Jump to content

Campbell IT

Members
  • Content Count

    54
  • Joined

Posts posted by Campbell IT


  1. On 5/6/2020 at 11:42 PM, MichalJ said:

    Hello @Marcelinho, you are most probably meaning installation of the latest product version. If your computers have still connection to the management server, even if they are working remotely agents are able to communicate, after you set a task to "install latest version of software", computers will connect to ESET Repository to download the latest application version.

    For the future, we are working on micro PCU auto-update, meaning you will be able to set your clients to automatically download latest product version upon availability, and install it, where at the end only a prompt for reboot will be displayed for your end users. This is however not yet enabled, and should be enabled with the upcoming product release. 

    Please have an option to block automatic upgrades as you have described above. While it sounds good in principle, unless reboots are forced, you could end up with computers that have pending reboots for weeks. We struggle with getting our users to log off, let alone reboot. Plus, if there is an issue with an upgrade in our environment, we would need to be able to prevent the upgrade from happening on more computers. Thanks.


  2. I had several machines detect HTML/ScrInject.B and for weeks, the detections would show up as unresolved. I finally got some time where the user would let me work on the system for a couple of hours and the only way I could find to actually get the detections to resolve was to run an in-depth scan with cleaning. It baffles me because these detections were reported after a smart scan. If there is some other easy (albeit, not intuitive) way do resolve detections, I would love to hear it.

    Thanks.


  3. I have found after working with ESMC 7.x for some time that the only way to permanently resolve detections is to run an In-depth scan with cleaning after a detection has occurred. Is there a way to configure ESMC so that when a desktop reports s detection, an in-depth scan with cleaning is scheduled automatically?


  4. 9 hours ago, Marcos said:

    Deleting files from quarantine does not resolve detections. Files can be kept in quarantine unless they take up a lot of disk space which usually doesn't happen; malware is typically quite small with the size even below 1 MB. In quarantine objects are kept in a safe encrypted form to prevent execution.

    How do I know what detections have been resolved and no longer need my attention? I have set the filter to the Preset filter "All unresolved threats" and it shows all threats back to Oct 2019, even those that have a check in the column "Resolved". If they are resolved and I set the ESET Preset filter "All unresolved threats", why is it showing me resolved threats? It is very difficult to tell what computers need to be examined more closely.

    Also, what does ESET consider as an action taken? Because that filter also shows detections back to Oct 2019 if I select "All threats without action taken".

    Is this a browser issue? I am using FIrefox 75.0


  5. Using ESMC 7.1.717.0, trying to figure out the process for deleting detections from the quarantine on a client. For the life of me, I cannot figure out how to do this. I get an alert that there is a detection that has not been resolved, so I look at the detections and click on Show Details. It shows me the details of the detection and has the client name in the upper left. I click on the Show Details button below the client name and it takes me to the details of that client. It lists the detections for that client, so I click on Show Details and it takes me right back where I started. Can we please just have a button to delete items from quarantine?

    This product is so overly complicated it's making me start to think of alternative products.


  6. On 9/28/2018 at 12:12 AM, MichalJ said:

    Thank you @Campbell IT Concerning the "logged users" - all is clear. We are already tracking an improvement for that, so I have added your feedback to it. With regards to the "Detection Engine", would the information about "last update attempt" (= when the application contacted ESET Servers, to check whether there is a newer version of any module) or "last successful update" (= when the application actually downloaded any of the newer modules from ESET Servers, which means it´s working with the latest modules), be sufficient to you?

    In the meantime, logic works, that machine changes its status from updated to non-updated after 7 days, and will report a protection status (red) with "modules out of date". If you are more strict with this, what you can do is to shorten the alert interval down to one day, by configuring a setting in a policy for security product as follows:

     

    settings.png

     

    "Last successful update" would work fine. In the meantime, I will adjust the settings you outlined above. Again, thanks for listening to my feedback.


  7. 10 hours ago, MichalJ said:

    @Campbell IT Concerning your feedback. Issue with "logged in users" is, that there could be more than one user logged in on the machine, so choosing just one, might not be valid. However we are tracking improvement request to have this (adding the information in computer details was the first step). We are working on a redesigned computer table element, that would be more robust from the point of view of displaying the desired information.

    Detection engine (previously VSDB) is not coming back, as it´s just one of many modules in the product, and the information does not really indicate whether the product is updated or not. We are instead working on adding information about "last update attempt" and "last successful update". Out of curiosity, for what purpose you would use the Detection Engine version info for?

    We are also working on "tagging functionality" that would allow specification of tag manually (in the first phase) and later automatically, that would replace the "custom fields" functionality in the old ERA V5.

    Thank you for looking into the suggestion. We only have a few computers that would have multiple users logged in at one time. In 5.x, the logged in user shows up as "Multiple users". It doesn't happen often, so it wouldn't be a problem for us. To clarify - I'm asking to have the option to display this info in the computer table. Either have it off by default, but allow admins to enable it or vice-versa.

    Regarding the Detection engine, what I am looking for (and what we used the VSDB info for) is to be able to see at a quick glance, which machines are not updated. I suppose that ESMC will flag machines in red if they have an issue, but then we have to drill down to find out what is going on. Sometimes it's as simple as the machine being turned off, which we don't need to investigate.


  8. Description: Add fields to Computers list

    Detail: In ESET ERA 5.x you could customize the fields in the list of computers. It made it very easy to see what user is logged into a particular machine because you could add a custom field with the username. In ESMC, you have to click on the machine, then click Show Details and then scroll down to Users to see who is logged in. The same goes for the Virus DB version (now called Detection Engine in ESMC). Please give administrators the option to make the console less click intensive. We need to be able to find info quickly without having to click and scroll so much.

    Thanks for listening.

×
×
  • Create New...