sanjay mehta

to the "all" group, we have applied the device control - max security (default preconfigured policy), so that by default all devices are blocked. here the rule "replace" is set for both the merged list & local list. then to a particular computer x, in a subgroup, we apply another policy to allow USB access to a particular iphone data with all device parameters like vendor name, model & serial no. configured from the populated list. here the rule for priority is set to "prepend" for both the merged & local lists. the net result of this used to be that while all devices were blocked for entire organisation, for this particular computer x, only the iphone access was allowed & other devices continued to be blocked. to my knowledge this was working correctly till one day when x was formatted & a new OS win 11 installed. now the net result of the above policies is that while the iphone access is allowed, but all other device access is also allowed which is not the desired outcome. please suggest what am i doing wrong here.

installation,upgrade of many computers in a network or simply refreshing the settings on many computers of an existing network generally happens after license is renewed. it so happens that the endpoint was manually configured for some reasons & if this is not in line with the current policy requirements, we will need to create a new policy to change the endpoint settings. currently there is no way to change endpoint settings except overwrite using a new policy. instead it would be of great help if some kind of switch to reset the endpoint settings to default be provided in the EP/EPC. also any policy or installer created can carry this switch to reset endpoint settings, before the new settings are written. thanks marcos for your time.

marking each setting in a new policy & applying will create "net effect" default settings. but will it revert the endpoint settings to default or only change net effect to default due to policy ? if the second is true, the default settings will only be there till the policy is applied & the moment you remove the policy, settings may not be default again. i wanted to convert or switch the endpoint settings to "default" using EP/EPC.

that is exactly my question. the settings on endpoint are not default & i want to revert them to default.

very often we realize that the endpoint has some pre-existing settings which may not be desirable & then we have to identify these settings & change them using a policy or have physical access to this computer to reset the settings to default. my query is that is there a way to use a policy, or some other way if it exists in EP or EPC, to RESET the endpoint settings to default so that there remains no misunderstanding on what to expect. please note that i am looking to reset endpoint settings. not change the "net effect" settings by any policy.

also please note that since yesterday, when i tried creating a firewall rule & tried to set the precedence of the created rule over pre-existing rules, the cloud sw throws up error (SS attached)

installed bridge on a win 10 PC, using standalone installer, few days back. applied bridge policy. checked client PCs, and all computers were able to connect through the proxy. this bridge works fine till now. installed another bridge for another department yesterday on a similar win 10 PC. the installation was successful, bridge policy was applied. but client PCs not able to connect to proxy. only by disabling the firewall of eset endpoint on the bridge computer, the client was able to find the proxy. what exactly is needed to be allowed in eset endpoint firewall to let the bridge work as proxy ? what app/service/port/protocol/direction ?

thanks marcos. so you are suggesting that it would be safe enough to create a firewall rule to allow both incoming & outgoing traffic for *.eset.com on ports 80 and 443, for all protocols (TCP/UDP etc) except very few applications like livegrid server which will need additionally a different rule to open port 53535 for TCP & UDP. that would be a far more easier option for me, instead of having to enter each separate host name.

please excuse my ignorance, but need help specifically here. see the attached screenshot and the first four entries. am i supposed to make a firewall entry for only proxy.eset.com or all the four separate IP addresses or enter the hostname along with all IP addresses as mentioned in the table ?

same hostname mapped to multiple IP addreses (like for pico updates), so i thought, that it will be enough if only the host name is configured in firewall policy. also we have multiple hostnames mapped to multiple IP, but at the end, there is a single hostname mentioned like ts.eset.com (for submission of suspicious files) so is it enough to use enter 'ts.eset.com' in such cases ?

want to get network firewall configured to allow eset traffic on all computers with restricted internet access. https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall has been my reference and need help in entering the bare minimum IP addresses / URLs complete with with ports & protocols. the list is long & trying to understand if using wild cards in URL will help to shorten the exercise.

thanks for your prompt reply & sorry for my delayed response. had connected with eset support & submitted log files, so was waiting before replying here. the conclusion was that the agents were connecting to the local EP on-prem & not the EP cloud after migration, but were using the cloud certificate. the solution suggested was to re-deploy the agents on all about 100 machines disconnected machines, using either the remote deployment tool or by GPO. we were going to work on this, but realized that we have several computers with some or other kinds of internet restrictions applied on them through the network firewall, so we decided to first apply all rules as per https://help.eset.com/protect_cloud/en-US/prerequisites.html to enable eset traffic. note : this was not an problem earlier because the EP was on-prem. now we realize that this should have been the first step before applying migration policy. no sooner did we open the network firewall, most disconnected computers started showing up in lost & found group of EP cloud. i guess, remaining will also show up in a couple of days. regarding the modules update failed msg, it was due to these 100 machines were using the local mirror update server, so we simply applied an overruling policy to change this & now the problem is solved. so now this issue is resolved. thanks.

never knew this would turn out so badly. for a case of recent upgrade to EP advanced from EP entry - on prem, we first applied migration policy on two computers & they migrated to cloud all right. getting the confidence, we applied the migration policy to about 150 computers on a group, and most of them fail to migrate to cloud. but they also stop reporting to the on-prem server also. now we are stuck. few computers did migrate, but now they have a new problem, modules not updating issue. the problem is such that as soon as one attempt to update the module fails, immediately the next update attempt begins. so you do not get the time to effectively pause the updation process for some time. any suggestions to resolve the issues ? we would like to avoid uninstall - restart - reinstall the installer on all machines.

EFDE install fails repeatedly. client pc has windows 11, UEFI bios confirmed, GPT partition, install initiated through eset protect cloud, but fails everytime with this error - safe start failed to validate boot process. any idea what's going on ?

after finding users who circumvent the corporate network limitations by getting direct access to internet using tethering on their mobile phones, a need is felt to block the tethering internet access. from what i know, blocking USB will block USB tethering access but selective blocking of only internet access thru USB tethering is not possible. ditto for bluetooth tethering. but then there is wifi tethering which presents even more problem, because we would not want to disable wifi on a device.

got it. 🙏 but now i need help with allowing web console access from other network PCs. so could you please specifically let me know what policy configuration should i create for eset protect machine firewall to allow network computers to access web console ? tried working on this with various configs, but nothing seems to be working.

thanks for your prompt reply. thanks for pointing out the duplicate PC & ARp cache poisoning issues, will work on that. i wasn't aware that installing eset protect on windows 10 or 11 is not in line with microsoft policy. since this is a smaller network with just 30 endpoints, went ahead with windows, but will consider switching the OS. 1. however, please specify if agents not reporting to eset server problem is due to the wrong OS for eset protect installation. 2. if not, then why do i have to create a policy to allow the eset traffic, which should have been allowed by default ? 3. have created the policy to allow eset agent connections & agents are working now, but still cannot access the web console from other client PCs in network, until i disable firewall on eset protec machine. need help with this specifically. thanks in advance.

sent you a DM with link to download the file

the log file is bigger than 200 mb, about 270 mb, so could not upload (had collected with profile - all). please suggest if default profile will be ok ?

will do shortly, and like to report that unable to access the https://192.168.1.XXX/era, where 192.168.1.xxx is eset protect m/c from other machines in network. putting firewall off on server solves this issue too.

it is eset firewall from eset endpoint security on a windows 10 m/c used for eset protect installation. the expectation is that eset communication must be allowed by default, but no, it does not happen. the agents start reporting to server only after the eset firewall is switched off.

if we setup an eset protect server with eset endpoint security or eset file security installed on the same machine, then the first thing we notice is that eset agents in the network do not report to the server by default, until put off the firewall. can somebody please help me define a policy to allow eset traffic, (on the eset protect server machine with either windows 10/11 OS or server OS) that includes agent communication, epns - wake up calls, http proxy or eset bridge, web console etc. i also feel that this should have been allowed by default using a built in policy.

for any eset protect installation, all endpoint firewalls must be preconfigured using some default policy to allow eset traffic using the standard ports & there should be no need to allow such ports during installation. please correct me if this is not desirable for some reason.

msg sent.

trying to activate a windows 7 offline installation (no internet, isolated network, upgrades from a mirror) of eset endpoint security (latest ver), fails with error code : ACT.260. screen shot enclosed. no agent required in offline installation. using an offline activation file that worked on similar computers with similar OS but fails on last two computers. the error message does not reflect any license overuse, so not sure, what is the reason. tried to uninstall the endpoint & reinstall but same error. any advice on how to troubleshoot this issue appreciated. thanks.