Jump to content

ludolf

Members
  • Posts

    41
  • Joined

  • Last visited

Everything posted by ludolf

  1. Hello We are using Eset Protect (Server) Version 8.1 (8.1.1223.0). A hotfix has been released 2 days ago (ESET PROTECT 8.1.13.1), but it hasn't popped up yet, no "Update product" menu item. The server already has been restarted some times. How can we trigger this update notification? thanks, Vilmos
  2. I can confirm, we had the same issue. We are using Eset Endpoint Security 8.0.2028 Business. Web Control / Phish/Fraud category rule blocked some corporate and some public websites. Currently I cannot reproduce the issue.
  3. by giving out the password (even if that password is different then the general one), the user will be able to change the other settings. The expected behavior would be that user able to pause only the firewall, and not be able to change any other setting.
  4. Thanks for the reply. I'm sorry to hear that.
  5. Description: "Pause Firewall" permission with policy Detail: Client settings are locked down with password. The user ocassionally needs to disable/pause firewall, but we don't want to give out the password, just for this function. Also don't want to give to the user the possibility to change any other settings on the client.
  6. Hello We have ESMC 7.2.1266.0 on the server and EES 7 on the Windows 10 client. The user has local admin permission, but he only uses it as "run-as administrator". He doesn't log into the computer locally with the admin user. The EES settings are locked down with password. We would like to give a permission to the user: "Pause firewall", without giving out the password for the access setup. Setting a different access setup password for that computer is not a solution, because by doing that he could change the other settings also. How can we achieve this? thanks, Vilmos ps. I opened this question in this topic, because it seems that it's policy related
  7. here: ESMC, select policy (product: Eset File Security for Windows Server), Detection Engine, Processes Exclusions, Processes to be excluded from scanning
  8. Description: ability to export folder exclusions from ESMC policy Detail: to migrate exclusions from one policy to another
  9. Description: ability to add process path containing environment variable: Detail: in ESMC policy, add process exclusion %systemroot%\System32\Vmms.exe doesn't accept, "Invalid value" c:\windows\System32\Vmms.exe this works +1: same value can be added multiple times
  10. Description: change behaviour of adding new file/folder exclusions #4 Detail: in ESMC policy, adding folder exclusions c:\test\* works c:\test*\* doesn't work, "invalid path"
  11. Description: change behaviour of adding new file/folder exclusions #1 Detail: I need to exclude all *.mdb files in c:\test and all subfolders Currently I can exclude *.mdb files only in the top folder (c:\test) but not in the subfolders Description: change behaviour of adding new file/folder exclusions #2 Detail: I would like to exclude all *.vhdx files, but without specifying folder/drive (ESMC says when setting this in policy: "Invalid path") If I type "\*.vhdx" into the field, I can save it, but if I scan a test file manually, the log file still shows: "Number of scanned objects: 1", so the exclusion doesn't work. Description: change behaviour of adding new file/folder exclusions #3 Detail: if I import a txt file which contains correect and incorrect folder exclusion, ESMC says: "Not all input data have been imported". And it imports the list partially, but doesn't show the not importable item(s). It would be nice, if ESMC show a message with the incorrect, not importable items.
  12. I understand that this issue doesn't exist at you, which is good. When I experienced this issue and restarted the service: - the clients reported back to the server - got the modified policy - email notifications are sent out Instantly. Nothing changed, fw, configuration, etc. Only the service has been restarted. This can be a bug in eset service or incompatibily between the OS and eset service. But I couldn't debug this, the debug log is not enough, or just don't understand some messages which could be relevant. If I could help to solve this, I would be the happiest.
  13. - here is no third party plugin - also eraserver.exe process cpu utilization is ~50%, when the issue happens - clients don't seem to able to connect to the server (not all, but almost all), last connected time is the same hour, minute, second - clients don't get the modified policy on the servers, configuration tab shows "older" instead of actual (just a proof for the previous line) - notification emails are stuck on the server, until the next service restart Restarting the service solves all the above issues. I have no doubt, that the problem is with the service.
  14. Same here, waiting for fix. Scheduled service restart works as a workaround.
  15. I mean, I requested the actual policy in ESMC and I saw it differs from what configured for that client with policy. Today issue: EES 7.0.2073.1, esmc components upgraded, and on the client got this error in chrome: "Your internet access is blocked. etc. ERR_NETWORK_ACCESS_DENIED" The issue has gone after some minutes without changing anything in the policy.
  16. Similar issue today: client: EES 6.6.2052 Policy fixed (Not categorized->custom category group) And the client didn't apply correctly the policy. When I requested the current configuration, it showed the "Not categorized" category instead of the custom one. Tried to: - switch off the rule. It has been switched off on the client - create new rule with the custom category group. Client received this new rule, but still with the "Not categorized" group - created new custom category group, nothing - updated security components on the client, nothing Finally upgraded the security product to EES 7, and it works fine. Until now only one client was affected.
  17. Description: don't send notifications to all configured recipients Detail: we have 3 static groups: group1, group2, group3 All of them are maintained by different admin teams. For this reason we configured 3 notifications: Access group: group1 -> "threat notification" -> send email to group1@domain.com Access group: group2 -> "threat notification" -> send email to group2@domain.com Access group: group3 -> "threat notification" -> send email to group3@domain.com If an alert triggered in a group, all 3 groups receive an email about it. Only the affected group should to receive the email.
  18. Hello Before the upgrade: - ERA 6.5 - webcontrol is enabled in two policies - created category group: "Torrent", selected some predefined urlgroup - created rule: "Torrent (block)", type category based. URL/category: "Torrent" (as above) Did the upgrade to ESMC 7 the URL/Category value changed to "Not categorized" and blocked some internal websites This happened after the upgrade, the policies haven't changed by us, and this occured in two policies, symptoms are the same. Unfortunately I couldn't reproduce this, maybe somebody could confirm. BR, Vilmos
  19. MichalJ, thanks for the answer. Audit log filter: for example somebody changed a server setting and broke a feature by doing this. I know what has been changed, but currently I cannot filter to it. If I could to filter, I would know who changed it, and ask him why did it.
  20. Description: possibility to export webcontrol/url groups/addresses Detail: possibility to export webcontrol/url groups/addresses. Usage example: ERA/ESMC used for more groups (more admin teams), with similar policies, and a group needs an existing url group in a separate policy . Export/import would the elegant way to migrate url addresses.
  21. Description: more details in audit log Detail: Reports/Audit log. If somebody modifies a policy, only one event added to the Audit log: "Modifying policy xxx" it would be nice to know more. What settings have been modified and before and after values.
  22. Description: more granulate audit log filter Detail: Reports/Audit log. If I would like to search for a specific setting ("who changed it"), I have to scroll down from page to page, or use CTRL-F Please add possiblity to filter string in "Action detail" column.
  23. Hello Eset endpoint security for MAC (latest version) is installed, which is managed by remote administrator. User has root privileges. How would you protect the agent+product from uninstalling? thanks, Vilmos
×
×
  • Create New...