[How can I get alerts when an file is quarantined]

I want to receive an alert when an object is quarantined.  I already get alerts when a threat is detected but I want to make sure it was dealt with as well without entering the console everytime and not having to open my laptop.

[Unable to activate override]

12 hours ago, ewong said:

I would assume that since the authentication is via AD, I'm assuming you've set the permissions to specific AD users and you've somehow changed the permissions for the currently logged in user.

Check the permissions for the currently logged on user to see if you've disabled/removed any permissions.  (Just a suggestion)

Edmund

User permissions haven't changed.  I'm pretty confident ESET policy just need to be tweaked since UAC prompts we're working like I mentioned.

Documentation hasn't been much help.

[PDQ Deploy unable to contact client with ESET installed]

5 hours ago, Marcos said:

Does temporarily pausing the firewall make a difference? If so, what about switching it to learning mode for a while, let it create the necessary rules and then review the rules prior to applying them to other machines via a policy? Is the IP address of the PDQ deploy server in the trusted zone?

The PDQ IP and ports were whitelisted last week.  We can't pause because of another issue existing with override policy, opened a thread here:  

 

 

5 hours ago, ewong said:

Most likely those policies that affect the firewalls (either ESET Security or Windows).  Methinks you'll need to check whether or not any of the ports are blocked as mentioned in here.

Edmund

Thanks Edmund, we already whitelisted actually and when removing ESET PDQ works fine.

[PDQ Deploy unable to contact client with ESET installed]

We have a PDQ deploy server that is not able to deploy to laptops after ESET is installed.  I cannot ping or push software to laptops after ESET is installed.  What ESET policy could be blocking this?

[Unable to activate override]

Hi,  I cannot get override to work properly.  It was giving UAC prompts initially which is what we want and has stopped working!  So of course I started to adjust the settings and I only get the below error message now "Not authorized"

Any advice?
 

-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------

 

-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------



 

[User Interface will not display]

On 12/2/2019 at 2:09 PM, itman said:

Below is what the Eset user manual states about these settings:

This setting, "Require full administrator rights for limited administrator accounts," applies if your employees run under the limited admin account. Leaving this setting enabled would require full admin user name and password to be enter. This means their logon id and password.

If the employees are set up as standard user accounts, then this setting would have to be disabled. It also means it would be trivial for malware to access Eset settings and disable/modify them.

This setting, "Require administrator rights (system without UAC support)," only applies to Win XP.

Warning - do you really want to give your employees access to Eset internal settings on their PC's?

Thanks, I got the UI working again.

[User Interface will not display]

1 hour ago, itman said:

Refer to the below screen shot and ensure that your Alerts and Message box settings are the same as default values shown.

As previously posted as far as I am aware of, the policy setting must be set to Manual to allow non-admin access to the Eset GUI.

My alert and messages boxes look identical.

so I needed to disable to 2 settings in User Interface < Access Setup for this to work.  I marked them below, now I can pull up the UI and settings are setting off a UAC prompt.   Is the expected behavior?

[User Interface will not display]

On 11/27/2019 at 3:45 PM, itman said:

Refer to the screen shot you posted. A Start Mode of Minimal will only allow notifications to be displayed.

Appears the Manual setting is what you desire:

https://download.eset.com/com/eset/apps/business/ees/windows/latest/eset_ees_7_userguide_enu.pdf

I have the policy set to minimal which states   "The graphical user interface is running, but only notifications are displayed to the user."

currently, no notifications are showing and no one but admin can open the GUI which is the behavior for silent start mode.  I have  tried reinstalling on an affected computer.

[User Interface will not display]

Hello,

The ESET endpoint security is unable to load the User Interface.  When a user tries opening from the system tray or program list clicking to open does nothing.  see the screenshot attached,  I only changed the start mode policy to silent. I changed back to minimal 2 days ago and still cannot open.

Is there a different policy that would affect this?

Thanks

[Policy issue with interactive mode in SSL TLS settings]

30 minutes ago, itman said:

Hum ........ We might have a "can't see the forest because of the trees" situation here.

If the Eset firewall is set to Interactive mode, you will receive an alert for every outbound connection being made for which no  firewall rule for that connection exists. Specifically in regards to FireFox this means if you connect to three web sites for example, you have to create an allow rule for each IP address associated with each web site. Ditto for any other Internet facing app you run.

On the other hand, you can just create an allow firewall rule for the app process alone; i.e. C:\Program Files\Mozilla Firefox\firefox.exe and allow all outbound communication from that app. If you want a bit more control, you can specify only remote ports 80, 443 be used.

The above will prevent any further Eset firewall alerts in regards to that process as long as all conditions for that rule are met. For example if FireFox attempts to use a port other that 80 or 443 as given above, you will receive an alert for that activity.

As far as using Interactive mode for SSL/TLS protocol scanning is concerned, that mode should never be enabled unless you wish to create a specific exception for a given web site. For normal usage, always keep  SSL/TLS protocol scanning mode set to its default Automatic mode. Web site certificate exclusions should also be kept to a minimum. This feature was never intended to be used for en-mass web site certificate exclusions.

itman thank you for that,  but that is not the issue I'm describing.  My issue is why when prompted, why isn't the allow button allow the connection?

I understand I can just dump a ton of whitelist in and make exceptions.  That was always clear, I just want to know why when I hit allow I am getting the same prompt.

FYI, firefox is not what I need help with.  the actual notification and prompt not working is the issue here.

[Policy issue with interactive mode in SSL TLS settings]

1 hour ago, Marcos said:

Yes, it's an ad blocker available as a browser add-on.

Would you please provide step-by-step instructions how you got the notification about untrusted certificate?

Are you able to reproduce it with any browser? Even with all add-ons disabled or uninstalled?

sure,  I enabled SSL filtering, enabled interactive mode.  And then attempted opening slack, outlook and google chrome.  all were asking for action to take (ignore, allow)

to be clear, the firefox screenshot is just an example of what the prompt looked like and nothing else.  I cannot replicate because leaving interactive mode enabled, and the allow action not working basically made my computer unusable.  apologies but I cannot reanable until we figure it out.

[Policy issue with interactive mode in SSL TLS settings]

itman,  I'm not sure what ublock is.  Is that a add on?

[Policy issue with interactive mode in SSL TLS settings]

8 hours ago, Marcos said:

In case of self-signed untrusted certificates ESET doesn't ask for an action and leaves the decision to the application (browser / email client) as though it was not filtering SSL.

It is not clear to me for what purpose you'd like to use interactive SSL filtering mode; interactive mode (be it in fw, HIPS, etc.) cannot be used in environment where settings are either password protected or configured via a policy or where the user doesn't have administrator permissions to save settings.

Marcos, so let's leave the self signed off the table then.

I am simply testing features at this point and want to know why selecting "remember action for this certificate" and allow prompts brings up the same prompts constantly.  I did punch in admin credentials after clicking allow.

below is an example,  I did double check and the cert and application (even PID) were exactly the same when the prompt returned.

[Policy issue with interactive mode in SSL TLS settings]

23 minutes ago, itman said:

The normal and default node for SSL/TLS protocol filtering is Automatic mode. The only reason Interactive mode should be used if one wants to specifically create a web site certificate exception. For example, a web site where privacy considerations apply like a healthcare provider.

But giving interactive mode the exception still would not let the program presenting it with the Cert open up,  the same cert prompt would show.  How can I troubleshoot this?

[Policy issue with interactive mode in SSL TLS settings]

Interactive mode

If you enter a new SSL protected site (with an unknown certificate), an action selection dialog is displayed. This mode allows you to create a list of SSL certificates / applications that will be excluded from scanning.

 

Interactive Mode for SSL/TLS policy brings up the action dialog box.  This in turn let's the user select an action, then a UAC prompt comes up but even after entering the admin credentials, the user kept getting the same exact dialog for the same program for the same certificate/exception. over and over...

Because of this the user was unable to get into outlook, internet explorer, chrome, basically they could not do any work until I disabled the policy in the console.

Could someone explain why the action was not sticking?

[Software install from Console not working]

28 minutes ago, MartinK said:

Indeed ping would probably fail as ESMC Appliance has enabled firewall which is blocking such request, but crutial fact is that client machine cannot resolve hostname. This is something that has to be resolved either by network configuration, or changing hostname/IP of ESMC servers in installers so that AGENT can actually connect to ESMC.

Martin, on your advice I've added this hostname to DNS. will adjust server tasks to reference hostname

Now a question, for server tasks...  can you confirm if ESET attempts to use server IP if hostname is not reachable?

[Software install from Console not working]

Can't resolve a host and cannot ping the machine.  Martink, this VM was setup using a preconfig Linux VM from ESET website. Are VM's not pingable by default?

[Software install from Console not working]

16 hours ago, Marcos said:

That is not the log C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\trace.log. Also please check status.html in that folder.

status and log are attached, looks like it's not talking.  I was able to push the agent via a server tasks.  would a firewall exception need to be made even though the agent was able to be installed with the ESET console?

ESETagent_tracelog.txt

[Software install from Console not working]

9 minutes ago, Marcos said:

What exactly did you do? Do you see the agent connecting to the ESMC server? Did you send a software install task to clients? Any errors in the agent trace.log on clients?

I've attached a tracelog but it seems pretty empty, where can I find log info? and no errors,  it just looks like the software install is doing nothing.

We tried a scheduled job and ASAP.  neither worked.

tracelog.log

[Software install from Console not working]

Hi Marcos, thank you for the prompt reply.

 

I am trying to deploy to a computer with the Eset management agent already installed, but it's stuck on planned.

[Software install from Console not working]

I am not able to push ESET security software from the console. The status screens shows no activity and the trigger was set to ASAP and to use the client timezone.  Please help!!!! see the image below for the status screenshot.
Thanks

[policy values are read only]

On 9/2/2019 at 6:38 AM, MichalJ said:

Just to add, we have reworked the policies screen layout for the upcoming release to prevent this confusion. Settings page is "read only" view over the policy. If you want to adjust it, you need to edit. Now the "edit" button will be directly present in the policy details. 

Haha,  was going to recommend that.  Thank you for that.  now I keep hearing about the next release, coming this year.  is there a ETA or when it's done baking in the oven?

[policy values are read only]

See the screenshot attached.  all of the policies have this issue and that little lock shown.

[policy values are read only]

1 hour ago, Marcos said:

It depends on the permission set assigned to your account.

Account permissions don't apply in my case i believe,  to clarify I am the admin and I use the original admin account.  not one created for me, would be weird if that didn't grant full access, no??

[policy values are read only]

Hi all,

first post here.  want to know why my policies become read only?  I am the admin of the Management console, so logging in should give me rights to adjust policies?  Am I missing something.

thanks.