[ERA 6 rogue detector - false +ve mark as safe?]

Yes finally got there. This is really not the most friendly piece of software. Would be so much easier if we could select the addresses from the RD report and mark them as safe.

[ERA 6 rogue detector - false +ve mark as safe?]

OK I have moved the ip address I want excluded to the "blacklist", however 12 hours later and the dash board still shows my cisco firewall etc. as a rouge computer.

 

I have stopped the service, renamed the "dectectedmachines.log" and restarted. I have forced a refresh on the console and I still have the false +ve "rouge" hosts showing.

 

What do I do now?

[ERA 6 rogue detector - false +ve mark as safe?]

I found the correct section, but not sure about the tooltip. Usually a "whitelist" are for hosts that are OK, but given the tooltip I'm not sure if I should put the false positives into the whitelist or the blacklist.

 

Is it me or does the tooltip (attached) read almost opposite to how you would expect it to work?

 

No doubt next time I'm at the server I'll see if my whitelisting is helpful.

 

 

[ERA 6 rogue detector - false +ve mark as safe?]

Configuration of Rogue Detection sensor contains black/white lists -> therefore you may modify it using configuration policy and they will be ignored.

 

 

How about telling me where I can do this?

[era v6 select targets for scheduled scan - details needed]

I want to create a daily scheduled task to scan particular directories (including sub directories), but I can't seem to find any documentation on this.

 

I have had a guess (see image attached).

 

So what I want to do is scan both "c:\users" and "d:\users" including subdirectories.

 

Is what I have put in the screen shot correct?

 

regards

 

Roga

[ERA 6 rogue detector - false +ve mark as safe?]

Is it possible to mark mac addresses as "safe" if they show up in rogue detector. It seems network switches and hardware routers are identified as "rogue" as they have mac and ip addresses on the network, but of course for AV purposes they are safe.

 

regards

 

Roger

 

 

[can't import web certificate into IE on server 2008r2]

If you do not see the Install Certificate option close IE7 and then right click on IE7 and choose run as administrator and load the page again.

 

 

Yes that worked for IE 11, thanks for the quick and helpful response

[can't import web certificate into IE on server 2008r2]

I've just installed ERA 6 on a 2008r2 domain controller. When I open the web interface in IE 11 i get a "cerificate error".

 

When I try and import the certificate the usual button to install are greyed-out, see attached.

 

How can I import the certificate to stop me getting an "unsafe website" when I start the web managment console?

 

regards

 

roga

[How can I see result of (merged) policies for endpoint?]

Go to the webconsole, click on the computer entry you would like to kniw this for, in the context menu click "details". And second tab shoul contain list of applied (reported by agent during last replication) policies and possibility to request/view configuration.

Ah yes solved, thanks.

[How can I see result of (merged) policies for endpoint?]

You need to open client details popup, and in the configuration tab you will see the list of applied policies. You can also request final (merged) configuration from the client.

Is the client details popup something on the ERA server? if so please give me idiot instructions on how to find it. (I had a good look but couldn't find it).

 

Or are you saying that I need to log into the client machine to see this?

[How can I see result of (merged) policies for endpoint?]

I have created a number of static and dynamic groups in ERA v6 for both ESET Endpoint Antivirus and Eset File Security. I have applied polices to the groups.

 

When I go to the "details" for an individual endpoint, it tell me that "Applied Policies Count: 7", however it doesn't tell me what those policies are. If I then go to "manage polices" for that endpoint, there is no information about the applied policies.

 

So how do I find out what policies (and their settings) are applied to a particular client in ERA?

[Do proxy servers act as software repositories? (ver 6)]

I just posted at the end of this thread the result of my rollout

[install AV by msi & GP at remote offices with era 6]

I have now finished my deployment to a main central office and 4 branch offices connected by slowish VPN, this is my first install of V6 (have been working with ESET ERA previous versions for a number of years). In this case there was a migration from Symantec Endpoint Protection (clients and servers) to eset endpoint and eset file security. We have about 60 endpoints.

 

Once I understood that deployment of endpoint protection was from an internet resource (rather than ERA server) I decided to try and use the ERA to uninstall the old SEP, and then install eset.

 

Agent install worked in over 95% of all cases, not perfect but good enough, I had to do a couple of manual installs, which was quite easy.

 

SEP uninstall worked in about 90% of cases, there were a few I had to manually install.

 

Eset endpoint and File Security install was not quite as successful, worked in about 80% of cases, and not really easy to find out why it had failed. I ended up manually installing on the failed 20%

 

In my case I think it might have been better to have installed via group policy on the remote sites (as previous SEP was via group policy and I might have had an easier time using group policy to migrate), but there is not enough clear documentation for this.

 

I would like to see more helpful troubleshooting when rollouts via ERA have failed.

[Do proxy servers act as software repositories? (ver 6)]

 

(I am assuming that the main era server holds a copy of the packages and then pushes these to the clients)

 

Actually this assumption is not correct. Package to be installed by software installation task is downloaded on client machine, by AGENT itself directly from internet ESET repositories.

Thanks for that, looks like I don't need to think about setting a mirror or proxy on the remote sub-net as they do have decent internet download capability.

[Do proxy servers act as software repositories? (ver 6)]

The purpose behind my question is trying to workout the best way to do a push install of EAV & EFSW to remote sites which have a limited bandwidth vpn connection to the central site, however they do have a reasonable general internet connection.

 

If I was to set up a proxy ERA server would that also act as a proxy for push install, i.e. would the software also reside on the proxy server so that e.g. the subnet that the proxy was serving would receive its packages from the local machine?

 

(I am assuming that the main era server holds a copy of the packages and then pushes these to the clients)

 

Alternatively I see that there are policy settings for "Install by direct package URL" could this point to repository either in the cloud or a machine in the local subnet?

 

regards

 

roga

 

 

[install AV by msi & GP at remote offices with era 6]

 

1) Yes it is possible, just look at my attachments. The trigger is pretty easy. Just create a software installation task and later on chose "Run on", select the dynamic groups and choose the "Joined dynamic group trigger" trigger.

2,3) We have also some small remote sides with only up to 5 people and slow VPN connections but the enrollment went quite well. The agent was distributed via our software deployment and the client via the automatic installation task of the dynamic groups. On the bigger remote sides I have installed an ERA Proxy.

Unfortunately I don't know how the enrollment via GP is working and if the installation files are distributed from the local proxy or from the main ERA server.

 

Maybe some ESET member can answer this question.

 

Thanks for your help Palps, I have managed to get the agent on all of the machines, so perhaps I will try out the dynamic group at one of the sites and see how that goes. It would be good if the all of the task can be done by ERA.

 

regards

 

roga

[install AV by msi & GP at remote offices with era 6]

Hi Palps

Thanks for your reply.

1) Could you give me a link for the dynamic group & assigned task? Would it be possible e.g. to differentiate between windows servers and win 7 machines?

2) I did a test to try and install EFSW to a remote machine over a vpn. The task failed (twice) although the agent installed OK over the VPN. I thought most likely the agent is a smaller payload than the AV. I ended up installing EFSW manually which the agent then picked up.

 

I have some branches with each with a win server and a number of win 7 clients which are linked over a slow VPN. I thought it would be easier to install the av locally by GP and then manage from agent. How succesful do you think it would be trying to install say 25 win7 clients over a slow VPN?

 

3) Another thought is to have proxy servers at the remote sites, but would a deployment via ERA come from the proxy server on the local subnet or the main server at the central office?

[install AV by msi & GP at remote offices with era 6]

Thanks ESET Staff for you advice about the agent.

 

Can you tell me if installing the products (Endpoint Anti-Virus v6 and File Security v6) by msi and group policy will work? i.e. is all I need do to roll out the msi via group policy to the clients? Do I need to any xml or transform files?

 

regards

 

Roga

[install AV by msi & GP at remote offices with era 6]

I have some remote offices and would like to install EEAV & EFSW v6 to windows clients & servers, and have them managed by ver 6 ERA. The remote offices are on different subnets and connected by VPN, but are linked by standard copper wire internet, so not a very fast connection.

 

I have created a bat file to install the agent locally and then link to the central office ERA, but I don't think there is enough bandwidth to install EEAV & EFSW to the clients.

 

However I can get the msi files locally. If I was to use group policy to install the msi files, would the agent then automatically turn them into managed machines?

 

If I was to try and install the v6 msi files via group policy, would they run OK without any extras? (I don't think you use xml any more on v6)

 

regards

 

Roga

[Is it best to use ESET File Security for Microsoft Windows Server on a TS\RDS?S]

I have a windows 2008 remote desktop server (terminal server). Currently it has NOD32 AV 4.2.76.0

 

Given its role, and that it is running ms office etc, is there any reason for me to change to ESET File Security for Microsoft Windows Server, which looks like it mostly deals with file server, dc etc.
 

I suspect that EFSMWS won't be so good with email filtering (outlook as exchange client) and similar.

 

Any thoughts?

 

regards

 

roga

[Eset Endpoint Security 5.0 anti-spam confuses outlook 2013 rules]

I've given that a try, but I haven't had enough data yet to see if that has solved the problem

[Eset Endpoint Security 5.0 anti-spam confuses outlook 2013 rules]

I have just installed Eset Endpoint Security 5.0.2237.0 in windows 7 with outlook 2013.

 

If anti-spam is running, some outlook rules fail on incoming mail. If I run the rules on the inbox they work OK. If I disable eset anti-spam they work OK.

 

Any idea how to overcome the problem?

 

 

regards

 

Roga

[What is the best product for a Remote Desktop (terminal) Server]

Should I use "ESET File Security for Microsoft Windows Server" or "ESET Endpoint Antivirus" on a 2008r2 Remote Desktop (terminal) Server?

 

I ask as it seems that EFSMWS is optimised for file server and domain controller. Would it also be best for a terminal server?