pps

Hello, I used the resource monitor of windows task manager and find out that workstations have 100% read utilization on the dat files inside folder c:\ProgramData\ESET\ESET Endpoint Security\Logs\eScan. It seems that eset for some reason is keep reading the files as result workstations have 100% read utilization. The most files are from October of 2017 and I don't see the reason why eset uses them. a)How I can stop eset from using these files, which setting it is from the ERA console? b)What is the purpose of this dat files and why eset is still using them? PS: Setting in Antivirus -> (Real-time file system protection / On-demand computer scan / Idle-state scanning /Startup scan /Document protection) -> THREATSENSE PARAMETERS -> OTHER: Log all objects is disabled by the policy. PS2: Setting in Web access protection -> Log all objects is disabled too. PS3: As a temp workaround workstation I renamed the eScan folder to eScan.old Thanks, Peter

Description: Unprotected WiFi Message - Captive portalDetail: In our company we use a wifi network with captive protal (we enter the user and the password in a web browser page). The endpoint client warns about unprotected Wifi. Is there any way from ESET Remote Adminitrator to supres s that message or exclude the warning for the specific network SSID? Description: Capability to Remote manage one computer settingsDetail: Should we have the option to remotely manage real time a specific setting in ESET Endpoint Security. Until now we must Request configuration to see what eset settings the workstation has and then to run a client task to change the setting that we want and the change is no real time. Thanks, Peter

Description: Add sorting in Firewall rules Detail: Sorting in Firewall rules when clicking the header (for example If you click Action then there will be sorting the rules by Action ASC and if you click again by ction DESC) Description: Every Rule has a number Detail: Every rule should be identified by a number, if a rule number is smaller from another that means that this rule is applied first. Description: Separator between firewall rules Detail: If you want to seperate the rules depending per application or per suite (office, adobe) or per use (rdp, teamviewer, ammyy ) then you should have the capability to use seperators before and after each group so they can be more easy to read. It will be even more interesting if you can expand and minimize each application group. Thanks, Peter

Description: Capability to force stop frozen tasks This is in the backlog. What do you mean by “frozen” ? (does it happen to you, that tasks got stuck in some state – running?) Explanation: Many of my tasks are been frozen such as an endpoint push to a few dozen workstations (for example see topic: Server Task Status is Running but no ongoing progress) Description: Capability to use 'group by' in reports This is being continuously added. Are there any specific symbols, that you would like to use for “group by” ? Explanation: For example I have the same antivirus threat in 20 workstations and I need a report or view that says I have this threat name and 20 occurrences. The same logic applies better in the firewall because there are ten of thousands of FW events. In FW I want to extract the DINSTICT processes from all workstations and the total count that they appear. Description: Capability to clean the quarantine older than X days or Y weeks Does this mean, that you would like to basically schedule a task for “quarantine cleanup” for files older than XY Days? Would it be acceptable to have this as a policy setting? Explanation: That will be okay too. Description: Firewall Learning mode directly from workstations Does this mean, that you want to “merge rules” from multiple workstations, and convert them into the policy for the rest? Or how this should work? Explanation: Forward learning modes from multiple workstations directly to ERA Console. From there we should filter DISTINCT rules from these workstations that we can allow or block. Description: Firewall in File security products This was never possible. What kind of a problem you are trying to solve, by using the “Endpoint Firewall” on the Windows Server system? Does it mean, they are not beyond some physical network FW or? Explanation: Without eset firewall in in windows server you cannot monitor which applications are allowed and which blocked from inside the ERA Console. Description: Smarter Firewall that can use files as samples and not paths Can you provide a bit more information about this. As I am not sure, what kind of a problem you would like to solve by this. Explanation: If we have the same executable (for example abc.exe) in many different paths (for example c:\abc.exe, c:\users\abc\abc.exe and etc) and in many workstations we have to use one rule for every different path. (see topic: Firewall rule with no application path but only application name) Description: Force restart of workstations for malfunctions or updates (like windows update) You have a task for that as of now. Or you can use the “run command”. In the V7 the issue with “not automatically performing reboot” after upgrade will be fixed as well. Description: Database clean up In V7, we will bring more granular options for database cleanup. However some of the tables, like TBL policies are not cleaned automatically. Why you want to remove them? Just to save the DB space? Explanation: Yes, the main reason is the DB size and the response in ERA Console. Description: Apache Tomcat 7 64bit instead of 32bit We will track improvement for that. Description: Folder creation in policies We will track improvement for that (AFAIK we have some, and there is a proposal by the UX team, but I will have to check) Description: Blocked webpage message in Web Control (asked already from another user) We will track improvement for that. Description: Workstation can have different policy from the policy in his group What do you mean by this? Workstation has only the policy, that is assigned. However, workstation might have multiple policies assigned, meaning it could have a different “resulting configuration”. Also, settings not set via policy are “accessible” to the user, so he is able to adjust them locally. We are planning to improve the readability of the policies screen in a way, that it will explicitly inform the end-user about from where a specific setting is set. We do not have a target version yet, but it´s being tracked. Explanation: For example an admin has made a change to a workstation1 and disabled the firewall then some other day has disabled the device control in some other workstations and forget afterwards to turn it on. Some time has passed and in a third workstation has disabled the initial scan and in another has disable the detection of potentailly unwanted application. So all four of them are in contrary of the ERA policies applied to the group that contains these workstations and should be an easy way to find out in dashboard and or reports. Secondly there should be an option through ERA console to force the above workstations to undo the setting changes and revert back to the one's of the policies .

Description: Capability to force stop freezed tasks Detail: It would nice if we have the choice to force stop freezed tasks ----------- Description: Capability to use 'group by' in reports ----------- Description: Capability to clean the quarantine older than X days or Y weeks Detail: In client tasks we can make a quarantine management task but we can define only period with date "OCCURRED FROM" to date "OCCURRED TO" so before after each run we must redefine this dates. ----------- Description: Firewall Learning mode directly from workstations Detail: Instead of use learning mode in a few workstations and then manually import and then merge the rules in the ERA, it would be nice to have the option to select some workstations and learn from them automatically the rules. So the only job the admin job is to only block or allow the ports. ----------- Description: Firewall in File security products Detail: in the latest version you can't use endpoint security in windows server editions and if you need firewall you must use windows firewall ----------- Description: Smarter Firewall that can use files as samples and not paths Detail: Firewall can use a sample file to allow or block the connection ----------- Description: Force restart of workstations for malfunctions or updates (like windows update) Detail: Many times users don't restart their computers even if they see warnings that they need and the product can't work right ----------- Description: Database clean up Detail: In the database tables we can find unused entries of tasks, policies (tbl_policies) and etc. so it will be nice if we can run a task and delete them. ----------- Description: Apache Tomcat 7 64bit instead of 32bit Detail: Ability to change the 32bit (limit 1280MB of memory) Tomcat 7 to 64 bit with a few simple clicks. ----------- Description: Folder creation in policies Detail: User can create folder so he can store old policies for versioning and history puproses ----------- Description: Blocked webpage message in Web Control (asked already from another user) Detail: It would be nice to instead of plain text to add HTML so we can add images links and more. Also the company logo is way to small in the page. ----------- Description: Workstation can have different policy from the policy in his group Detail: Many times we have found that some workstations have slightly different policies from the policy that is used in their group. So can we monitor which computers have different policies if any and which options of the endpoint suite differ and all of that inside the ERA console? ----------- Thanks, Peter

Hello Marcos, The above solution works like charm. Is there any way to get a notification in the ERA Console whenever the Application modified pop up appers to any of the eset endpoint workstations? Thanks, Peter

Hello, We use Firewall in interactive mode and path based rules per application. Each time the ccmeval.exe updates (new tool in System Center 2012), all clients get the warning: Application modified: an application (CcmEval.exe) on your computer has been modified and now is trying to communicate with the network (screenshot attached). This is quite disturbing to the users because they need to provide password in all users for this change to take effect (once per week). 1.Is something wrong with the specific exe file? 2.Is there any way to stop getting this pop ups in the workstations? Thanks, Peter

hello, If the same application exists in 400 different places 400 rules is not a manageable solution to use paths. Is it possible to identify the executable via hashing or something similar? thanks

Hello, In our company we have about 100 users which each one has more than one installations in his pc of a specific application (appname.exe) and in many different paths. For example one user has C:\appfolder\appname.exe , C:\apps\appfolder\appname.exe, C:\apps\a1\appfolder\appname.exe a second one has C:\Appfolder\appname.exe and so on. So insted of 100+ rules for appname.exe we want to make only one firewall rule that includes all the above cases. Thanks, Peter

Thanks Martin, I get this on trace.log: 2017-12-13 09:47:20 Error: Service [Thread 1d04]: [Microsoft][ODBC SQL Server Driver] Could not find stored procedure 'dbo.usp_static_object_ids_get'. (2812)

thanks for the answer, In my case I used the same credentials from startupconfiguration.ini to create users in bothe the new MSSQL servers and also I used the MSSQL Server Management Studio to confirm that the credetials work.

It's not a size issue but our organization policy that says a schedule quarantine cleanup must be made and keep only X days of quarantine files.

Hello, I am trying to move the local SQL EXPRESS database of the ERA server to an existing Database server. I tried to move only the database from an original ERA installation edit the connection file (startupconfiguration.ini) and test if it works. I tried in in two different database servers one at a time but no luck, after 5 secs the eset service is stopped. The settings are double checked and are the same as the original database in both the databases. I used microsoft sql management and I successfully login to both the new databases and also i used a udl file to test the connection credentials and all seem to work. Is there something I missing out, any help will be appreciated. Thanks, Peter

Hello, If this isn't support from ESET ERA console can I use instead query inside of MSSQL Server to get the job done? Can you provide the SQL Query of an original quarantine Job so I can modify it? Thanks, Peter

Thanks Michal for your answer, Is there any form or link to request new product features? Thanks, Peter

The shrink solution worked for me. Also I deleted the old logs and keeped logs for 15 days from ADmin -> Server Settings-> DATABASE CLEANUP: Clean logs older than. Thanks

nobody?

Hello, We want to make a new policy that deletes the quarantine items older than 30 days. In client tasks we can make a quarantine management task but we can define only period with date "OCCURRED FROM" to date "OCCURRED TO" so before after each run we must redefine this dates. Is there any way to define a period of time and any quarantine files older than this period to be deleted? Thanks, Peter

Hello, Is there any option, tool or maintenace task to decrease the database of the ERA v6. It has inside hundreds of thousands unneeded logs and I want to get rid of them. Era version is 6.5 & database is MSSQL Express. Thanks, Peter

Hello Marcos, You mean the option: Log all objects, in Antivirus -> Startup Scan -> THREATSENSE PARAMETERS -> OTHER: Log all objects ? Thanks, Peter

Hello, In many computers running eset 6.6.2052.0 we encounter the below problem: Hard disk is 100% usage and with very high response time. After some research we find that in folder C:\ProgramData\ESET\ESET Endpoint Security\Logs\eScan there is excessive writing and reading in the dat files. This files are in total 20GB by now. 1.Which of the ESET option or options creates, writes and reads to this dat log files and how I disable it centrally from Eset ERA? 2.Is this some kind of malfunction? PS: The screenshots are taken after we disable the schedule of Log maintenance and the Boot sector Scan in Startup scan and reboot the computer. It seems that this resolves the writing in the dat files but reading in these files remains. Thanks, Peter

Thanks Marcos, You are the best.

Hello, We want to watch from the ERA console all endpoint security traffic that passes through a specific firewall rule is that possible? Thanks, Peter

Hello, In our company we use a wifi network with captive protal (we enter the user and the password in a web browser page). The endpoint client warns about unprotected Wifi. Is there any way from ESET Remote Adminitrator to supres s that message or exclude the warning for the specific network SSID? Thanks, Peter

In one same case I disable all System startup file check, from Tools -> Scheduler. But this is a workaround and not a real solution.