sanjay mehta

to the "all" group, we have applied the device control - max security (default preconfigured policy), so that by default all devices are blocked. here the rule "replace" is set for both the merged list & local list. then to a particular computer x, in a subgroup, we apply another policy to allow USB access to a particular iphone data with all device parameters like vendor name, model & serial no. configured from the populated list. here the rule for priority is set to "prepend" for both the merged & local lists. the net result of this used to be that while all devices were blocked for entire organisation, for this particular computer x, only the iphone access was allowed & other devices continued to be blocked. to my knowledge this was working correctly till one day when x was formatted & a new OS win 11 installed. now the net result of the above policies is that while the iphone access is allowed, but all other device access is also allowed which is not the desired outcome. please suggest what am i doing wrong here.

installation,upgrade of many computers in a network or simply refreshing the settings on many computers of an existing network generally happens after license is renewed. it so happens that the endpoint was manually configured for some reasons & if this is not in line with the current policy requirements, we will need to create a new policy to change the endpoint settings. currently there is no way to change endpoint settings except overwrite using a new policy. instead it would be of great help if some kind of switch to reset the endpoint settings to default be provided in the EP/EPC. also any policy or installer created can carry this switch to reset endpoint settings, before the new settings are written. thanks marcos for your time.

marking each setting in a new policy & applying will create "net effect" default settings. but will it revert the endpoint settings to default or only change net effect to default due to policy ? if the second is true, the default settings will only be there till the policy is applied & the moment you remove the policy, settings may not be default again. i wanted to convert or switch the endpoint settings to "default" using EP/EPC.

that is exactly my question. the settings on endpoint are not default & i want to revert them to default.

very often we realize that the endpoint has some pre-existing settings which may not be desirable & then we have to identify these settings & change them using a policy or have physical access to this computer to reset the settings to default. my query is that is there a way to use a policy, or some other way if it exists in EP or EPC, to RESET the endpoint settings to default so that there remains no misunderstanding on what to expect. please note that i am looking to reset endpoint settings. not change the "net effect" settings by any policy.

also please note that since yesterday, when i tried creating a firewall rule & tried to set the precedence of the created rule over pre-existing rules, the cloud sw throws up error (SS attached)

installed bridge on a win 10 PC, using standalone installer, few days back. applied bridge policy. checked client PCs, and all computers were able to connect through the proxy. this bridge works fine till now. installed another bridge for another department yesterday on a similar win 10 PC. the installation was successful, bridge policy was applied. but client PCs not able to connect to proxy. only by disabling the firewall of eset endpoint on the bridge computer, the client was able to find the proxy. what exactly is needed to be allowed in eset endpoint firewall to let the bridge work as proxy ? what app/service/port/protocol/direction ?

thanks marcos. so you are suggesting that it would be safe enough to create a firewall rule to allow both incoming & outgoing traffic for *.eset.com on ports 80 and 443, for all protocols (TCP/UDP etc) except very few applications like livegrid server which will need additionally a different rule to open port 53535 for TCP & UDP. that would be a far more easier option for me, instead of having to enter each separate host name.

please excuse my ignorance, but need help specifically here. see the attached screenshot and the first four entries. am i supposed to make a firewall entry for only proxy.eset.com or all the four separate IP addresses or enter the hostname along with all IP addresses as mentioned in the table ?

same hostname mapped to multiple IP addreses (like for pico updates), so i thought, that it will be enough if only the host name is configured in firewall policy. also we have multiple hostnames mapped to multiple IP, but at the end, there is a single hostname mentioned like ts.eset.com (for submission of suspicious files) so is it enough to use enter 'ts.eset.com' in such cases ?

want to get network firewall configured to allow eset traffic on all computers with restricted internet access. https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall has been my reference and need help in entering the bare minimum IP addresses / URLs complete with with ports & protocols. the list is long & trying to understand if using wild cards in URL will help to shorten the exercise.

thanks for your prompt reply & sorry for my delayed response. had connected with eset support & submitted log files, so was waiting before replying here. the conclusion was that the agents were connecting to the local EP on-prem & not the EP cloud after migration, but were using the cloud certificate. the solution suggested was to re-deploy the agents on all about 100 machines disconnected machines, using either the remote deployment tool or by GPO. we were going to work on this, but realized that we have several computers with some or other kinds of internet restrictions applied on them through the network firewall, so we decided to first apply all rules as per https://help.eset.com/protect_cloud/en-US/prerequisites.html to enable eset traffic. note : this was not an problem earlier because the EP was on-prem. now we realize that this should have been the first step before applying migration policy. no sooner did we open the network firewall, most disconnected computers started showing up in lost & found group of EP cloud. i guess, remaining will also show up in a couple of days. regarding the modules update failed msg, it was due to these 100 machines were using the local mirror update server, so we simply applied an overruling policy to change this & now the problem is solved. so now this issue is resolved. thanks.

never knew this would turn out so badly. for a case of recent upgrade to EP advanced from EP entry - on prem, we first applied migration policy on two computers & they migrated to cloud all right. getting the confidence, we applied the migration policy to about 150 computers on a group, and most of them fail to migrate to cloud. but they also stop reporting to the on-prem server also. now we are stuck. few computers did migrate, but now they have a new problem, modules not updating issue. the problem is such that as soon as one attempt to update the module fails, immediately the next update attempt begins. so you do not get the time to effectively pause the updation process for some time. any suggestions to resolve the issues ? we would like to avoid uninstall - restart - reinstall the installer on all machines.

EFDE install fails repeatedly. client pc has windows 11, UEFI bios confirmed, GPT partition, install initiated through eset protect cloud, but fails everytime with this error - safe start failed to validate boot process. any idea what's going on ?

after finding users who circumvent the corporate network limitations by getting direct access to internet using tethering on their mobile phones, a need is felt to block the tethering internet access. from what i know, blocking USB will block USB tethering access but selective blocking of only internet access thru USB tethering is not possible. ditto for bluetooth tethering. but then there is wifi tethering which presents even more problem, because we would not want to disable wifi on a device.