Jump to content

Leaderboard


Popular Content

Showing content with the most kudos since 01/18/2018 in all areas

  1. 3 points
    Actually advanced users love the ability to customize numerous settings. Common users don't need to go to the advanced setup at all since ESET products provide well-balanced protection out of the box.
  2. 3 points
    @AStevens.SHG Hello, Concerning the more options in the reports, some of the changes are going to be introduced, but not all of them. However, we are planning a bigger redesign for the future version, which might make it simpler. Other requests are tracked in the feature backlog (authentication screen changes, AD sync changes, and export of data from "computers screen") and I believe that some of them will be done in the future versions (not in the 7.0, but into the future releases). I can´t comment now about details, as we are still scoping, and setting up the road-map plans. But your votes will be added to already tracked backlog items.
  3. 3 points
    Hello, thank you for the feedback. I have positive news for you - we are continuously improving the ways how reports are built & are adding further filtering options in the soon to be released version. So the filter by action is added in the upcoming version & you are also able to filter out some entries from the "installed applications" report, by choosing condition "is not one of" (screenshots attached).
  4. 3 points
    Hello, we will be rolling out this change by the means of a module update in the upcoming weeks.
  5. 3 points
    I would welcome the changes, as I currently enable strict cleaning to get similar results
  6. 3 points
    Speaking as someone who is hands-on IT management rather than a reseller or MSP: That is how I would expect it to behave and should. My endpoints are configured for strict cleaning so I have not dealt with this issue, however if end users were greeted with option dialogs during an av scan without any way for the admin to suppress I would be quite aggravated with the product.
  7. 2 points
    Description: A "Reset to Default" option for different parts of the ERA. Detail: This one has mainly been discovered due to my own fault. There are many things that can be played with within ERA which is great, however I think there are some of us that might play a little too much and then get to a point where we've changed so much of something that it doesn't work or doesn't give you what you want. For areas such as reports and policies, it might be a good idea to have a button that you can click while editing that restores the default values. That way, if you play around too much and feel like you just want it back to how it was before, you have a reset button as a saviour.
  8. 2 points
    Dear forum members, We are considering a change in the product's behavior but before doing that, we would like to consult you, our field experts with regards to the problem and suggested change. We kindly ask you to: Read this message carefully Talk with other people of your support staff, whether they are aware of issues related to current behavior Provide any comments (supportive / negative) towards the proposed change As of now, one of the issues that our customers are facing is the behavior of products in managed environment, related to handling of detections and cleaning of Potentially Unwanted and Potentially Unsafe Applications (hereafter referenced as PUA) The following are prerequisites of the behavior: Default cleaning settings on the Endpoints (normal cleaning) Detection of PUA is enabled. With these settings we were reported the following problems by several customers and resellers / MSPs that we have interacted with directly during a customer research. Main problems are: End users on local machines are forced to respond to an „interactive window“ that is asking for action in case of a PUA detection, which can by triggered by protection modules or the on-demand scanner. They offer the „ignore & continue“ action even in managed environments where the end user should not make decision. Users can try to install a PUA which usually ends with multiple interactive windows appearing. If a PUA is already in the system and you schedule an on-demand scan, it will be reported to the user again and a dialog with action selection is shown to the user. If this happens on a server, it will be never resolved; the dialog eventually expires, and then will be reported again and again to the server upon re-scanning. The only solution currently is to set an exclusion or to set cleaning mode to strict which will automatically remove the PUA detection without asking. What are we planning to do: We are planning to change the product behavior in a way that our endpoints will automatically block / clean PUA detections in managed environments according to the option selected by an administrator, meaning that the end users will never see interactive windows. Alerts (only one) will be reported to the ERA, and it will be up to the security administrator to either set an exclusion or acknowledge such detection. After exclusion, reinstall of the affected PUA will be needed on the target system; restore from quarantine is not enough since „cleaning“ also removes references which are not restoreable (this is valid also now, when Exclusion is „cleaned“). We would like to hear from you and ask for feedback whether you consider this change as risky from the perspective of customer expectations. We do perceive the problem as serious and would like to change the behavior even for existing users by means of a module update. An alternative approach is to change it only in new versions of our products, meaning Endpoint V7 and eventually backport it to a new 6.6 hotfix if that happens in the foreseeable future. How the interactive window looks: How it looks in the logs: How it looks in the ESET Remote Administrator: Please note that we are also bringing a lot of changes into the ESMC: Cleaned „threats“ are automatically going to be marked as resolved (once the behavior is implemented, you will automatically get the PUA cleaned at the „first detection“) and will be automatically „resolved“ in ESMC (no duplicated entries when one clicks „no action“) You will be able to set exclusions directly from the threats section, basically by „one click“; there will be also an option to set „exclusion by HASH“ in EES. Thank you for your feedback & support.
  9. 2 points
    Or maybe even better, could you verify this registry keys actually points to ERA Agent: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" If so, running "Run command" ESMC task with command line: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f directly from console on affected clients should clean old registries:
  10. 2 points
    MartinK

    Problems with EES V7

    Unfortunately this is issue we are currently investigating and working on remediation. What actually happens that ERA Agent successfully upgrades to ESMC Agent, but for some reason, remnants of original application are not properly removed from registries (msiexec database). It has no impact on functionality, but it is confusing, especially in case ESMC reports it as outdated software is present on client machine. We will most probably provide at least script that cleans those registry entries, until proper fix is available.
  11. 2 points
    Marcos

    Problems with EES V7

    It can be either an issue registering a WFP callout (e.g. due to issues with BFE or registry permissions), or you disabled protocol filtering which is now indicated by a change of the protection status. Please provide me with logs collected with ESET Log Collector from such machine so that I can check the configuration.
  12. 2 points
    Hi, Enable parental control --> block the uncategorized website (for having robust web filtering)then open a website that has now category so Eset block it but you may want to allow this URL fast. It Would be good if Eset provides an option to unblock websites by password from the browser(or from the parental control log), not Eset parental control settings. its easier to manage, Also, Eset hips show the loaded drivers but it doesn't show the digital signature for them.I like to see the signature.
  13. 2 points
    Add option to realtime scanner to block obfuscated Powershell scripts. Option would be dependent upon Win 10 AMSI option enabled in the Eset GUI. Justification Microsoft added a like mitigation in the form of a Windows Defender Exploit Guard ASR mitigation effective with Win 10 1709. ASR mitigations are only effective if Windows Defender is enabled as the realtime scan engine. Further justification is Eset's failure to detect malware in highly obfuscated PowerShell script in a Malware Research Group ad hoc test: https://www.mrg-effitas.com/research/current-state-of-malicious-powershell-script-blocking/
  14. 2 points
    Add - Dark Mode on ESET Nod32 would be great.
  15. 2 points
    Release Date: July 2, 2018 ESET NOD32 for Linux Desktop version 4.0.90.0 has been released and is available to download. Changelog Fixed: Mozilla Firefox crashes Fixed: Nroff crashes when running "man" commands Known Issues CD media blocking does not work correctly on Debian 6.0.7 64-bit Supported Linux distributions Debian 6.0.7, Fedora 18, Mandriva, Red Hat, SuSE, Ubuntu 12.10 and most RPM- and DEB-package manager based distributions. For more information and to download the product, visit the ESET NOD32 Antivirus for Linux download page or contact your local reseller, distributor or ESET office.
  16. 2 points
    That's how it works in ESMC (ERA v7) which is currently in the phase of beta testing and will be released soon.
  17. 2 points
    Chris Todd

    Introduce yourself

    Greetings from Australia. My name is Chris, retired Electronics Engineer. I have been using ESET products for many years and am well satisfied with the protection they give me. I am a bit of a "tinkerer" and have 4 installations Windows 7-32, Windows 8-32 , Windows 10-32 and 64 on the one machine. being able to boot into an old version of Windows for recovery procedures has "saved my bacon" a few time when things went awry or got too scrambled in W10 which I use most of the time. An interesting fact about me ?? Nothing exciting ! I am a traveller, haveing visited over 70 countries on fact finding vacations. I am an AVID chatter using SKYPE and other forums with acquaintances in mainly sanish speaking countries.
  18. 2 points
    TomasP

    ERA VA - Missing ODBC driver

    Hello, We have recently learned of an issue that may affect your ERA Appliances. It is caused by an updated MySQL ODBC driver (Linux ODBC Connector package) and will manifest upon ERA service restart. You can identify this issue by the "Error loading data" message shown in the console, or by trace.log entries mentioning missing ODBC driver. More details, as well as the steps necessary to fix this issue (or prevent it, if you are not affected yet), can be found at https://support.eset.com/kb6760/ Regards, Tomas
  19. 2 points
    This will change as of ESMC (ERA v7) in the way that handled threats will be resolved automatically.
  20. 2 points
    Description: Individual firewall rule hit count. Detail: Similar to hardware firewalls, it would be nice to see a hit count, packets matched, kind of information per individual firewall rule in Endpoint protection, also for that information (similar to above requests) to be visible in ERA, and total of the hits across all clients with the same rule. So we can generate reports, this makes it easier to find rules no longer being used and can be removed safely.
  21. 2 points
    I have checked this with the developers, and we are going to change the behavior in V7. If you select "only computers", all of the computers under "DN" will be synced, not only direct parent ones. So it should behave according to your expectations. With regards to the "users", what is the usecase for you? For what do you use the? Do you manually create linking between users & devices, or use the user variables in policies for Endpoint or MDM?
  22. 2 points
    Hello, I am building a master list of hardware, software and networking companies affected by Meltdown and Spectre in the We Live Security blog post mentioned, above. Here is a link a direct link to the table: https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/#vendors Currently there are 62 150 vendors listed at the time of this posting editing. There's a revision history at the bottom of the blog post with each day's additions. Regards, Aryeh Goretsky
  23. 1 point
    Hello, based on your screenshot, I'd say there are two things wrong. @Marcos has pointed you to the wrong certificate - the one you should be modifying is "HTTPS certificate" in "General". And certificate you're trying to set is wrong - it says "Proxy certificate" (which is correct for the Connection's certificate - that's what's used for communication to the ESMC server, but it's wrong for the HTTPS certificate). You need to generate a certificate with hostname matching your MDC's hostname and set it as the HTTPS certificate.
  24. 1 point
    I created a dynamic group with, contains Agents v7 AND v6 are both installed, then run 2 x Run Commands (1 for each of the reg deletes) when clients joined the group. This resolved the issue for me 95% of the time, i did have to manually rerun the task a few times and had to manually remove one of the reg entries as it was being stubborn and not deleting on at least two machines.
  25. 1 point
    Personally, I think this would allow us to sell a lot more ESET. Going a bit further, I wonder if it is possible to get the expiration date of the installed product? Then a month or two before the competing product is due for renewal, we as MSP's can go in and quote for the renewal. Andy
×