[ERA 6 + Remote Detection Sensor + Subnets]

RD sensor can only work on its own subnet AFAIK.

 

You would in theory require an RD sensor on each subnet.

[Deploy ESET Remote Administrator Agent]

Deploy as a *startup* script which runs in a system context, not login script.

[ERA 6 installation - cannot install services]

If you have 5 installed, uninstall it before installing 6.

[how to configure clients so that they will get updates from HTTP proxy internally and directly when they are outside the company network ?]

+1 

[Install error.... "1"]

You can run the install with MSI switch "INSTALL_CONFLICTS=1" (remove quotes) which will bypass the conflict check and continue the silent installation if you are sure there are no remnants that may cause confliction. The "1" denotes a conflict.

[Product Suggestion (for ERA 6) : Agent Upgrade]

Surely this is what the "Remote Administrator components upgrade" client task is for? Although from my understanding it is not yet implemented due to the fact that is has only just been released as GA, therefore no "official" upgrades exist yet.

[How to Update ESET Remote Agent - Step by Step Guide]

Or.. you could wait for the full implementation of the "Remote Administrator Components Upgrade" task

Surely this method is only a one time workaround if you are moving from the NA to GA builds.

[Restart agent remotely]

I believe the idea is to show the worst event, which for me is acceptable. For example if the client did not update for 5 days, then just before you check it updates, agent checks in and reports ALL-OK, and no one is the wiser.. You may miss some intermittent issue. My issue is that I would like to be able to action the event(s) or know when the agent will clear it.

[Restart agent remotely]

Hi,

 

Thanks Jim for the PS command.

 

Hoping someone can clear up this ambiguity.

 

What is the expected duration of the "worst functionality problem" status? It seems logical to display this to the admin for X days/hours/minutes but there is no way of actioning/clearing this event. Or is it supposed to only reflect the current status? To me, it seems logical to display historic events, otherwise the admin does not know they occured unless they go pouring through logs, but we require a way to action or clear the event, once it has been acknowledged.

 

Thanks.

[Cannot change Windows themes]

The best thing you can do with fallible placebo junkware like PC TuneUp Utilities is uninstall it, and never look back. Software such as this designed to prey on the naivity of Windows users. Such tools are highly frowned upon in the IT industry.

Anything that claims to boost, tune, optimize, clean or fix your computer is at best, making false claims, at worst damaging your system.

[Clients showing as future install date after remote install]

Hello,

 

Please advise why some clients (Windows 8) are showing as "future" under "Product Install date" in clients tab, after remote deployment?

 

 

Clients have connected in/refreshed. 5.0.2225 clients.

 

Thanks.

[Give users alerts via policy]

I have a couple of questions if you dont mind;

1. Can multiple users be specified in the field "On multi-user systems.." e.g User1,User2..

 

2. If no entry is specified I assume that all users will see notifications or just the logged in user on server?

 

Just need some clarification, thanks.

[How to exclude mapped drives from real-time file execution/opening?]

Good evening,

How do you perform a real-time exclusion on a mapped drive location from scanning such as "Z:\test\text.txt"? This works for computer scans and file creation but not for execution or opening. You can easily replicate this on your own network.

1. Create a text file on a mapped drive that contains the Eicar string from hxxp://www.eicar.org/download/eicar.com.txt.
2. In Endpoint product enter exclusion for mapped drive under "Exclusions by Path" e.g "Z:\*.*"
3. Open text file containing Eicar string
4. ESET quarantines, ignoring the exclusion.

Please clarify why this behaviour occurs. This can cause problem with user opening data files etc. It is worth noting this behaviour is not exhibited on local drives or when using UNC path exclusion.

It is worth noting that no server protection was enabled in this test, and both "*" and "*.*" were used, and the mapped letter is correct.

 

Admin can not always rely on UNC path.

 

Warm regards.

[Spoofed senders implementation via Antispam engine filtering]

EMSX 4.5, Antispam engine > filtering > Spoofed senders

 

Can someone please explain how this feature works. The documentation is vague to say the least:

 

This list allows you to specify which mail servers are

allowed to use which domain names in the From: address. The offset will be applied when mail from the domain

does not come from the specified IP range. 

 

Can you specify domain or sender, format? Wilcards?

Mail server internal IP?

Offset recommendation?

 

Some further documentation would be helpful in configuring this type of feature.

 

Thanks.