[Mac OS 11 Big Sur **BETA IS LIVE**]

On 8/21/2020 at 3:28 PM, JonH said:

We went through this with ESET with both the last two macOS products. I'd have thought you learned your lesson from that and had products available for your loyal Business users that have to test these well before they go live. Please release a Beta ASAP.

I had the same thought ...

[PHP Composer and ESET Web Access Protection incompatibility]

Hello,

We are PHP Web Developper using Composer to manage dependencies. We are unable to use the Web Access Protection and run composer. It is a known issue for Composer, but I want to know if this can be addressed by ESET so we can keep Web Access Protection on.

https://getcomposer.org/doc/articles/troubleshooting.md#degraded-mode

Quote

• If you are using ESET antivirus, go in "Advanced Settings" and disable "HTTP-scanner" under "web access protection"

 

[Dynamic group for Eset EndPoint outdated products]

 

That should work. It's also possible to create nested subgroups for a dynamic group but what you suggested is a more convenient solution.

Marcos: Any update on whether or not this is going to be an integrated feature?

 

+1

[New Mac Sierra Compatible Version]

When can I expect the new Endpoint Antivirus package to be available within the ERA console? How can I retrieve the direct package in case I want to try to push it "manually"?

 

Thanks

[Managed computers detected as Rogue]

I use Active Directory to list my computers. I use ERDS to monitor computers connecting to the network while not being part of the domain.

[Managed computers detected as Rogue]

 

Your assumption is correct. It is caused by incomplete list of detected network interfaces on this client - we are collecting only data for ethernet interfaces with assigned IP address . As a temporary workaround you have two possibilities:

• modify report template of this report (filters section) so that mentioned computer is excluded from list.
• create new configuration policy for ESET Rogue Detection Sensor with blacklisted specific mac addresses. Policy has to be applied on client(s) running sensor.

 

We would also appreciate if you could describe what type of network interfaces are those missing from client details? Their are missing IP address because they are currently not connected to network, but were previously and thus detected by Rogue Detection Sensor?

 

This happens very often in my company. We have clients that have notebooks. In one part of company they are connected with LAN, but when they move to conference hall they are connected to WLAN. There are also clients that connect via VPN and they get IP in different subnet.

 

 

Exactly what I wanted to describe. Most people here have MacBooks and Thunderbolt display. When moving around the office, they are using Wifi. When connected to the monitor, it's using the ethernet interface. When connected from home, it's through a VPN tunnel.

 

In mac, I can choose which network adapter will update DNS by running this command : dsconfigad -restrictDDNS "en0, en1, en2" where en0, en1 are my interfaces. It prevents virtual network interfaces or VPN connections to be registered in my DNS thus making the computer unreachable from hostname.

 

There is the same type of configuration in Windows to prevent a network connection from registering its IP on the DNS server. Could these settings be used so that ESET inventories all network interfaces that would normally register an IP to the DNS server?

[Managed computers detected as Rogue]

Hello,

 

I'm having an issue with my managed computers (from Active Directory) being detected by the ERDS because of a different interface / mac address. Is there a way I can cleanup Rogue list by ignoring already managed computers? Seems like only one interface is considered in ERA.

 

Example for my computer (Mac) :

 

As I can see in ERA Console :

 

NETWORK ADAPTERS

Name : en0
IPv4 : 192.168.10.208
MAC : FF-FF-FF-FF-FF-F5
Subnet : 192.168.10.0
Subnet Mask : 255.255.254.0

 

Name : en0
IPv6 : fe80::f65c:89ff:fe9e:5af5
MAC : FF-FF-FF-FF-FF-F5
Subnet : fe80::/64

 

And if I list the adapters on my computer :

 

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether ff:ff:ff:ff:ff:f5 

inet6 fe80::f65c:89ff:fe9e:5af5%en0 prefixlen 64 scopeid 0x5 

inet 192.168.10.208 netmask 0xfffffe00 broadcast 192.168.11.255

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

 

en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether ff:ff:ff:ff:ff:70 

media: autoselect <full-duplex>

status: inactive

 

en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether ff:ff:ff:ff:ff:71 

media: autoselect <full-duplex>

status: inactive

 

en6: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>

ether ff:ff:ff:ff:ff:45 

nd6 options=1<PERFORMNUD>

media: autoselect (none)

status: inactive