Sunwardsquash
Members-
Posts
10 -
Joined
-
Last visited
-
nichomach reacted to a post in a topic: Request for feedback on a plan to change handling of Potentially Unwanted & Unsafe Applications
-
Web control - default block all?
Sunwardsquash replied to Sunwardsquash's topic in ESET PROTECT On-prem (Remote Management)
Thanks--adding it to that location worked! It would be helpful if the wildcards worked inside web control, too. -
Web control - default block all?
Sunwardsquash replied to Sunwardsquash's topic in ESET PROTECT On-prem (Remote Management)
-
Anyone have any settings they've had good luck with when using Web and Email protection? When I have everything turned on we've noticed lots of failures in websites loading, as well as some serious slowdowns and resource usage with our Outlook clients. I like the idea of using these but I get confused trying to figure out what specific settings may be causing issues. Has anyone had good luck with a particular set of options?
-
Hello, Does anyone know specifically what the rogue detection sensor is using to trigger what's a rogue versus what isn't? Right now it shows half the devices in my network as rogue but when you drill into the lists it's mostly the same host names in the "rogue" section as the "non-rogue" section. I don't have agents deployed to lots of these, but everything in AD is showing up in both reports regardless. Any ideas? Lots of the rogue devices have multiple duplicate hostnames with MAC addresses that aren't actually adapters on the machines in question. Maybe it picks up access points or something else? Everything listed is on a flat subnet.
-
It's really only a problem because there isn't much data inside ERA. For example--we're having an issue now (ticket submitted) where ESET is blocking Infopath forms. We have no idea what's causing it, and no triggers or alerts are being generated, but because I turned something on it's being blocked. Some things that would be helpful are "best practice" standard policies that explain what the different settings do and what they're for. In absence of that, my goal would be that any action ESET takes be logged to ERA somehow so I could track what's going on centrally and adjust accordingly. It's nice to see you guys taking the time to read these! Thanks.
-
Description: Better ERA reporting/logging visible for client activity and better context-driven options inside ESET Detail: It doesn't seem to be very easy to see what's happening on clients without going to the client. I would expect there to be a way to see *all* ESET driven actions and logs from inside ERA and those should be actionable -- example: See that a website was blocked by Web Protect in ERA, right click on that and whitelist from a context menu. example: See that an application was blocked incoming or outgoing by the firewall from inside ERA, right click and whitelist or make a new rule from a context menu. Right now this is all very hard and time consuming to manage. Description: Better "standard" templates for behavior of profiles Detail: We're deploying ESET and it's overwhelming because of so many options. That's a good thing, but because ERA doesn't record much of what is happening on the client side I can't really tell what's going on without spending large amounts of time researching each option and testing with a client in a sandbox.
-
Easily whitelisting
Sunwardsquash replied to Sunwardsquash's topic in ESET PROTECT On-prem (Remote Management)
OK, thank you--managing through the quarantine makes sense! -
Hello, What's the best way to easily whitelist things for a whole policy/site when you get an alert in the console? Is there a way to make that fast or do you need to go through the policy and make it manually every time? For example, whitelisting a PUP detection.