whitelistCMD

Thank you for your reply, Michal. I appreciate the info. I'll respond if issue cannot be resolved or if things do not change after the 7.1 update.

Hello, I'm currently running ESMC 7.0.471.0 and I have two mapped domain security groups that I use in order to apply different permission sets dependent upon the persons role. The current two groups are eset admins and eset users. I have one employee who currently exists in the users group. I'm now trying to give him admin permissions. I have removed him from our eset users group in AD, and then added him to the eset admins group. I then ran users sync task in ESMC, to make sure it had the current groups (I didn't know if this step should be involved or not? since I'm looking for AD Group Membership and not at an OU change). However, when the employee logs into ESMC, they still have the user permission set. I then tried removing the employee from both the eset user and eset admins groups in AD, re-ran the user sync task, and the employee can still login to the console. The only way I can prevent them from logging in is by disabling their account in AD, or removing the eset users mapped security domain group from ESMC. Does anyone have any insight into where to look when diagnosing this issue? I'm kind of at a loss here. My ESMC sync tasks look ok, and they are successful, but it seems like the console is not updating AD group membership status. Any help is appreciated. Thanks! Also, our ESMC console is a virtual appliance running on CentOS 6. My apologies for forgetting to mention that earlier.

Hello All, After the recent MacOS update and ESET Cyber Security Pro update (I upgraded both on the same day), I am getting notifications from eset that it has detected a new network connection; utun1 interface. I then get a notification "Waiting for DHCP Response" with a 60 second timer. I don't use any VPN software; it's a MacBook Air 2014. Any idea what might be causing this sudden change in behavior? I was able to find this link from Apple: https://discussions.apple.com/thread/8456250 Any help or insight into this is appreciated. I have since upgraded another MacBook Air with ESET CSP and it is now exhibiting the same behavior. I have not been able to test on a completely different network. Thank you in advance!

I just went ahead and started putting our exclusions in this list, however, this won't work for us. I need to be able to exclude certain file types from scanning (yes, I know there should not be exclusions, but it impacts the performance on a couple of machines when certain file types are being scanned, and I was overruled on this decision). The problem with exclusions of certain file types is I may not know the path, and the servers may have different drive letters. If I can't Replace or Append the file extensions list, then I can't have more than one list if a server is picking up more than one policy?

Hello, I have a question that pertains to File Exclusions under RTFSP.... If we have multiple policies stacked on top of one another for a specific server, and those policies both carry File Exclusions under RTFSP, how are we able to stack those exclusions? I do not see the option to append, pre-pend, or replace? I do see the option for File Exclusions under Detection Engine, but it is non-existent for File Exclusions under RTFSP? Do only the exclusions under the last policy applied, get excluded from RTFSP? Thanks in advance!

Ok, thank you for the clarification. I'll wait a little bit to see if that changes at all. I'm currently working on upgrading all of the applications anyways. Thanks again.

By manually upgrading, I meant migration. My apologies for the confusion and the delay. I was just curious if it was possible to upgrade without re-deploying a new appliance, Thank you for your help. I appreciate it as always.

Thank you Michal. I appreciate the clarification. It makes sense. We are not currently using a proxy, but I see the concern either way. I will wait a bit and see what develops on your side, then consider our options. Thanks again.

To clarify, I did not lose control of some users after an update to version 7. It started when some machines went out for a module update. It was more of repo connection from one side or the other. This all started before I upgraded anything to version 7. I have had 0 issues with any version 7 product thus far.

Thank you, Michal! I appreciate it! To confirm, once we upgrade to ESMC v7, I would then just run the Remote Components Upgrade task from the ESMC v7 console on the Endpoints and that will bring the agents up to the current version?

I'm actually having issues with Web Control ever since some endpoints decided to stop reading user data once they received a module update. I can only control and modify about half of our users, even though all the endpoints have no issues receiving the updated policy. When I upgrade them to Endpoint Security v7, everything works again. This is why I'm asking if this is ok. I'm only targeting specific users right now, but I would like to speed up the process since we will be upgrading ERAv6.5 to ESMC v7 at some point.

Hello, Can I begin upgrading Endpoints to v7 that will still have 6.5 agent and connecting to an OVA ERAv6.5? Mainly running Endpoint Security and File Security. Thanks!

What is the exact process for manually upgrading OVA ERA 6.5 to ESMC v7? Is there any prep work I need to do on endpoints before or after the update so that I can begin upgrading those endpoints to v7?

Hello ESET Team, Any idea when the Remote Administrator Component Upgrade Task will become available for upgrading ERA v6.5 to ESMC v7? I know the manual upgrade is available, but with a project heavy workload, I'm looking for the easy win to get us on the new platform. Any information will be helpful. Thanks in advance!

I'm having this exact same issue. I noticed we had a bunch of machines have their signature downloads interrupted last week, but that seems to have cleared. However, when trying to download the AIO installer, I'm running into the exact same problem. I've confirmed that nothing on our side is blocking communication. I get the Internal Server Error after five minutes. I tried combing through the trace log, but with debug verbosity it's incredibly hard to find. I did find one stating error during file get request standard exception, but I eventually stopped combing through everything. I'm located in the US.

Perfect. Thank you very much, sir! I appreciate it as always. Take care!

Thanks, Marcos. So this support is enabled by default and is not something I need to turn on then, correct?

Forgive me if I missed this in a previous version, but has support been added for WSL in Windows 10? We're currently running windows 10 with the latest version of ESET Endpoint Security (6.6.2072.4) and I thought I remember seeing an option in ERA when viewing the policy for these machines, to turn on support for WSL, but after revisiting this I'm not seeing anything in the policy. Can anyone tell me if this is done by default, option-enabled through policy, or is it even supported? I just want to make sure we're covering ourselves and I'm not missing something. Any info on WSL and EES is appreciated. Thanks in advance.

ERA Virtual Appliance ESET Remote Administrator Server 6.5.417.0 We're currently moving to TLS 1.2 only, on a large number of our servers. The few Windows Servers (Server 2012R2, and 2016) that have already been migrated over to TLS 1.2 only, have since lost connection to the ERA. I looked to see which ciphers the agents on those servers are using, and even though they are TLS 1.2 ciphers, they are considered weak, which would burn us in an audit. I'd like to turn on "Advanced Security" in ERA Server Settings to hopefully have access to higher cipher suites, but I'm curious of a few things: 1. Am I correct in understanding that in order to accommodate higher cipher suites for TLS 1.2, I would need to turn "Advanced Security" on? 2. What is all involved in regards to certificates? Do I need to prep anything, or change from the default server certificate? (This is probably my biggest concern, as I'm not sure where to begin with this?) 3. Does anyone know what ciphers will be added/replaced when enabling "Advanced Security"? 4. Any additional info? Thanks in advance for any help on this.

Do you know if it is necessary to keep the xml config file after successful import, or can it be deleted? I'm not sure whether or not CSP is just pointed to config location, and I have yet to dig to try and find it. Thanks again.

Perfect. That's exactly what I was looking for. Thank you for the help.

Hello, ## 2 MacBook Airs running High Sierra 10.3.2 and both running ESET CSP 6.5.600.1 # 1 MacBook Air upgraded to ESET CSP 6.5.600.2 before Mac OS High Sierra 10.3.3 update Everything seems to be working fine on this one, but CSP did take approximately 10+ minutes to write files, which seemed lengthy (not a complaint, just wanted to relay any info I can). # 1 MacBook Air was NOT upgraded to ESET CSP 6.5.600.2 before Mac OS High Sierra 10.3.3 update I quickly installed ESET CSP 6.5.600.2 immediately after the Mac OS 10.3.3 update and then I received an error that a background process had stopped (I did get a successful installation message). I then restarted the MacBook and ESET did not open automatically and it would not open from Launchpad (something about it's no longer present - I forgot exact error now). Two questions I have: 1. Is upgrading to ESET CSP 6.5.600.2 recommended before installing Mac OS High Sierra 10.3.3 update? I have two other MacBooks to work on that are in this current state (Mac OS 10.3.2 & ESET CSP 6.5.600.1) 2. On the MacBook that was updated to Mac OS 10.3.3 before upgrading ESET CSP to 6.5.600.2 - I have now uninstalled ESET CSP, but exported the configuration settings beforehand. My question is if I reinstall ESET CSP with version 6.5.600.2, is it safe to import the configuration settings from what seemed to be a broken install after Mac OS 10.3.3 update and then ESET CSP upgrade to 6.5.600.2? Thanks for all the help. Please let me know if you need any further clarification on my end.

Hello, ERA OVA version 6.5.417.0 We currently use ESET Web Control for Web Filtering. We've been adding each individual user manually, but we're trying to move away from that and just use group SIDS. The rules are already in place and we've had no issues with blocking. If I add the group SID for Domain Users to our default category block rule, I can then remove the users individual SID who belongs to Domain Users group, and ESET Web Control is still blocking as it should. However, if I add the group SID for Domain Admins to the same default category block rule and remove an individual SID who belongs to Domain Admins group, ESET Web Control is not blocking. I've gone through the rules and verified that they are in the correct order and the sites are not being allowed in an earlier rule. So far, this seems to be the only group SID that does not pickup the active block. Any thoughts or ideas as to why this might be? Thanks in advance.

I got it. I was getting confused with all combinations I had tried earlier, and for some reason I thought your post said ".ru/*" and not "*.ru/*" Anyways, sorry for the back and forth and thanks for the help.

Disregard. I have it working for the specific domain now. It was a typo; of course. Just to clarify, do I have to have the TLD name, or can it be any domain ending in .ru, etc?