leviu

I have created a policy for Windows endpoint products to block external USB devices. In the policy there 2 rules in order (top to bottom): allows RW to USB storage device for a specific AD group Second - block access to USB storage devices outright The AD group has been added via the the synced groups from AD into ESMC. The questions (TL;DR): what resolved security context for a user belonging to an AD group for ESET Device management? What actions does an admin need to perform after adding a user to the AD exceptions group to force the workstation to allow the user to access USB? There are seemingly 3 options: 1. ESMC server - after a a server task of syncing that group (i.e. there is a cache as to who belongs to that group). 2. ESMC server - by request of Endpoint Product (unlikely IMO), 3. ESET Endpoint product (or Agent) - via currently loaded security context After some tests it seems like option 3 is most likely. I definitely did not touch the server sync task in ESMC, which triggers every day only. After a combination of logging off/logging in and sending wake up calls to the workstation via ESMC the USB storage permissions were updated per the changes in the AD group. I just can't seem to narrow down exactly what forces the security context update for ESET Endpoint Antivirus's Device Control. All testing done applying policy to a single domain joined workstation and using the same domain account. ESMC server version: 7.0.577.0 Endpoint product version: 7.1.2053.0 ESET management agent version: 7.0.577.0

Thanks V2TW for confirming my assumptions =). Would there by any point in placing the same update server configuration in the policy? Not sure how would I client loose that though...

Hi! I have ERA 5 deployed with Endpoint Antivirus 5 by all of the clients I manage. I am attempting to understand the difference between: Configuration associated with the installation package I have deployed and re-deploy for client AV upgrades Policy settings Both seem to be essentially the same XML, but it isn't clear to me when each one is applied. My primary concern are the settings for updating virus signatures. 1. The package configuration gets deployed initially with the package and never again? 2. If I update the configuration of the installation package does it propagate to all of the clients that used this package? 3. Does policy override any package configuration after installation? Thank you, ~levi