tmuster2k

Hello, Is it possible to send the AUDIT log from ESET Protect on premise to a 3rd party SYSLOG server? Is it also possible to set alert thresholds for how many machines that a client level task is run on? We are wanting to do this to improve the risk posture to identify a threat actor or a high number of tasks are run on machines.

@Marcos My question is why doesn't eset.com open in normal browser when I specified it to in the policy? It only opens in Secure browser.

Trying to setup policy to where ESET's Secure browser will be initiated outside of 2 websites. I was doing test and also was able to reproduce by turning on "Enable Secure Browser" and under "WEBSITES REDIRECTION" and included www.eset.com and eset.com for "Normal Browser" so that when going to eset.com it should not bring up secure browser. The normal browser never is initiated however when going to eset.com even though local settings were confirmed based on the policy. I did notice that the only way to Edit the section "WEBSITES REDIRECTION" was to slide off "Secure All Browsers" so I was assuming with this slider off it still retained the items in "WEBSITES REDIRECTION" or am I wrong or is there something else I am missing in implementing this correctly?

Is there explanation as to what "Subunits" references in EBA for ESET server security. There is no mail security, terminal server connections or Sharepoint at all in play here. These are physical servers that some show 1 or 2 subunits. The glossary in EBA only references ESET Mail Security which is not part of this license. Also these servers do not have multiple NIC's (single NIC only).

in my testing, it appears that if you are already on the latest version of the agent that you cannot do install over the top and the task will fail if deploying. If you run locally with agent .exe file locally it will give error "Latest version is already installed". I don't remember this with previous versions like with 8.x but maybe something has changed. The only option appears to run script to remove orphaned agents and then do fresh deploy.

Do you know what version of the ESET Management agent were you on?

I was wondering if there is any report that can be created that can send report of failed installs. Fox example, if doing a install task to push a newer version of ESET ENDPOINT Security over the top and then the installation rolls back. I tested a report using Client Tasks, Failed and then Filter by Client tasks, Task type = Software install but this task will report success by just getting to the machine before windows installer even initializes so it doesn't recognize installation rollback as "Failed" but "Finished".

if this is an ESET ON Premise server then you will go through creation using agent live installer per >> https://support.eset.com/en/kb7750-deploy-the-eset-management-agent-to-a-macos-client-using-agent-live-installer If you are using ESET Protect cloud you can do all in one installer for agent and ENDPOINT per >> https://support.eset.com/en/kb6958-install-eset-product-for-macos-using-eset-cloud-administrator-live-installer

I noticed that ESET Protect 9.x in Prem has option to add the column for "Remote Host" in computers. This however is showing the internal IP address of the computers. As it did in Version 5.x ERA will there be any option to add the WAN IP remote host IP or have it available when generating a hardware inventory report for "remote host" ?

@Marcos Then entry in log files is intermittent so when do you run the ESET log collector?

Getting this message "Cannot read from socket: Network is down" in LOG FILES >> Events. Was wondering if anyone had explanation of this error. I looked through previous posts and one suggestion per >> was to disabled "Increased network volumes compatibility' but confirmed on this MAC machine that its not checked. Running Monterrey with all updates and ESET ENDPOINT Security 6.11.1.0

Anyone?

I have noticed a trend with the version 9.x agent and running the client install task for Windows Update. Before upgrading to Version 9.x agent, when running the "Operating System Update" client task and having all boxes checked for "Automatically accept EULA, Install optional updates and Allow Reboot" the system would restart after updates were done. With version 9, its almost a 4 hour delay until reboot is performed which is causing havoc for customers production servers. For one of the affected servers in the event log for SYSTEM it shows >> The task started at 10:12am and this is not showing until 1:42 PM. I even tested a 6.5 agent and the reboot was done right after all windows updates were done. This is happening on Windows Server OS 2009-2019. Issue can be easily reproduced in any environment. Is issue currently being worked on?

Thank you, Gonzalo

anyone?

For machines that are in network with NO internet what is the best way to configure these when using ESET Protect Cloud? Can you setup an Apache HTTP Proxy on machine that does have internet and then point air gap machines to this proxy to get Activations/Module Updates and LIVE Grid access? If so how?

@BrianMorris You can create a dynamic group template called for example "EDTD Activated machines". I put it as a subgroup under the dynamic group "Windows Computers" Then you can create another dynamic group called EDTD is not activated or license is invalid and also nest under Windows Computers. This will house all machines that do not have EDTD Activated yet. if you want to ensure that these machines stay activated with the EDTD license you can create an activation task that will trigger if any machines fall into this group >>

never enable Interactive mode in policy per Marcos. If app is getting blocked, then enable override mode on affected machine (child policy for override mode) then manually set to Interactive mode locally on machine. Create rules and then if app is now working correctly switch from interactive mode to automatic mode. request config and convert to policy. then edit your policy and turn off override option. If you have global policy that already already has firewall rules you can set this child policy to append along with your global policy.

@Kstainton Would there be some type of alert on the ESET Knowledgebase web page for Windows 11?

With the release of Windows 11 slated for October 5th, will a full decrypt of ESET Full Disk Encryption be needed before doing this upgrade? Also same question with ESET Endpoint Encryption with FDE applied?

@Nikos Antonopoulos This is what I would recommend when upgrading from 6.4. 1. download the 6.5 server msi >>https://download.eset.com/com/eset/apps/business/era/server/windows/v6/latest/server_x64.msi 2. Run the MSI to do upgrade over the top by using the defaults. If you get some kind of access denied then you will need to enter database user name. usually era_user and password is located in >> C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration 3. If you are running SQL Server express 2008 then you will need to upgrade that to 2014 at minimum. The all in one may do it. upgrades of SQL usually require reboot. 4. After reboot download the EP 8.x installer >> https://download.eset.com/com/eset/apps/business/era/allinone/latest/x64.zip 5. run the setup.exe and try the upgrade all components option now. If any of them fail just uninstall and then do install from all in one. Tomcat may need full re-install. Also if you are running Java 32 bit you will need to uninstall and install Java 64 bit >> https://support.eset.com/en/kb7088-install-esmc-web-console-using-jdk

Would the KB >> https://support.eset.com/en/kb7780-enable-or-disable-micro-program-component-update-in-eset-protect-8x?ref=esf be better served in its example towards the bottom to specify "Autoselect" when applying this part of the policy?

in the Policy only "Choose automatically" is the one that appears greyed out. This doesn't have anything to do with the application of policy. Is there an answer though still to >> What is the difference between choosing "Choose automatically" and "AUTOSELECT" in the POLICY >> Issue2: the KB article is not correct as the instructions are not accurate.

OK. I guess I can wait some more to see if it hits that 3month mark. I know that these builds have been on Version 8.0 since it first launched. Marcos. When did the very first version of 8.x come out for Endpoint Antivirus? in the article >> https://support.eset.com/en/kb7780-enable-or-disable-micro-program-component-update-in-eset-protect-8x it shows after "Auto-update" the "choose automatically" in greyed out format. There is also option for "Autoselect". What is the difference between these two and should I be choosing one over the other? I wanted to test stand alone machine that is not connected to ESET Protect. This article >>https://support.eset.com/en/kb7773-enable-or-disable-micro-program-component-update-in-eset-endpoint-products-8x but the end of article titled "Enable Micro Program Component Update in ESET endpoint Windows products" is very confusing as the options for "Ask before update or Auto update" are not even present in the drop down menu's. I did try implementing same settings in stand alone as I did the policy but stand alone system still did not update to 8.1.

i was informed that starting with Version 8.x we could now do automatic updates of the eset versions using program component update via policy in ESET protect 8.x. I followed the article accordingly >> https://support.eset.com/en/kb7780-enable-or-disable-micro-program-component-update-in-eset-protect-8x choosing to "enable micro program component update" steps. I confirmed via request configuration from ESET protect and looked locally at settings on endpoint to confirm this was correct. The policy has been applied since ENDPOINT Antivirus 8.0 was initially installed in the network. 1. Since its been almost 30+days since policy was implemented shouldn't it have updated all my Windows 10 machines to EEA 8.1 by now? 2. in the article it shows after "Auto-update" the "choose automatically" in greyed out format. There is also option for "Autoselect". What is the difference between these two and should I be choosing one over the other? I have tried both in separate policies but still no upgrade. 3. I wanted to test stand alone machine that is not connected to ESET Protect. This article >>https://support.eset.com/en/kb7773-enable-or-disable-micro-program-component-update-in-eset-endpoint-products-8x but the end of article titled "Enable Micro Program Component Update in ESET endpoint Windows products" is very confusing as the options for "Ask before update or Auto update" are not even present in the drop down menu's. I did try implementing same settings in stand alone as I did the policy but stand alone system still did not update to 8.1.