (alternative)

      1. Determine your installation UUID using the following method. In regedit look for string according to the product you want to uninstall (first click on the "Computer" icon in the Registry Editor window and then press Ctrl + F, as seen on the Figure 1)

      • Agent – 786A20824144DB1449FA500C3A98D88D
      • Proxy – F9CA8E30D2213F845B3D8CD400830207
      • Server – 6BBB27714D4D80B49B1A3516C272C035


      Figure 1
      Click the image to view larger in new window

      1. After finding the registry key (the left side of the window, as seen in Figure 2) with the searched code, look on the right side of the window and there should be a value with your UUID. The format of UUID is like 0C152732BE4C9304C928EF074263969D.


      Figure 2
      Click the image to view larger in new window

      1. Now transform this UUID into the Product Code. The transformation process is as following:

      Reverse first 8 characters 0C152732237251C0

      Reverse next 4 characters BE4CC4EB

      Reverse next 4 characters 93044039

      Reverse next 2 characters C99C

      Reverse next 2 characters 2882

      Reverse next 2 characters EFFE

      Reverse next 2 characters 0770

      Reverse next 2 characters 4224

      Reverse next 2 characters 6336

      Reverse next 2 characters 9669

      Reverse next 2 characters 9DD9

      In the end, add the dashes so the value looks like: 237251C0-C4EB-4039-9C82-FE70243669D9
      This is your Product Code. Keep both the UUID and your Product Code in a text file so it can be used in next steps.

      Remove matching registry entries

      1. Look up all entries that contain the UUID. Delete registry keys (the left side of the window, as shown in Figure 3) that contain the UUID or their name is the UUID. That there can be over 50 registry keys to delete. Be cautious, in this step do NOT delete anything inside these keys:
      • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerFolders
      • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUFHARP
      • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
      • HKEY_LOCAL_MACHINESOFTWAREClassesInstallerProducts


      Figure 3
      Click the image to view larger in new window

      1. In this step, we will use your Product Code.
        Use caution when editing the registry
        • Following registry keys must NOT be deleted!
          • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerFolders
          • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUFHARP
        • Never delete keys with many sub-keys inside

      In the two registry keys mentioned above, you have to look for your Product Code. Inside, delete only the value with Product Code (the right side of the Registry Editor, right-click on the value and click Delete, as seen in Figure 4). Never delete these keys.


      Figure 4
      Click the image to view larger in new window

      1. In the registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall

      Find the sub-key with your Product Code and delete that subkey, as seen in Figure 5.


      Figure 5

      0 0 votes
      Article Rating
      Subscribe
      Notify of
      0 Comments
      Inline Feedbacks
      View all comments
      0
      Would love your thoughts, please comment.x
      ()
      x