Sunwardsquash

Thanks--adding it to that location worked! It would be helpful if the wildcards worked inside web control, too.

I tried variations of this, without any success.

Anyone know how to make a web control rule that just blocks everything, so I can have a whitelist-only URL policy?

Anyone have any settings they've had good luck with when using Web and Email protection? When I have everything turned on we've noticed lots of failures in websites loading, as well as some serious slowdowns and resource usage with our Outlook clients. I like the idea of using these but I get confused trying to figure out what specific settings may be causing issues. Has anyone had good luck with a particular set of options?

Hello, Does anyone know specifically what the rogue detection sensor is using to trigger what's a rogue versus what isn't? Right now it shows half the devices in my network as rogue but when you drill into the lists it's mostly the same host names in the "rogue" section as the "non-rogue" section. I don't have agents deployed to lots of these, but everything in AD is showing up in both reports regardless. Any ideas? Lots of the rogue devices have multiple duplicate hostnames with MAC addresses that aren't actually adapters on the machines in question. Maybe it picks up access points or something else? Everything listed is on a flat subnet.

It's really only a problem because there isn't much data inside ERA. For example--we're having an issue now (ticket submitted) where ESET is blocking Infopath forms. We have no idea what's causing it, and no triggers or alerts are being generated, but because I turned something on it's being blocked. Some things that would be helpful are "best practice" standard policies that explain what the different settings do and what they're for. In absence of that, my goal would be that any action ESET takes be logged to ERA somehow so I could track what's going on centrally and adjust accordingly. It's nice to see you guys taking the time to read these! Thanks.

Description: Better ERA reporting/logging visible for client activity and better context-driven options inside ESET Detail: It doesn't seem to be very easy to see what's happening on clients without going to the client. I would expect there to be a way to see *all* ESET driven actions and logs from inside ERA and those should be actionable -- example: See that a website was blocked by Web Protect in ERA, right click on that and whitelist from a context menu. example: See that an application was blocked incoming or outgoing by the firewall from inside ERA, right click and whitelist or make a new rule from a context menu. Right now this is all very hard and time consuming to manage. Description: Better "standard" templates for behavior of profiles Detail: We're deploying ESET and it's overwhelming because of so many options. That's a good thing, but because ERA doesn't record much of what is happening on the client side I can't really tell what's going on without spending large amounts of time researching each option and testing with a client in a sandbox.

Yes--the suggestion for handling it without user notification is better. It's confusing and frustrating for users right now. The only other way to do it would be to make sure the user only gets one prompt.

OK, thank you--managing through the quarantine makes sense!

Hello, What's the best way to easily whitelist things for a whole policy/site when you get an alert in the console? Is there a way to make that fast or do you need to go through the policy and make it manually every time? For example, whitelisting a PUP detection.