Jump to content

SunnyJ

Members
  • Posts

    4
  • Joined

  • Last visited

About SunnyJ

  • Rank
    Newbie
    Newbie

Profile Information

  • Gender
    Male
  • Location
    USA
  1. Marcos, I opened that support ticket as I am currently testing this directly in ESET Server Security; however, once we get this working as expected, we want to replicate this to ESET PROTECT and push it out via policy. Is that not supported?
  2. Hello, The ESET Server Security online documentation doesn't have detailed information on configuring firewall rules (the only thing it has is https://help.eset.com/efsw/11.0/en-US/idh_dialog_epfw_app_tree_rules_page.html), and the closest thing I can find is https://help.eset.com/ees/11/en-US/idh_dialog_epfw_rule_create_general.html (but this is for ESET Endpoint Security). This seems to indicate that we should be able to specify a Service rather than an application path: Service—You can select a system service instead of application. Open the drop-down menu to select a service. However, when I attempt to do this, it doesn't work. For example, this does not work: However, if I remove the service name and put in the full path to the executable the service is mapped to in services.msc, it works: Should ESET Server Security be able to work with a service only configuration or is that documentation not entirely accurate or not representative of how ESET Server Security works? I was hoping this would work as several Microsoft products use different paths, depending on the version installed, for the same service. For instance DPM includes the year in some versions, SQL Server includes the primary version ID, etc. If this doesn't function as expected, then we would need to configure multiple rules for different versions. Any input you can provide would be helpful (I contacted chat support and they seemed to indicate the help documentation was incorrect and a filepath is needed). Jacob
  3. Description: Advanced/Granular Database Cleanup Options. Detail: Currently in ESET Protect On-Prem, there are only 4 timeframe options for database log cleanup. It would be nice if there were more advanced options, such as individual time frames for different detections (ie, being able to trim firewall logs to a couple days vs blocked files/sites to a month vs antivirus detections to months or years). Or trimming of performance logs (which we had over 5m of these) differently than other logs. For companies that have to keep long periods of some logs but not others, this would help us keep these while cleaning out others and keeping the database at a manageable size.
  4. Description: Custom identifiers Detail: In an environment where management of devices is mixed, it would be nice if there was a way to gather a custom value or provide a script that can return a custom value for display in the details of a system. In our case the built in identifiers are unreliable; hostnames are managed independently by different management parties, the IP reported is the IP assigned to the adapter (so when the server is behind NAT, it's not useful), mobo SNs don't get set by the manufacturer so just return N/A or a default 0123456789. So, for at least us, on setup, we add a custom registry or configuration value to our Windows or Linux systems for monitoring and tracking (it's also affixed to the physical box). Being able to have it retrieve a registry value or run a batch/bash script that'll return a value would be highly useful for tracking purposes. I thought about having each client run a custom command with the "run command" client task; however, as far as I can tell, it does not seem to record or return any information back to the server other than a success/failure. We've considered using this approach, but then posting that data to a logging site, but that then requires more port allowances, would be difficult to match up exactly, and is inefficient, so something built in would be preferred. TBH, I'm surprised there isn't just a way to return some custom information in general, as that seems like it would be in general really handy, not just in terms of computer identification, but giving admins the ability to check for different statuses of OS or other values as needed.
×
×
  • Create New...