Jump to content

ludolf

Members
  • Content Count

    30
  • Joined

  • Last visited

Profile Information

  • Location
    Hungary
  1. ludolf

    ERA Agent V7 issues

    I understand that this issue doesn't exist at you, which is good. When I experienced this issue and restarted the service: - the clients reported back to the server - got the modified policy - email notifications are sent out Instantly. Nothing changed, fw, configuration, etc. Only the service has been restarted. This can be a bug in eset service or incompatibily between the OS and eset service. But I couldn't debug this, the debug log is not enough, or just don't understand some messages which could be relevant. If I could help to solve this, I would be the happiest.
  2. ludolf

    ERA Agent V7 issues

    - here is no third party plugin - also eraserver.exe process cpu utilization is ~50%, when the issue happens - clients don't seem to able to connect to the server (not all, but almost all), last connected time is the same hour, minute, second - clients don't get the modified policy on the servers, configuration tab shows "older" instead of actual (just a proof for the previous line) - notification emails are stuck on the server, until the next service restart Restarting the service solves all the above issues. I have no doubt, that the problem is with the service.
  3. ludolf

    ERA Agent V7 issues

    Same here, waiting for fix. Scheduled service restart works as a workaround.
  4. ah, didn't notice that option, it works, thanks
  5. Description: don't send notifications to all configured recipients Detail: we have 3 static groups: group1, group2, group3 All of them are maintained by different admin teams. For this reason we configured 3 notifications: Access group: group1 -> "threat notification" -> send email to group1@domain.com Access group: group2 -> "threat notification" -> send email to group2@domain.com Access group: group3 -> "threat notification" -> send email to group3@domain.com If an alert triggered in a group, all 3 groups receive an email about it. Only the affected group should to receive the email.
  6. MichalJ, thanks for the answer. Audit log filter: for example somebody changed a server setting and broke a feature by doing this. I know what has been changed, but currently I cannot filter to it. If I could to filter, I would know who changed it, and ask him why did it.
  7. Description: possibility to export webcontrol/url groups/addresses Detail: possibility to export webcontrol/url groups/addresses. Usage example: ERA/ESMC used for more groups (more admin teams), with similar policies, and a group needs an existing url group in a separate policy . Export/import would the elegant way to migrate url addresses.
  8. Description: more details in audit log Detail: Reports/Audit log. If somebody modifies a policy, only one event added to the Audit log: "Modifying policy xxx" it would be nice to know more. What settings have been modified and before and after values.
  9. Description: more granulate audit log filter Detail: Reports/Audit log. If I would like to search for a specific setting ("who changed it"), I have to scroll down from page to page, or use CTRL-F Please add possiblity to filter string in "Action detail" column.
  10. Exactly. If somebody change product accidentally and saves the policy, the settings are lost. This shouldn't be happen. If the admin selects a product within a policy, and change any setting, the product selection list should be disabled. After this, if the admin would like to point the settings to other product, he should to create a new policy. IMHO
  11. Hello Description: disable product change possibility after any settings have been configured in a policy Detail: imagine the following: - create a policy - change some setting - change product within this policy - save the policy In this case all of the previous settings are gone.
  12. Description: Notify about completed task execution Detail: It would be nice to have a setting on the new task creation page, to send an email to the task creator user, when the task is finished. The email could contain only a link to the task execution results, and maybe a summary about completion success or a successful/unsuccessful percent. Maybe if era is waiting for computers to be online, it could send reports repeatadly, containing the partial result, for example every 8 hour (or customizable intervals). Description: Sysinspector log viewer lists Detail: In ERA5 we could view the process list when clicked "Running process". And we could do some sorting for example company, to see non-usual entries for first sight. In ERA6 we only see the list of processes when open the "Running processes" tree. Same apply for "File Details". It would be nice, if we could see the items below these "subkey" and could sort them. Example situation: check processes/filedetails running from outside windows\programfiles folders.
  13. Hello Description: modify links in threat notification to unclickable Detail: admin/itsec receives plain text threat notification. He copies to another program, or forward as html. Receiver accidentally can click on the link (for example, when he tries to copy only the link). Computer name;Severity;Time of occurrence;Threat type;Threat name;Threat flags;Scanner;Scan log reference;Object type;Object URI;Action performed;Action error;Threat handled;Restart required;User;Process name;Circumstances;Virus signature database;Hash of detected file COMPNAME;3;2018-02-17 16:35:10;trojan;JS/Tivso.Gen;;HTTP filter;virlog.dat;file;hxxp://maliciouslink.com/?width=640&height=360;connection terminated;;1;0;USERNAME;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;;16920 (20180217);A7F533A141F411DBDBBC376F3F348E7B59925E11 replace bolded part to something like this: hxxp://maliciouslink.com/?width=640&height=360 (forum motor replaces correctly :))
×