Jump to content

MichalJ

ESET Staff
  • Content Count

    1,830
  • Joined

  • Days Won

    57

MichalJ last won the day on October 7

MichalJ had the most liked content!

Profile Information

  • Gender
    Male
  • Location
    Slovakia
  • Interests
    customer problems, but besides that cycling, architecture, and everything that rides, flies or floats (transportation industry)

Recent Profile Visitors

5,616 profile views
  1. I would recommend to contact customer care. They might be able to help you with your request. I would try "re-provisioning" of the user.
  2. @Bill Lyons As of now, there are still two "mixed" concepts in ESMC. And that´s Resolved/Unresolved threats, and "Active" threats. I would recommend to not use the "active threats" for the dynamic group creation, as that works only for the AV related detection type, therefore the "count" of computers in that group would not match up (would be smaller as other detection techniques are not counted as "matching criterion". The count of "unresolved" detections column in "computers" pane should reflect the filtered view of "threats" pane for a particular computer. You can verify by going to "computer details", where there is a tab called "Threats". Only threats reported by "Antivirus" are being "marked as resolved" automatically, the other ones, regardless if they were blocked or not, are not automatically resolved. As stated in the post above, this is something to be eventually changed, but intention of "showing them" is that they might indicate some problem, that should be checked by the security staff. resolving of threats on a computer by running a scan (that covers path of that particular threat) works only for AV detection type reported threats. To clear content of the "active threats" DG, you have to execute an in-depth scan, with strict cleaning enabled, covering "all disks".
  3. @CCross I would try to respond to your question: No, the "auto resolving" applies currently only for detections reported by "antivirus" module. Detections by firewall / hips / and other modules needs to resolved manually. We are tracking improvement for it (internal reference "IDEA-872") It´s not currently possible to track ones that were "resolved automatically" and "resolved manually". Such functionality is currently available only inside our EDR product, Enterprise Inspector. We are as well tracking improvements for both adding the field about who did it (P_ESMC-13329), and also more complex incident workflow management. (IDEA-663) Regards, Michal
  4. Have you modified permission sets for default Administrator account?
  5. The best thing would be to do it via a ticket. But as you stated that customer care has issues with troubleshooting, I would include @MartinK to this topic. Me personally won´t be able to help you, but he might be the right one to at least outline some potential course of action.
  6. MDM Core is activated (although it does not consume license seat, activation is done only for the purpose of getting the valid update credentials for receiving module updates). Each mobile device needs to be activated separately, using the "product activation task" targeted towards the particular mobile device entry.
  7. This table is "filled in" only after the first successful login of each of the group members. When you login, do you login in the format DOMAIN\user.name and make sure that the checkbox "login to domain" is selected? If yes we will need a trace-log from the unsuccessful domain login attempt.
  8. @GrantMG If you have a "dead seat", you can remove it using either ESET Lciense Administrator or ESET Business account. Just search for a particular computer in the list (you can sort by the last connected time). The same functionality is available for home products, inside my.eset.com portal.
  9. No, this option is not possible, and not planned to be added. In general, the "VSDB version" is a bit of a "legacy", Currently, where majority of detections are coming via ESET Live Grid cloud reputation system, or by other behavior based modules, info about your virus signatures lost its relevancy. Also, Endpoints do have more than 20 modules in them, which means that just info about VSDB (detection engine) would not tell you whether the client really is updated. If you want to be alerted, you can configure Endpoint setting to trigger red status when modules have not been updated in longer time frame than a day. Also, the information could be added to a dedicated report template, that you can put on dashboard + you can see it in "client details".
  10. @Mindflux You are right. If you have not selected the setting during VA setup, setting in server settings won´t enable it. You have following options: Install HTTP proxy on a dedicated windows box, ideally using all in one isntaller Add it to the VA. AFAIK this steps should work: https://help.eset.com/era_deploy_va/65/en-US/enable_apache_http_proxy.html
  11. If you will update to ESMC V7, you will have the option to use "precise date filter", that was added in ESMC V7. There were also several performance improvements done, that should make it a bit better. If I read correctly, you have 18+ million (!) threats reported, which might indicate some more serious misconfigurations. How many clients you have connected to your ESMC server?
  12. maybe @MartinK can then comment, as I am out of any ideas.
  13. When you click on "client details" of the "domain-server", what is listed as the "FQDN" ? AFAIK FQDN is displayed in generated reports. You can execute "rename computers" server task, that will update the computer listing name to "FQDN".
  14. What might be a problem is, that there might be a pending feature update. I am not sure, if those could be installed using standard commands.
×
×
  • Create New...