Ufoto

Yes, indeed this will work, thanks. The only downside is that it requires manual maintenance rather than relying on the built-in functionality. Therefore you should regularly check if a new version is released so you can amend the criteria.

Hi Marcos, I understand that this is the first time you are pushing updates this way, however I wanted to ask whether there will be a more official channel where we can track when a new version will be rolled out. Additionally, having the option to change that time frame would be ideal as in my opinion using an outdated version for nearly two months is too much. A month should be more than sufficient for any critical issues to surface.

10. How can I see on a target computer which policy is applied? When I often switch policies in a management console, how long does it take to propagate to clients? How can I verify that a policy is actually applied? You can check this by going into a system's details and then -> Configuration -> Applied Policies. Alternatively if you go to the policy catalog you can select a policy and go to its details. There you can see where it is assigned and which systems it is applied on. 11. How to use Web Control to block all internet access except a few specific websites? If you are referring to web pages, you can create a Web Control rule to block all let's say .com, .org, etc sites by using wildcards (https://help.eset.com/ees/7/en-US/idh_dialog_epfw_add_url_addr_mask.html) and then you can create exceptions. Not sure if this is the best approach, hopefully someone from ESET can provide a better idea. If you are referring to network access instead of web pages, you can use the firewall component and create the rule you desire. 12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting. There are two places where you should set up a password: In the Endpoint Security product (different for endpoints and servers - set it up in both policies) under User Interface -> Access Setup. In the Agent policy (this will protect the ESET product from uninstallation) - Under Settings -> Advanced Settings -> Setup -> Password protected setup.

Hello, I am trying to create a dynamic group which should capture all systems which have one of its products running an outdated version. I tried to create a Dynamic Group Template, however I can't find a way to use the 'Outdated version' status as a filter: I am aware that I can get such information from reports, but I really wanted to know whether it is possible to create such dynamic group as it will be much easier for me to manage. Thank you in advance!

Hi Nightowl, Yes, I am aware that the old name of the product is File Security, however I am referring to the File Server classification:

Hello, Automatically classifying servers based on their role is really useful, not only for the automatic exclusions, but also the little icon in the 'Computers' view is quite helpful. There is however something that bothers me and I couldn't find a solid explanation for. All our servers seem to be classified as 'File Server', although they are not. Are you aware what's behind this classification? For SQL servers or Exchange servers it is really easy - it probably checks whether the application is installed. However how does the product classify a file server? Is it because it has network shares? Thank you in advance!

Thank you MichalJ! I was not aware of that feature!

Hi Marcos, Yes, I found the option to import/export the configuration from the endpoint client. However I can't find a way to import this into ESET Protect Cloud in order to add the rules to a policy. Importing this configuration to hundreds of computers manually one by one is not really achievable, and even if this is done, we won't have any central visibility over these rules. Are there any plans for endpoints to report the learning mode rules to the ESET Protect Cloud where we can add them to a policy or discard them like other vendors do? Regards,

Hello, We are managing our clients via ESET Protect Cloud and we recently started to use the Firewall component of ES. It all seems fine so far, however I can see that there is a lot of rules created by the Firewall learning mode on my test devices. Since I will be keeping the majority of them I wanted to ask is there a way to export these in order to add them to my policies so this configuration can be assigned to all devices? So far the only way to do this is to sit on a dual screen computer and to open the created rules on each endpoint and then to manually create them one by one in ESET Protect Cloud. I hope you can agree that this is tedious process which takes a lot of time. I just wanted to check is there an easier way I am missing here? Thank you in advance!

I think I've made some progress, I assigned the enhanced logging policy to some test devices, and I enabled Diagnostic Logs on some of the test machines and the blocked events started to appear. Is this the best way of doing it?

Hello All, I just wanted to ask - is there an efficient way to troubleshoot Device Control and Firewall-related issue from the central console (in this case ESET Protect Cloud)? Although traffic is being blocked by the firewall we can't see any events in the console, and devices being blocked by Device Control are visible only locally. We created reports for Device Control and Firewall incidents, and although some firewall events are visible, they are only a fraction of the connections that are not working when Firewall is enabled. The firewall is set to Automatic Mode, and 'Also evaluate rules from Windows Firewall' is enabled. If this is not available in the console, is there a Firewall Activity log file locally on the endpoints? Thank you in advance!

I am glad to help, I hope you have a great day too!

You shouldn't be assigning two conflicting policies as the same level - especially the 'All' group. Indeed, if one of the policies has the lightning enabled these setting will take precedence over the other policy ,however they will be enforced to all systems in your organization. Looking at your structure, indeed the policy assigned to '_SYS' will affect all sub-groups except "NB", "WKS" where you said that you assigned the strict policy. Since this assignment is more specific, inheritance will be broken and the changed settings will take precedence. Regarding the 'IT Department' group, as far as I can see it is not a sub-group of '_SYS' so it is not related to it in any way. Systems located in the 'IT Department' group will inherit policies only from 'All'. Regards,

Hi Admindt, Yes, this will do fine. If the "IT Department" group is a sub-group of the windows clients one, you don't even need to enable the lightning. The blue dot should be sufficient. You need to make sure that you do that for all settings that should be different. As if no blue dot, or lightning is enabled, the configuration of these settings will be inherited from windows clients. Regards,

Hi Admindt, Yes, you can use the policy inheritance logic to achieve that. Since the most specific policy always takes precedence, you can assign your strict policy at the group level, and then assign the more loose policy to these specific devices. Since the latter will be more specific it will take precedence over the group assignment. Just make sure that the conflicting settings are enabled by clicking on the blue dot next to the setting. Don't use the yellow lightning for the restrictive policy as this will prevent inheritance breaking. I hope this helps. Best Regards,

Yes, there is. I found out about this from another user in the forum. You can create a dynamic group template which detects devices missing EDTD. Then create a dynamic group using it and assign a EDTD license task at this group. This way if there is a system missing EDTD it will be automatically licensed. The expression looks like this: I hope this helps.

You should be able to set up HTTP proxies at each remote location and then point them all to a single server if your network topology allows it. This way the endpoint will require only a connection to their respective HTTP proxy. Then as Marcos said, you can create static groups for each company in your on-premise ESET Protect server.

Thank you, I didn't think of it that way. I understand the limitations.

Hello, I am trying to build a Dynamic Group which will be used to target a specific group of systems which I have to manually pick. Since tags are easy way to mark such devices I expected that we can use them as expression in the Dynamic Group template builder, however this doesn't seem to be possible. Is this an intentional restriction? Are there any plans to add them in future releases? Am I missing something?

I know it is an old topic, but since there is no resolution yet, I decided to share the workaround I found. Although you can't create Report or Dynamic Group template based on missing EDTD license, you can do the opposite - create such for systems having it activated. So what I did was to create a Dynamic Group which collects all systems with applied EDTD license and then I tagged all devices inside this group with a specific tag. I did this over the course of few days in order to make sure all active systems have the tag. Then you can identify systems which don't have the tag (thus don't have EDTD activated or offline for a while) by simply ordering the systems in the 'Computers' view by Tags. I hope this helps some other struggling souls out there

Could you share your rule? You should create a block HIPS rule which affects applications and under 'Source Applications' you should set 'All Applications'. Then for application actions you should enable 'Start new application' and on the next screen you should specify the application you would like to block. The field supports multiple entries so you can have all possible locations. As far as I am aware you are missing one folder from your path. The OneDrive folders should be: C:\Users\<USERNAME>\AppData\Local\Microsoft\OneDrive\OneDrive.exe or C:\Users\<USERNAME>\AppData\Local\OneDrive\bin\OneDrive.exe I hope this helps, let us know if you manage to sort it out.

If you are seeing fewer systems in your Protect console compared to your total licenses in use, it usually means that you either licensed some devices which are not managed, or you deleted managed devices without revoking their license. In such cases you can login to your ESET Business Account and see which devices are using each license. I tend to sort them by last communication as often the ones offline for longer are some decommissioned devices we totally forgot about, but this occupy a license. In the same portal you can revoke the licenses from such devices which reduces your used license count.

Hello, I am preparing few environments for upgrade to Endpoint Security 9 and I noticed something strange. Clients running the previous version of the product (8.1.2031.0) list only 8.1.2037.2 as Latest Application Version when you click on installed applications. While clients on 8.1.2037.2 display version 9 as latest version. This makes me wonder - is there any compatibility issue I might not be aware of? Can we safely upgrade 8.1.2031 clients to version 9 directly, or do we have to upgrade them to 8.1.2037.2 first? I guess this is just a visualization problem, however I wanted to be sure before I start upgrading production environments.

Hello, While configuring AD synchronization with ESET Protect Cloud I noticed that the task for Computer Creation Collision Handling which is present in the on-premise version is missing. Thus all synchronized computers have two entries - a managed one located in the root group where the agent installer was generated from, and another unmanaged entry in the correct system location according to AD. Is there any way (except manually) to merge these entries into one, or delete the unmanaged entry and move the managed in its place? Thank you in advance!

Hello Michalj, That's odd, I just checked two different consoles (both entitled for EDTD), and this section is not there at all: Is this section something that has to be manually enabled from somewhere?