Jump to content

cpetry

Members
  • Posts

    91
  • Joined

  • Last visited

Everything posted by cpetry

  1. Hello, This is definitely not our statement and/or attitude towards this product/situation. Could you please specify who told you this information and what might be the reason? Thank you, T. Sam S. told me the Apache HTTP Proxy causes more harm than good and that he doesn't like to use it. He also said it's not used for creating a mirror/update cache. He showed me another way to create a mirror/update cache on my network that will work. You don't need that mirror tool. You just configure an AGENT/Endpoint to act as a mirror and configure your clients to use it as the source for updates. I'm using the AGENT/Endpoint that's installed on my Windows based ERA. I've removed the Apache HTTP Proxy as it's not required and I too have no idea why anyone would need or want it after talking to Sam.
  2. So I've been working with Sam Saengmanivone and he configured a mirror client on my ERA 6.X installation. Basically, you setup an AGENT / Endpoint to act as a mirror and you point your configuration to the system that's running that AGENT / Endpoint. So it's not ERA itself that's doing it, but it's easy to do. You can browse to the mirror directory on the system and see all of the update files cached up. I'm using the AGENT / Endpoint that's running on my ERA server (I use a Windows installation, not the Linux Appliance). You can configure any server on the network to act as the mirror though. I'm wrapping up a few things with my ERA 6.X deployment and so far I'm happy with it. The newest build is much better than when 6.X first came out. The first release was a disaster. Thanks!
  3. So the file coder protection wouldn't even be active if I had it in learning mode? Something tells me that's the case. If so I will have to ask support how to setup automatic mode to automatically treat our LAN as trusted. If it's on auto and set to trusted for our LAN/domain, it should still scan it for file coder activity, correct?
  4. No, I figured that. I want external clients using a dual update profile if possible so they reach out to ESET servers if they aren't on my corporate network. From the sounds of the Apache HTTP Proxy it really only acts as a cache for the ERA itself. That's fine and that will work. I just don't want 1650+ clients using my corporate internet connection. I want the ERA to download/cache and distribute to the clients. Internal VM - ERA ESET HTTP Proxy Apache HTTP Proxy Rogue Detection Server Possibly MDM DMZ VM - ESET HTTP Proxy MDM
  5. Apache HTTP proxy relies only communication from ERA components and Endpoint Security products to ESET servers and is primarily intended to safe network traffic especially for larger networks. It has also advantages over standard offline mirror: less traffic to outside network (mirror downloads much more data in case synchronization is executed multiple times a day). clients get latest files version from ESET server and not version from last mirror synchronization (this is crucial for security) proxy handles also other security-related connection(cloud) not handled by offline mirror You may also use your own HTTP proxy, but it may require configuration tweaking. There is still alternative - classic offline mirror, but unfortunately no longer available/manageable by ERA, but instead available either as separate tool (MirrorTool: downloads files but does not shares them) or bundled in Endpoint Security as in v5. Thanks, I'm going to be setting up the Apache HTTP Proxy on our internal ERA VM and the ESET HTTP Proxy for external agent communication on our DMZ VM. I'm not sure yet how we will deploy / test MDM. I was thinking slap MDM on the internal and external VM and use split DNS with it for the same reasons you'd use split DNS for any reason. I'd rather not have clients/devices reaching out and then back in.
  6. Previously I was told that ESET Endpoint Security had better file coder protection due to the network scanner technology it has that the standalone AV does not. I'd rather not use/enable the firewall on my endpoints. Would the Endpoint Security still provide added network / file coder protection if the "personal firewall" was disabled? In other words is it more of a code dependency thing? Thanks!
  7. That's fine. I'll just have ESET engineering WebEx in and configure my wildcard godaddy cert with my web console since they know it so well. They should have no problem doing that since they love Apache/Tomcat so much.
  8. I'll have to install Apache HTTP Proxy and use it, and they will have to support it regardless if it has issues or not. That's really on them. If they don't want support tickets on it they should code something else.
  9. Support guys on this forum do understand Apache and Tomcat, so they can help you. The only problem they still have is documentation. Why don't you use their virtual appliance? I was specifically told by ESET support most people don't have any luck using the appliance and they'd recommend using a Windows install. That's what I'm trying to get at.. Why have it if you are going to tell customers to avoid it. Clearly they have issues with that software. Also, you don't code because it's easy. Your products should be easy for the customer, not the programmers. So I have a problem with "you try coding JSP on IIS". That's not my problem IMO.
  10. I've never liked the idea of using a VM or even a host agent to offload scanning of all VMs within an environment. I honestly think a lot of people feel this way and that's why this particular forum is so dead. What happens if the host agent or single VM used for offloading has an issue? Does that mean nothing gets scanned? What happens if it's overloaded, does that mean it's now introducing latency in my VM environment? We were using McAfee EPO years ago and they had this same feature. You could use a single VM appliance to offload all scanning. It slowed everything down considerably and required 16 vCPUs to function correctly. I'd much rather install the agent/endpoint on each server and know that each system is self contained.
  11. It doesn't even seem like ESET support even likes Apache or Tomcat yet you guys are using it? Why not leverage IIS since it comes with Windows? It's such a pain to use a wildcard cert for the web console with these third party HTTP servers. I could get it done in a few clicks within IIS. Since you guys are using Apache and Tomcat, I have to muck around with Java SDK's and other non-sense.
  12. I'm going to perform a swing migration from ERA 5.X to 6.X very soon. I was told not to install the Apache HTTP Proxy by ESET engineering (they didn't like it for some reason). However, if that's the only way to generate an update mirror/cache for my clients, I'm going to need it. I have 1,650 endpoints spread over a dozen sites. We share a single 100 MB internet connection. I can't have that many clients hammering the single corporate internet connection every hour. I was going to start with a single ERA at our primary location and later standup mirrors at the largest sites. Is it also recommended to use the ESET HTTP Proxy in the DMZ on a server that's not joined to the domain, and allow the proxy to reach back to the ERA server? I'll be using a published A record in DNS for my clients (split DNS; so the same URL can be used for internal/external clients). PS - I forgot to add/mention; is it best to install one MDM installation in the DMZ as well? Can the ESET HTTP proxy relay MDM information back to the ERA? I don't plan on mass deployment of MDM yet, but I'll be buying 25 licenses so we can switch to a business bundle. I want to experiment with MDM for a bit. Thx!
  13. Yeah, I have version 4.5/5.X of the ESET Anti-Virus, not the Security w/firewall version. Perhaps that's why we've seen ransomware hit us so hard? My biggest concern with the ESS suite was the "personal firewall" bit. I can't imagine trying to control personal firewalls on 1650 endpoints. Can that portion be turned off while still reaping the other benefits you speak of? ESET support is going to help us rip and replace upgrade to version 6.3. So hopefully there's been worth wild enhancements made to the newest business version. If the regular AntiVirus will be greatly improved soon to include those Filecoder protections that would be great.. We've seen a huge uptick in ransomware and specialised Trojan software on our network in the last year. PS - I keep LiveGrid on but we are only the older software (I just verified LiveGrid is on for us).
  14. I've been testing Cylance and SentinelOne against ESET in a VM environment. I'm more impressed with SentinelOne for other reasons (such as rollback for Ransomware). I'm not convinced either products are "ready" yet but SentinelOne does seem promising. I love how you can see exactly what a process did as it executed. It's also amazing that you can leverage shadow copies to rollback an action. I've been a huge fan of ESET for around 10 years. There doesn't seem to be much development for their business product. We've been using ESET File Security 4.5 and ESET AV 5.0 for endpoints for 3+ years in our corporate environment. ESET has missed things. We've seen Randsomware hit systems protected by ESET as well as some newer state of the art Trojans. I'm also displeased with how ESET upgrades have gone in the past (I've seen component upgrades uninstall ESET vs upgrading a client, etc). I'm also sick of seeing error 1603's, etc during install. It's almost a battle to get ESET installed in the corporate environment. We are going to upgrade to ESET 6.3 from 4.5/5.0 very soon and I'm *really* hoping it's a much better product. I plan to run ESET 6.3 until Q1 next year before I decide to push for another product. So does ESET actually update the advanced heuristics between versions? Or is their algorithm set in stone? Is there any progress being made by ESET for business customers? I haven't seen a lot of activity. Comments? I'd love to hear what people think about emerging threats and is the traditional AV really "dead"?
  15. Well, I'll be using ERA/ESET 5.x for a while it seems. I have no idea why they thought this product was ready or even better than ERA 5. I'd take ERA 5 over version 6 any day. I can't get clients to process policies, AD synchronization is set to only when the ERA server is rebooted by default, this whole agent/certificate thing is a pain, the ERA 6.x patching process sucks (uninstall and reinstall, leaving certs all over the place!), and the interface is annoying (reminds me of the Metro UI where you have to get your mouse just right in certain spots to display the menu). It's also a mess compared to the ERA 5 interface. I have one (my only client on 6) showing up 3 times in the ERA 6 interface. Why do clients have to show up multiple times for different "errors" (they aren't even really errors btw, it's non-sense such as the Windows Firewall being turned off). It took me all day to get one policy to apply to a single client. I just wish I didn't have to reboot the ERA 5.x server daily due to port exhaustion. That was coded poorly. Other than that ERA 5 is way better.
  16. I'm also getting this error. RAS Ver: 5.1.34.0 Server has ver 4.5.12011.0 Tried updating client to ver 4.5.12015.0 Error: Warning Upgrade processing error, error code: (7,3) I always get this error. I can't upgrade any file server client. I can upgrade my workstations to the latest version!
×
×
  • Create New...