Jump to content

Jenova

Members
  • Posts

    14
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by Jenova

  1. Greetings! We have a test local CA used for internal resouces (both in local network and datacenter network (real IPs) connected to our local network via VPN). Been testing several websites (both in LAN and in datacenter) with the certificate from local CA while it's added to Trusted Root CAs on local machine: 1) Windows client with latest EES installed and SSL filtering enabled in automatic mode - takes really long time to open the webpage first time. Then it works just fine for some time (like couple of hours), after that - it's slow like hell again and goes to new cycle. 2) Windows client without EES installed - everything works just fine, no slow downs. This type of behaviour looks like EES tries to verify the certificate via CAs in outside world and only after all attempts fail it looks in local machine Trusted Root CAs. And it "forgets" all that in couple of hours... What's the order for checking Trusted Roots in SSL filtering functionality? What can be done to get rid of those delays? Thanks in advance!
  2. +1 same here - it gets updated only after computer restart
  3. Greetings! Listed as fixed in 7.3 "An on-demand scan launched from the ESMC console could shut down the computer even if this post-scan action was not selected" is exactly what started happening after I've upgraded Endpoint clients to 7.3. Never happened before. The process C:\Program Files\ESET\ESET Security\ekrn.exe (WKST-VRN-BKP01) has initiated the power off of computer WKST-VRN-BKP01 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Other (Planned) Reason Code: 0x80000000 Shutdown Type: power off Comment: Computer scan completed That comes from scheduled scan policy (daily on-demand scan with post-scan action set to "no action"). All upgraded endpoint clients have been shutdown after this scan. Fix it please!
  4. Please consider adding firewall module for ESET File Security - as for me the very same module (as it exists in Endpoint products) would be enough. Managing firewalls centrally from ESMC for both desktops and servers makes perfect sense. I believe this feature would be widely used. I would also forward this request my my local distributors and would like to ask other ESET business users to do the same. Thanks in advance!
  5. Greetings! There is a similar topic for Endpoint products in the appropriate forum section but none for other business products. Why? I believe it could be useful to store those requests and replies in a single place. For example, I've searched a lot for information about firewall module for Server products. I already know there is no such module but I haven't found any definitive answer for "why" and "will it ever be created". And I might be not the only one interested in opportunity to manage Server firewalls via ERA (which falls under the same concept of managing desktops firewalls centrally via ERA) or at least to know that I shouldn't be waiting for such a feature...
  6. Please consider moving Override mode button from advanced settings into general settings area. All our ESET Endpoint clients have password protected settings (password known only to IT support staff). At the moment in order to be able to use Override mode I'd have to either remove the password (not an option) or reveal the password to at least some users (also not an option). From my point of view it makes no sense... In our office all external devices are blocked by default by an appropriate policy. I have a couple of users who should be able to work with removable media but: 1) their settings must be password protected 2) I need them to allow specific removable media manually in Endpoint (thus making sure that it's correct AD user and he deliberately allows some particular USB stick he needs) 3) I need to be sure that user won't forget to activate device control after he finishes his work with removable media This could be achieved with activating Override mode for particular AD user for short period of time. The user would have to activate it manually, won't have to remember to deactivate it, won't have to know advanced settings password (meaning wouldn't be able to change something permanently).
  7. Greeetings! I can't seem to understand myself or to find detailed info on computer rename process in regards of its "relationship" with ESMC. Situation is as follows - there is domain computer with ESET managemnt agent and Endpoint Security installed (using business license). It's visible in ESMC and any kind of interaction through ESMC is possible. I change computer name (i.e. hostname not ESMC client name though Rename computer fuction), reboot it, sync static groups in ESMC. The very same computer wth new name is displayed as computer having no agent/security product installed. Endpoint secuirty works fine, i can update it and etc. but ESMC doesnot display the fact that it's a known client and has the software installed. When I uninstall Endpoint security this computer falls back to its old name in ESMC and displays the fact that it has just the management agent installed. Complete reinstall of all ESET products solves the situation - computer has new name and is manageable from ESMC - but definitely shouldn't be default option for such situations... Question - what's the correct procedure for situation when computer changes name? How is computer name linked to security product license and its ESMC client status?
  8. I've had my Web control rules logging level set to "warning" for couple of months already but they began to appear in detections only after last ESMC update.
  9. And what exactly does "appropriate severity" mean in this situation? Logging level is set to "warning" for those rules.
  10. I have several rules blocking specific URL groups (which were created manually) in Web Control settings and user attempts to open those URLs also generate detections after last ESMC update.
  11. It is indeed annoying and not something to worry about, just informational thing. It doesn't look suitable for "threat/detection" term - if you've got an event there it means the access was definitely blocked (not like file scanning for example: found a threat - was it cleaned? removed? just detected? Such events required attention) It would be much better to move it to reports section (Web control category is missing at the moment) and create default dashboard item "Web control detections" with web control logs (which I have done myself manually). If you need it to be part of Detections, please make it optional category, not default.
×
×
  • Create New...