Peter Randziak

Hope that helps. Crucial parameters are:
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA" where you can limit not only TLS protocol but also list of supported cipher suites, even when we have already enabled only those most secure and considered as secure by various analysis tools.

Unfortunately this is not configurable via UI. It i actually part of Apache Tomcat configuration distributed with ESMC. Please check following KB3724 but just search for TLSv1 and you will understand what to search for in server.xml configuration file. There is no need to follow this KB as it is unrelated.
Regarding question why it TLS1 enabled by default - it is due to backward compatibility as ERA6 clients were using TLS layer provided by system itself, and we do still support older systems (Windows XP as an example, but also older Linux and macOS) which do not support TLS 1.2.

Hi J.J,
 
I try your configuration and it is working well.
Thanks for your help.
 
Axel

Disable Selinux (Selinux is not supported by our product):
To disable SELinux, configure SELINUX=disabled in /etc/selinux/config:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted
Disable Wayland (Wayland is not supported by our product)
You can do this on Fedora 29 by editing /etc/gdm/custom.conf and uncommenting the line "#WaylandEnable=false"
Install GlibC
- yum install libc6.i686
Install Gnome tweak tool:
- yum install gnome-tweak-tool
Install TopIcons Extension:
- yum install gnome-shell-extension-topicons-plus
Pre-Requisities: You need the make utility :
# Debian, Ubuntu
sudo apt-get install make
# Red Hat, Fedora
sudo dnf install make
Download the code to any folder, using git:
git clone https://github.com/phocean/TopIcons-plus.git
Go into the TopIcons Plus project directory and execute the installation script.
cd TopIcons-plus
make install
This will compile the glib schemas and copy all the necessary files to the GNOME Shell extensions directory for your own user account (so you don't need admin privileges to run make). By default, TopIcons Plus will live in the directory 
~/.local/share/gnome-shell/extensions/TopIcons@phocean.net/.
If you want to install the extension so that it will be usable system-wide, you'll have to change the INSTALL_PATH variable, and run as root.
sudo make install INSTALL_PATH=/usr/share/gnome-shell/extensions
Finally, launch the gnome-tweak-tool utility to manage extensions. There, you can enable TopIcons Plus and then tweak its look and feel.
Enable Top Icons plus using Gnome Tweak tool
- Screenshot attached

Install ESET NOD32A Antivirus for Linux Desktop

An FYI for anyone else searching - ESET ECA currently can't do this directly, but ESET UK support helpfully provided a sh script which can install the ESET remote agent silently, connecting endpoints directly to the correct ECA instance.
This worked for me - Meraki can deploy the script by wrapping it into a DMG package and deploying as a custom app.
ESET ECA can then install ESET sofware/licences etc, with everything being 100% remote.
 

Thank You @MichalJ and @MartinK for explaination

Hello @MichalJ just make an AD synchronization and get the computers from there.

Unfortunately I am al so not sure how it was meant. We are officially declaring maximal number of managed clients to 10000 when using MySQL database, but it is not related to number of actually connecting clients, but rather limit is amount of data. ESMC installed over MySQL might have performance issues with processing larger amount of data and rendering larger datasets. As an result rendering of specific reports (threats for example) might be much slower, but in "clean" network even much larger environments can be managed with MySQL-based ESMC installation.
Persistent connections as introduced in ESMC should actually significantly reduce load of ESMC server, especially in "dormant" state when no changes are made in management console. If properly configured on recommended HW, ESMC should handle hundreds of clients per second.

Hello @Pinni3. To get to your points: 
For that purpose, we allow nested dynamic groups. Meaning you have your 30 static ones, each one of them could have nested dynamic groups. Our you want to set it in a way, that you for example put the DG under "all" but then say that it needs to be only in the following static groups. Challenge is, that DG is evaluated on the Agent side, and Agent does not always know, in which SG it belongs to (if you move a client, it will need to recalculate all policy assignments for example). Therefore the nested concept.  We are already tracking improvement for that (Internal reference - IDEA-1100) We are working on better auditing changes, to track who / what / when / how was done. (internal reference - IDEA-1371 I am not completely sure what´s the problem here. Purpose of ERA proxy was just to aggregate the data, but at the end it was sent to ERA server, so the amount of DATA sent is not increased when Proxy was deprecated. Just the ESMC server handles more connections directly, due to a changed replication protocol. Also, AFAIK we have bigger installations than 10k on MySQL. Maybe @MartinK can provide some more information on this. 

You should reply them that the memory dump from a crash has been already analyzed by an AV vendor and Microsoft and both confirmed a bug in a VMWare driver which is unrelated to the mentioned exclusions. We at ESET are willing to help them and provide details about the problem. You as a customer of VMWare could provide them with a memory dump for perusal.

To my best knowledge, if you install ESET Mobile Security from Google Play, you should be offered an option to join the beta program.

Hello Maneet, version 7.1 is newer compared to 7.0. Under normal conditions you can find the “latest available version” in the “installed applications” dashboard, in table “outdated applications”.
You can setup notification or follow the ESET news RSS feed when release news are published. 

Immediate restart after a program update is strongly recommended. Otherwise older drivers will remain loaded when a new version of the program is already running which might cause issues if the system is left without a reboot for a longer time.

I'm not aware of any public statement by Microsoft re. this issue. We analyzed a dump from such crash and concluded that it was caused by a VMWare driver which was also confirmed by Microsoft when we consulted it with their developers. If VMWare contacts us, we can provide them with information that data that would help them fix the issue.

Yes, you understand it correctly.   

With regards to what Marcos said, let me add that we are currently discussing an option to block new files before the result from EDTD is obtained.
Main advantage of EDTD is the additional sensitivity threshold and the quicker speed. Via LG we block 100% confirmed malware, via EDTD you can block also highly suspicious / suspicious files, based on the sandbox result automatically without waiting for the LG / detection engine update. 

EDTD shortens the response time to new threats to the bare minimum, typically 2-3 minutes. Even with LiveGrid the response may be slower, typically several minutes in case you encountered a brand new threat among the first.
EDTD does not block processes while files are being analyzed by EDTD. However, mail security products may delay the delivery of email for a short time until results of analysis are received.

This is a known issue with VMWare drivers which was also confirmed by Microsoft. We recommend contacting VMWare re. the issue. If necessary, we can provide more details about the issue to their programmers.

That's good to hear I assume that after uninstalling EIS and installing ESET NOD32 Antivirus it should work alright then as well.
You can do it through the product -> Change product but don't forger to change the license key for your own afterwards:

My first recommendation (just to allow the deletion) would be to uncheck the option to "automatically deactivate such seats". What you can do, is to deactivate them manually via ESET License Administrator or shorten the removal interval there. 
What might also help for us to check is to try manual removal of such computers from ELA. If that works, then it might be caused by network connectivity issues on your / our side. It might help us to actually see the PLID, so we can check whether ESMC server was able to contact our licensing infrastructure, to perform deactivation. 

Thank you for the replies!! Indeed i contacted support and they were very helpful. I managed to solve my problem and improve my security!

Most likely you had to reboot after an upgrade to the latest version 12.1.34 which has brought a fix for the issue.

Dear Camilo,
is there any chance to provide log files from the ESMC Server?
If possible please try to replicate the situation with enabled "trace" verbosity (https://help.eset.com/esmc_admin/70/en-US/admin_server_settings.html?admin_server_settings.html) and please provide us with logs - we are curious about the "trace.log" from the ESMC Server. Logs can be collected by ESET Log Collector (https://support.eset.com/kb3466/?locale=en_US&viewlocale=en_US)

Hi Guys,
this thing was identified as malicious, however, it's False Positive. We've added that to whitelist not to trigger, however, we're investigating what has happened, which system and why it was identified that as malicious. The issue will be fixed properly after that investigation.
Anyway, for imagination if that would not be FP, then to your questions:
Was it really a threat file that got deleted thanks to EDTD? - YES
Would the ESET EndPoint Antivirus (without EDTD) still catch it? - No, it would not. Into EDTD are sent only files which Endpoint identified as clean, but "interesting" to further investigation

If I remember correctly, it should happen after the next service release in 1-2 months. By the way, it will be uPCU, not PCU.