Jump to content

Mirek S.

ESET Staff
  • Content Count

  • Joined

  • Last visited

  • Days Won


Mirek S. last won the day on October 31

Mirek S. had the most liked content!

Profile Information

  • Gender
  • Location
    Czech Rep.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Mirek S.

    Install APK remotely

    Hello, Currently, the option to install applications is not implemented in EESA (Android), only for iOS devices. Also, the requirement for this to work would be placing of such APK on HTTP(s) server, SMB (file:// protocol) will never be supported for mobile applications. We will add this as an improvement into the backlog.
  2. Mirek S.

    IOS MDM licence with ESMC

    Currently, there are no other options (other than per-device activation). In the future, we might consider volume licensing which in my opinion would be more appropriate for iOS devices. You may also drop an improvement request here. HTH
  3. Mirek S.

    IOS MDM licence with ESMC

    Hello, Licenses for ESET Endpoint Security for Android should work with iOS devices. MDM does something we call on-behalf-of licensing in this case, where it keeps licenses on MDM instead on devices itself as we don't provide application for iOS. Please note that iOS does not support offline licenses (Android now does) https://support.eset.com/kb3598/ HTH
  4. Mirek S.

    Dismiss APNS alerts

    Hello, iOS related protection states start to be reported when iOS device browser connects to enrollment endpoint (9980) with valid authorization. Currently there is no UI way to dismiss those I'm aware of, however, you may rewrite to 0 (or delete) "configuration.IosConnected" from "keyvalue" table in MDM database. (while MDM is down as these values are cached). If this persists or returns even with no attempted iOS enrollments please raise a support ticket as above is described way is how it was designed, not necessarily how it was implemented. HTH
  5. Hello, HTTPS certificate can be changed via MDM policy and process is for 7.X same in Windows and Linux installations. You probably refer to certificate chain installation into windows certificate store, this is not required on Linux or 7.X Windows as we changed TLS implementation from native to ours. Please be aware of certificate requirements for iOS (ensure that issuer you buy the certificate from has required attributes) https://help.eset.com/esmc_install/70/en-US/mobile.html specifically, SHA-256 signature is required, other requirements are met by MDM 7.X https://help.eset.com/era_install/65/en-US/certificate_mdm_https_requirements.html specifically, hostname properties Apple devices are picky about certificates and it's better to ensure hostname is present as DNS name in Subject Alternative Names extension _and_ as Common Name certificate requirements for MDM 7.X from 7.X we require root CA certificate inside configured pkcs12 (pfx file), we use CA certificate to install trust onto devices. you can import issuer root CA certificate into pkcs12 via OpenSSL or other tools, issuers typically don't include root CA certificate in pkcs12 they provide. HTH
  6. Yes. APNS certificate is MDM configuration and thus must be assigned to device MDM is installed. HTH
  7. Hello, Recommended is to leave registry as they are for now. Upcoming service release should correct issues caused by the previous version. Specifically installations affected with 7.0 version being installed while being reported as 6.X from installer point of view - upgrade will update installer registry to match what is really installed. both 6.X and 7.0 version being reported as installed - upgrade will remove both previous versions For upgrade to succeed previous version(s) installation package file is required. We backup installation package within Agent. Windows backups currently installed applications packages in windows specific directories. Original location (from where installation was run) is also used to find msi package if previous lookups failed. For GPO deploys it's therefore recommended to keep previous packages(s) on distribution point and only add new versions instead of replacing them. For those potentionally affected by missing installation package, it's possible to select those in installation UI mode. HTH
  8. Sorry, I forgot users are not allowed to download attachments. For the time being please PM me for the tool (it will be part of next hotfix release) Thanks in advance.
  9. Mirek S.

    Upgrade from 5.x to 7.x

    Hello, EsetCloudAdministrator is limited to 250 devices so it's not an option You can use now. Best migration scenario depends on your requirements. Do You have ERAv5 servers connected in a hierarchy? Is downtime in monitoring acceptable? Is appliance preferable deployment? Are you using parametric groups? - You will need to re-define those as we don't support migration. You might want to play with v7 a little before migrating. Do you require historical logs migrated? Do you require policies migrated?
  10. Hello, We are currently investigating the issue to determine the best solution and cause of this issue. We would appreciate the output of diagnostic tool (dumps installer registry related to Agent). In attachment is a new version of the diagnostic tool and .bat file which runs the diagnostic tool with required parameters. Please PM me resulting registry dumps (preferably from several computers so we have greater statistics) Thanks in advance Diagnostic.Agent.
  11. Mirek S.

    ESET MDM and IOS 12

    Can You PM me your MDM site if it's visible to the world? There are other pre-requisites (PFS cipher suites in 6.X this depends on OS/openssl version, etc...)
  12. Hello, Activation via ESMC/ERA should work. More information on why it failed should be present in Agent logs. That is please create a support ticket (or PM me Agent logs in trace severity from the time of attempted activation)
  13. Mirek S.

    ESET MDM and IOS 12

    ERA 6.5 AFAIK has the ability to create sha256 signed certificates. (but You will need to enable advanced security) In the end safest bet when it comes to iOS devices is purchasing a trusted issuer certificate as trust is pre-installed on the device. 99% iOS enrollment issues are due to not established trust between MDM and device, then it's just about finding out which criterium was not met. We'll be putting up KB with pre-requisites as there are more of them, I will post a link here when it's complete.
  14. Mirek S.

    ESET MDM and IOS 12

    No, it's just one of the ways how to generate a valid certificate which will be trusted by iOS 12. (and based on your logs you meet other preconditions) Your other options are * create certificate manually (however it must be either self-signed or signed by ERA CA in MDC versions prior to 7) * purchase a certificate from an official authority which is trusted by iOS implicitly. 1) Please also ensure when You about to set this certificate to MDC it contains root CA. In version 7 we require this as we no longer use system dependant TLS layer (so You save yourself some work when upgrading) 1) https://support.apple.com/en-us/HT204132
  15. Mirek S.

    ESET MDM and IOS 12

    Hello, Apple changed security requirements for iOS 12. However what would most customers be affected with is certificate signature algorithm requirements (server certificates with SHA1 signature are no longer accepted) With ESMC (when advanced security is turned on) You can create such a certificate and then run a certificate change process on MDC. HTH.