pps

Members
  • Content count

    31
  • Joined

  • Last visited

  1. Hello Marcos, Thanks for the prompt reply. The problem is not on the dat files in the eScan folder but eset that stills using them by reading them non stop. The difficulty is that there is no way to tell for this issue before the user reports the slowdown in his workstation and also it is time consuming to inspect all the workstations one by one if the dat files exist in the Logs folder. There is some option from inside ERA console that clear automatically this log files? Is there any option to stop eset from using this files (on demand logging is disabled), if yes what will be the drawbacks? PS: It seems that the eScan folder is used not by the antivirus but from the firewall ( I cannot rename it until I passed the firewall) Thanks, Peter
  2. Hello, I used the resource monitor of windows task manager and find out that workstations have 100% read utilization on the dat files inside folder c:\ProgramData\ESET\ESET Endpoint Security\Logs\eScan. It seems that eset for some reason is keep reading the files as result workstations have 100% read utilization. The most files are from October of 2017 and I don't see the reason why eset uses them. a)How I can stop eset from using these files, which setting it is from the ERA console? b)What is the purpose of this dat files and why eset is still using them? PS: Setting in Antivirus -> (Real-time file system protection / On-demand computer scan / Idle-state scanning /Startup scan /Document protection) -> THREATSENSE PARAMETERS -> OTHER: Log all objects is disabled by the policy. PS2: Setting in Web access protection -> Log all objects is disabled too. PS3: As a temp workaround workstation I renamed the eScan folder to eScan.old Thanks, Peter
  3. Description: Unprotected WiFi Message - Captive portalDetail: In our company we use a wifi network with captive protal (we enter the user and the password in a web browser page). The endpoint client warns about unprotected Wifi. Is there any way from ESET Remote Adminitrator to supres s that message or exclude the warning for the specific network SSID? Description: Capability to Remote manage one computer settingsDetail: Should we have the option to remotely manage real time a specific setting in ESET Endpoint Security. Until now we must Request configuration to see what eset settings the workstation has and then to run a client task to change the setting that we want and the change is no real time. Thanks, Peter
  4. Description: Add sorting in Firewall rules Detail: Sorting in Firewall rules when clicking the header (for example If you click Action then there will be sorting the rules by Action ASC and if you click again by ction DESC) Description: Every Rule has a number Detail: Every rule should be identified by a number, if a rule number is smaller from another that means that this rule is applied first. Description: Separator between firewall rules Detail: If you want to seperate the rules depending per application or per suite (office, adobe) or per use (rdp, teamviewer, ammyy ) then you should have the capability to use seperators before and after each group so they can be more easy to read. It will be even more interesting if you can expand and minimize each application group. Thanks, Peter
  5. Description: Capability to force stop frozen tasks This is in the backlog. What do you mean by “frozen” ? (does it happen to you, that tasks got stuck in some state – running?) Explanation: Many of my tasks are been frozen such as an endpoint push to a few dozen workstations (for example see topic: Server Task Status is Running but no ongoing progress) Description: Capability to use 'group by' in reports This is being continuously added. Are there any specific symbols, that you would like to use for “group by” ? Explanation: For example I have the same antivirus threat in 20 workstations and I need a report or view that says I have this threat name and 20 occurrences. The same logic applies better in the firewall because there are ten of thousands of FW events. In FW I want to extract the DINSTICT processes from all workstations and the total count that they appear. Description: Capability to clean the quarantine older than X days or Y weeks Does this mean, that you would like to basically schedule a task for “quarantine cleanup” for files older than XY Days? Would it be acceptable to have this as a policy setting? Explanation: That will be okay too. Description: Firewall Learning mode directly from workstations Does this mean, that you want to “merge rules” from multiple workstations, and convert them into the policy for the rest? Or how this should work? Explanation: Forward learning modes from multiple workstations directly to ERA Console. From there we should filter DISTINCT rules from these workstations that we can allow or block. Description: Firewall in File security products This was never possible. What kind of a problem you are trying to solve, by using the “Endpoint Firewall” on the Windows Server system? Does it mean, they are not beyond some physical network FW or? Explanation: Without eset firewall in in windows server you cannot monitor which applications are allowed and which blocked from inside the ERA Console. Description: Smarter Firewall that can use files as samples and not paths Can you provide a bit more information about this. As I am not sure, what kind of a problem you would like to solve by this. Explanation: If we have the same executable (for example abc.exe) in many different paths (for example c:\abc.exe, c:\users\abc\abc.exe and etc) and in many workstations we have to use one rule for every different path. (see topic: Firewall rule with no application path but only application name) Description: Force restart of workstations for malfunctions or updates (like windows update) You have a task for that as of now. Or you can use the “run command”. In the V7 the issue with “not automatically performing reboot” after upgrade will be fixed as well. Description: Database clean up In V7, we will bring more granular options for database cleanup. However some of the tables, like TBL policies are not cleaned automatically. Why you want to remove them? Just to save the DB space? Explanation: Yes, the main reason is the DB size and the response in ERA Console. Description: Apache Tomcat 7 64bit instead of 32bit We will track improvement for that. Description: Folder creation in policies We will track improvement for that (AFAIK we have some, and there is a proposal by the UX team, but I will have to check) Description: Blocked webpage message in Web Control (asked already from another user) We will track improvement for that. Description: Workstation can have different policy from the policy in his group What do you mean by this? Workstation has only the policy, that is assigned. However, workstation might have multiple policies assigned, meaning it could have a different “resulting configuration”. Also, settings not set via policy are “accessible” to the user, so he is able to adjust them locally. We are planning to improve the readability of the policies screen in a way, that it will explicitly inform the end-user about from where a specific setting is set. We do not have a target version yet, but it´s being tracked. Explanation: For example an admin has made a change to a workstation1 and disabled the firewall then some other day has disabled the device control in some other workstations and forget afterwards to turn it on. Some time has passed and in a third workstation has disabled the initial scan and in another has disable the detection of potentailly unwanted application. So all four of them are in contrary of the ERA policies applied to the group that contains these workstations and should be an easy way to find out in dashboard and or reports. Secondly there should be an option through ERA console to force the above workstations to undo the setting changes and revert back to the one's of the policies .
  6. Description: Capability to force stop freezed tasks Detail: It would nice if we have the choice to force stop freezed tasks ----------- Description: Capability to use 'group by' in reports ----------- Description: Capability to clean the quarantine older than X days or Y weeks Detail: In client tasks we can make a quarantine management task but we can define only period with date "OCCURRED FROM" to date "OCCURRED TO" so before after each run we must redefine this dates. ----------- Description: Firewall Learning mode directly from workstations Detail: Instead of use learning mode in a few workstations and then manually import and then merge the rules in the ERA, it would be nice to have the option to select some workstations and learn from them automatically the rules. So the only job the admin job is to only block or allow the ports. ----------- Description: Firewall in File security products Detail: in the latest version you can't use endpoint security in windows server editions and if you need firewall you must use windows firewall ----------- Description: Smarter Firewall that can use files as samples and not paths Detail: Firewall can use a sample file to allow or block the connection ----------- Description: Force restart of workstations for malfunctions or updates (like windows update) Detail: Many times users don't restart their computers even if they see warnings that they need and the product can't work right ----------- Description: Database clean up Detail: In the database tables we can find unused entries of tasks, policies (tbl_policies) and etc. so it will be nice if we can run a task and delete them. ----------- Description: Apache Tomcat 7 64bit instead of 32bit Detail: Ability to change the 32bit (limit 1280MB of memory) Tomcat 7 to 64 bit with a few simple clicks. ----------- Description: Folder creation in policies Detail: User can create folder so he can store old policies for versioning and history puproses ----------- Description: Blocked webpage message in Web Control (asked already from another user) Detail: It would be nice to instead of plain text to add HTML so we can add images links and more. Also the company logo is way to small in the page. ----------- Description: Workstation can have different policy from the policy in his group Detail: Many times we have found that some workstations have slightly different policies from the policy that is used in their group. So can we monitor which computers have different policies if any and which options of the endpoint suite differ and all of that inside the ERA console? ----------- Thanks, Peter
  7. Hello Marcos, The above solution works like charm. Is there any way to get a notification in the ERA Console whenever the Application modified pop up appers to any of the eset endpoint workstations? Thanks, Peter
  8. Hello, We use Firewall in interactive mode and path based rules per application. Each time the ccmeval.exe updates (new tool in System Center 2012), all clients get the warning: Application modified: an application (CcmEval.exe) on your computer has been modified and now is trying to communicate with the network (screenshot attached). This is quite disturbing to the users because they need to provide password in all users for this change to take effect (once per week). 1.Is something wrong with the specific exe file? 2.Is there any way to stop getting this pop ups in the workstations? Thanks, Peter
  9. hello, If the same application exists in 400 different places 400 rules is not a manageable solution to use paths. Is it possible to identify the executable via hashing or something similar? thanks
  10. Hello, In our company we have about 100 users which each one has more than one installations in his pc of a specific application (appname.exe) and in many different paths. For example one user has C:\appfolder\appname.exe , C:\apps\appfolder\appname.exe, C:\apps\a1\appfolder\appname.exe a second one has C:\Appfolder\appname.exe and so on. So insted of 100+ rules for appname.exe we want to make only one firewall rule that includes all the above cases. Thanks, Peter