tmuster2k

anyone?

Hello, Itman. So I did confirm in the "Security at a Glance" section that "Virus and Threat Protection" shows that "Real time Protection is turned off" which is fine because EFS is running and activated. However the Windows Defender Antivirus Service shows in "Services" as still running. Is this tied into anything else other than AV protection like the windows security center for reporting health of AV products running on this platform? In other words is it normal to have this service running when EFS is also running on the same system.

Is it possible to configure ESMC to use LDAPS on port 636 instead of the usual non encrypted port? Microsoft plans to disable plain-text LDAP connections in march updates. AD Synch will stop working per >> article https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

anyone?

I did a clean install of latest ESET FILE SECURITY for Windows Server 2019 and notice it left the Windows Defender Cloud Delivered Protection still enabled and had to be manually turned off. Shouldn't EFS disable this like it does real time protection? Would it interfere with ESET CLOUD Protection? Also I noticed with EFS installed the "Windows Defender Antivirus Service" is still set to Running. Shouldn't this be disabled or set to Stopped after install and activation of EFS?

Would this product be at all compatible when using ESET Cloud Administrator or is it even supported? The url >> https://www.eset.com/us/business/server-antivirus/shared-local-cache/ says its only for ERA 6.5 and OS only goes up to Server 2012. Is this product even needed if they are on cloud setup? If so how can you implement?

I have a customer who wants EES configured as such >> When Laptops are in house (internal) he does not want the EES firewall turned on. When Laptops are outside the internal lan he wants the EES firewall turned on. Would it need some kind of dynamic group to trigger this switch and if so how would this config template look and what changes need to be made on policy?

Installing the updates should do it if its a windows 7 machine that does not have KB4490628 or KB4474419.

I know the process on restoring dbase for same machine. I need to know how to move that database from a 2012 Server to a 2016 Sever that is hosting all my other SQL Express Databases? and then once moved how do I point my ESMC install that is on the 2012 server to the moved instance on the 2016 server?

I will be wanting to move my ESET SQL Express database to another server as I want all databases on one box. Is there a documented way of doing this? Would I need to do repair of ESMC Server service after moving database? Is SQL Management Studio needed for this process?

Is there a way to find the VolumeGUID for Volume C drive by using EFDE logs?

Users only have standard rights. UAC prompt appears if you try to alter endpoint settings.

Is it possible to create a report that will show what specific windows user login was used to PAUSE Protection or Pause Firewall locally on Endpoint? I know Audit Report will show you what User/Native user for ESMC performed any action but can you show what windows user or domain admin account was logged into when Pausing protection for ESET?

Thank you very much for this info, ITMAN. So in your case, after disabling UPNP on router you no longer had connectivity issues with VPN connection?

The VPN client keeps disconnecting and have to re-connect.

I have been having issues with maintaining connectivity to my VPN recently. I looked at the ENDPOINT Security program (7.1.2053) on windows 10 and it shows my Routers Gateway address. I can do UNBLOCK but it comes back later. The detection is for >> svchost.exe Destination Port 1900 UDP Direction = IN // Communication denied by rule- Block incoming SSDP (UPNP) requests for svchost.exe. Would this cause issue with V PN connectivity at all?

After doing FDE with latest EEE version I can no longer login using on board keyboard that came with my Lenovo Yoga Windows 10 computer. I can only log in on the FDE screen using my usb keyboard. Per Legacy USB Emulation https://support.deslock.com/index.php?/Default/Knowledgebase/Article/View/416 I cannot find this item in my BIOS and only references Legacy boot devices. Does this mean my systems on board keyboard is simply not compatible with the FDE login? The on board keyboard does work in the BIOS and fast boot is disabled.

Where is the "Custom attributes" section on the ESMC AD Sync task?

I have customer who puts in Computer Description for every system on the domain. This can be found by going to right click on "This PC" from windows explorer and go to Properties it will show you the Computer Name, Full Computer Name and Computer Description. IN ESMC when clicking on gear icon from the Computers section on the right and choose "edit column" and checking box for "Computer Description" it does show when scrolling to far right but no computer description is displayed. The only way I can get a computer description is by editing from show details and manually adding it. I was able to reproduce on MY VM by adding a computer description and rebooted. after reboot and going into ESMC there is still no computer description.

Customer spilled water on laptop and it killed the motherboard. This was managed FDE from EEES. If this SSD is mounted to another machine can it be decrypted. The computer he was going to put it in has the same specs as the one that no longer boots up. Does ESET do a fingerprint though where it can only be decrypted with the original fingerprint? Machine ID? also if they tied the FDE to TPM then there is no option at all for recovery?

Constantly getting these email notifications and not sure where to drill down to because there are not details on the email. It just says please log into ESET Cloud Administrator for more details. The company I am working with has tons of client tasks. Would a trace log possible give any details?

any other recommendations? Customer is no VPN so is there any other option for Agent to connect other than what is relayed in >>hxxp://support.eset.com/kb3304/ ??

I get this question from time to time regarding remote clients connecting over the internet. Is there anything to worry about with this port open to the internet? Any other verbiage would be good so I can provide details.

The previous response is not valid. ESET ENDPOINT Security has Web Control which has category blocking. This can be enabled and managed via policy using ERA/ESMC or locally for smaller environments.

I have run into this multiple times when customers do installs over the top using All in one installer. If you just run the MSI for agent or for EEA/EES/EFS over the top it will install no problem. Also if you do push install over the top via ERA/ESCM it will work.