Jump to content

Markwd

Members
  • Posts

    33
  • Joined

Everything posted by Markwd

  1. Hello, Will the most recent version of ESET Server Security be fully functiontional on a Windows Server 2022 server environment? (We are currently testing this new OS)? Thanks! Markwd
  2. So your saying that major releases will also be installed by MicroPCU, but the difference is that the major releases will require a restart whereas Hotfixes will not? And if so, will the RTS be disabled untill the restart will be done if this major update has been provided through MicroPCU or will the driver be replaced after restarting the server? In other words: Would it be possible / advised to enable MicroPCU on servers and let it do the version updates all the way (including major versions) and have a reboot through a different maintenance windows provide the restart of the server (in some cases) days later?
  3. Hello, ESET Server and Mail Security (v8) have been officially released now with the MicroPCU function built in. I was going through the knowledgebase to find more information about this function, and noticed the following kb: Program component update | ESET Endpoint Security | ESET Online Help It advices to set the PCU setting in the policies to Never for ESET server installations Furthermore, looking at the official statement about the best way ESET advices to do upgrades (Upgrading to a newer version | ESET Server Security | ESET Online Help) It advices us to fully uninstall the currently installed version, then restart the server and then install the new version. Also I noticed the IMPORTANT section stating that you need to have no pending Windows Updates or Restarts prior to installing the upgrades of ESET Server products. I have tested the upgrade to the new version 8 on several testservers and noticed that both the serverproduct as well as ESET Protect state that a Restart is required, but not mentioning that the Realtime Scanner is Non-functional anymore. Our local ESET Support channel also states, that the MicroPCU function only works for minor upgrades, so upgrading from version 8.0 to 8.1 will not work through MicroPCU. In those cases you still need to re-install the product. From upgrading of version 7.2 upwards every single upgrade on every server disables the Realtime scanner engine until the restart has been done. Before that, the products just kept working on the older drivers, until the server was restarted. I would really like to know what ESET officially advices for keeping their serverproducts up-to-date without major interference or security risks on servers of different classes that mostly require high availability. Markwd
  4. Thanks @Kstainton! This helps a lot!! Kind regards, Mark
  5. Hello @Kstainton, We would like to also store the Workstation ID as a Custom Property in Solarwinds N-Central. In case the workstation has lost connection to the ESET Protect environment, we can then create a Recovery Password by looking at this Custom Property, wthout having to ask the customer to provide this. I noticed a tool C:\Program Files\ESET\ESET Full Disk Encryption\EFDEcmd.exe and was hoping this was a commandline utility for such commands, but until now that utility seems of no use.
  6. Hi, I Was wondering if there is an option to obtain the EFDE Workstation ID remotely through a Windows script or commandline utility. Thanks
  7. Hello Peter, I would also like to participate in this Beta (if it is not too late). Thanks! Markwd
  8. Hello MartinK, Thank you for your respons. In case a user does not know their preboot password anymore, we need to identify which workstation the user is working on at that moment. As the user does not know their preboot password (for what reason), he/she does not have access to the Windows Operating System to provide us unique details of the workstation (such as Computername or ip-address). The only unique point of recognition I can find in the preboot login page is the Workstation ID. In our EEE (Deslock) environment we use this all the time to match the workstation the user is dealing with, with the device in the EEE Server environment. This is also described as part of the procedure for decrypting an FDE disk in KB7150: https://support.eset.com/en/kb7150-remove-eset-endpoint-encryption-from-a-workstation (Verify that the WorkstationID value displayed matches the Workstation ID on the client. How do I find my Workstation ID?) (I was almost certain at some point this was also described as part of the password recovery procedure, but I cannot find this anymore). Also thank you for clearifying the usage of the usage for the Encryption Recovery option under Help. From my view this was the only point for matching the Workstation ID (and then from that point on do a Password Recovery). I can see from your point of view why this has been blocked.
  9. Hello, I am missing some options in ESMC that would allow me to quickly find the Workstation ID of a device through the ESMC console. As far as I can see, the only option for this is to use Help - Encryption Recovery It would be nice if you could also see the Workstation ID under Computer Details or (even maybe better) see the Workstation ID as a column row in the Computers overview in ESMC. At this moment when I log in with an account that has limited rights (on just one Static Group for example) I cannot use the Encryption Recovery option under Help, although I have set the Encryption Recovery Read and Use Rights in the Permission Set of that account. Any thoughts on this?
  10. @MichalJ For business proposal I would say data removal and data loss prevention would be the main reason. A possibilty to report the laptop as stolen (through a task in ESMC) so the person who then has the laptop, cannot use it and will be notified how to contact the owner of the laptop. Tracking down the laptop or making screenshots and/or photo's by webcam would not be priority (and I can imagine this is violating at least the GDPR rules).
  11. Hi, Not sure if this is the right topic for this, but why does the consumer version (Smart Security) have options for anti theft, while the business products don't offer this feature? In most cases the data on business laptops are way more valuable for users than data on consumer laptops. It would be great if Endpoint Security could have Anti Theft which could be managed by ESMC and also is accessible for the laptop owner through https://anti-theft.eset.com
  12. Hello Martin, I have indeed tried to login with the credentials of one of the customers (with privileges to modify both reports and server tasks), but still the trigger goes with every threat detection in every Static Group.. I am thinking the Threat Event trigger is simply looking at a global threat log and ticks with every threat detection, not looking at where the threat is coming from. I wonder if that is true and if so, that log also contains information about where the threat was detected. Maybe the trigger works before "seeing" the infrastructure of the era and therefore does not know in wich Static Group the client is where the threat was detected? I have also tried to think about a way to get this managed with dynamic templates, but all my tries lead to a dead end. In my opinion, if I could work this out and could send the "technical" contacts of my customers a mail when a real threat is detected, this could help creating a kind of security awareness under my customers.
  13. Hello Marcos, Thanks for your response. The filtering of the Static group under the report template only filters the content of the report. It does not filter the server report task that runs when a threat detection has been logged. So when I use the Static Group filtering on the report template, it generates a report on every threat detection (in every Static Group), but will only show the threats detected of that specific Static Group in the report.
  14. Hello, I have set up ERA (6.5) in a multi tenancy way, so all my customers are connected through one server and every customer has it's own Static Group and login into the ERA Console. Now I wanted to have ERA generate reports automatically on detection of threats and mail these reports to the customer on the moment a detection is logged. Of course the report only needs to see the clients under the customers Static Group and the report task only needs to run when a detection is made under the Static Group of the customer itself. Creating the report was easy and that part works fine. The creating a report task however, is not working. When I create a report task that is triggered by threat detection, I cannot have it run on detection of threats under the Static Group of the customer itself. The task runs on every threat detection of every customer (Static Group). I have tried to workaround this by hanging the task under the customers Access Group and also I tried to workaround this by disabling the option "SEND EMAIL IF REPORT IS EMPTY". Still the outcome is not right. I specifically do not want to use the smtp settings at the customers site, because of the fact that I do not want to find out those specific settings everytime and the fact that the reporting task has the possibility to filter out the "threats" that are not severe enough to mention. Is there a way to have this functional and set up within the ERA environment, so I can send threat reports per customer (Static Group)? Any thoughts about this would be appreciated...
  15. Hello. I would also like to test the BETA version of ERA 6.5. Could you sign me up for this one?
×
×
  • Create New...