Jump to content

Dan Massameno

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by Dan Massameno

  1. MichalJ, I totally see where you're coming from. Requiring the ERA Agent to be knowledgeable of every Antivirus software on the planet would be impossible! May I suggest the following pseudo code that I suspect would catch 99% of the antivirus packages out there... 1. Does the OS report a antivirus app is installed? If yes… 1.a Is it the built-in OS antivirus (e.g., Windows Defender, or Windows Security Essentials?) If yes, return FALSE. 1.b. Otherwise, return TRUE. <<One would hope this would catch just about everything. :-) 2. Does the list of installed applications on the machine match anything on the OPSWAT list? If yes, return TRUE. This is a finite list so it should be easy to check against. 3. Does the list of installed applications match anything know by ESET developers to not be an OS-recognized package and is not on the OPSWAT list? If yes, return TRUE. 4. Otherwise, no known foreign antivirus software exists. Return FALSE.
  2. Bundled tasks would be a useful feature. Bundling the remover and the EES installer would be something I would do. But it still would be nice to have a Dynamic Group Template to identify Foreign 3rd party antivirus. Maybe the removal process didn't work. In which case it would be nice to have a report or dynamic group to show the administrator what machines need manual remediation.
  3. I don't know what the "symbols" are that you are referring to. I was referring to the Dynamic Group Templates (DGTs) in ERA Server. Screen shot attached. For example, Functionality/Protection problems, Functionality/Protection Status and Functionality/Protection Status of computer all have a of subclass "Status" (see screen shot.) The available options to match on for all three items are Malfunction, OK, Security notification and Security risk. It seems like these are complete duplicates of each other and would (probably) produce the same result.
  4. For instance, Functionality/Protection Status of computer has the subclass Status. Functionality/Protection Status has the subclass Status and Source. Functionality/Protection problems has the subclass Status and Source and Problem and Feature. It seems like Functionality/Protection problems came along later in the evolution of the product and makes the other two obsolete.
  5. Yes. I know that's how you need to do it now with ERA 6.4. I'm asking if this is a great idea for an enhancement to a future version of ERA.
  6. I'm a VAR and I walk into a a number of sites where the management of the IT systems is a little "haphazard," to be kind. :-) The method from MichalJ would work if all the machines in the organization had one particular 3rd party antivirus app installed. That assumption breaks down quickly when you find out that the machines out in Shipping Department have Kaspersky installed. OK, well you might have been able to identify that if you ran a report on all apps installed across all machines and manually looked through a huge list and said "ah ha! Kaspersky" and added it to the filter. Then EES fails to install on all the Human Resources machines because they had FRISK installed. What!? Who the heck is FRISK? I would not have even recognized that from the huge list if I had looked through it. (Link provided, just in case you think I'm making this up.) All these 3rd party foreign antivirus software vendors would be identified by my proposed Dynamic Group Filter. Then the ERA administrator could identify these machines and take the appropriate action. Maybe he would just run the ERA OPSWAT removal tool. Failing that maybe he would physically go to the machine and do manual remediation steps. These are all valuable steps if we want the EES product installation to go smoothly. Thoughts?
  7. This seems like a good area to request a feature enhancement (ERA v6.6). To detect if any antivirus is installed I can use: Functionality/Protection problems-Feature NOT-EQUAL Antivirus That will trigger TRUE if something is installed, including EES or Defender or other 3rd party app (e.g., Symantec), I can use Computer-Managed Products Mask To detect if it is a ESET product is installed. None of these existing filters get us to what we want. We want to know if a 3rd party app is installed. I think we need a dynamic group filter named Foreign Antivirus Installed. It will trigger TRUE if Symantec, Panda, Norton, Vipre, AVG, etc. are installed (anything other than Defender or Security Essentials.) We could then use that dynamic group filter to create a dynamic group and then trigger the OPSWAT removal tool. If the removal is successful the computer will drop out of the dynamic group and it will be ready to get ESET installed. Does that sound like a reasonable feature enhancement request for ERA 6.6? Thanks.
  8. The Functionality/Protection problems dynamic group template seems to have all the settings and more of the Functionality/Protection Status template and the Functionality/Protection Status of computer template. Is the Functionality/Protection Status template and the Functionality/Protection Status of computer template legacy templates from prior versions of ERA? If yes, now that we have ERA 6.4, should we just stick with the newer Functionality/Protection problems template and ignore the other two? Thank you.
  9. How can I setup a Dynamic Group Template to identify machines that have no antivirus on them? I want to use this Dynamic Group Template to identify those machines that are ready to get ESET Endpoint Security installed. I want to exclude machines that have Symantec, Panda, Norton, Vipre, AVG, etc. installed (they need remediation steps before I have the ERA Agent install EES.) Thank you.
  10. Are all Dynamic Group Templates sent to the remote Agent, or just those that are used by ERA to categorize computers into existing dynamic groups? The reason behind the question is (to use an example) if I have one-hundred Dynamic Group Templates but only five of them are used to assign computers to Dynamic Groups, are all one-hundred downloaded and evaluated by the remote Agent? If yes, that might cause a slow-down of the client. Maybe I should work to eliminate unnecessary (unused) Dynamic Group Templates from the ERA Server. Thank you.
  11. I'm using a Client Task for uninstallation of "Third-party antivirus software (Built with OPSWAT)". Is this designed to remove/disable the Windows built-in antimalware (Defender or Security Essentials)? I'm finding that it does not and I'm wondering if it was designed to only remove 3rd party apps, or it's a bug, or I’m doing it wrong. Thank you.
  12. In March of 2015 the ESET agent Timos gave some insight on how computers are processed into Dynamic Groups: That's very interesting information and it helps me understand what's going on. But how can the administrator troubleshoot this process? I have some computers that don't seem to be getting into the right dynamic group. Can I enable some logging in the Agent to see: 1. What dynamic group templates are sent to the Agent when it last connected. 2. How did it process these dynamic group templates? What was the result (either they are in our out of each one)? 3. Did it send the resulting set of dynamic group memberships to the ERA server at the next connection? Basically, I'm looking for a way to troubleshoot the process when something does not behave in the expected way. Thank you.
×
×
  • Create New...