Jump to content

MichalJ

ESET Staff
  • Content Count

    1,832
  • Joined

  • Days Won

    57

Everything posted by MichalJ

  1. Hello @PReid You can create a dynamic group with specified condition for entry based on the installed app, or create a report which will include both "application name" and "computer name".
  2. Hello, If you are using the old ESMC 7.0 VA, it uses the Samba/Winbind to synchronize domain groups. It´s possible that this part is not correctly synced with AD. You can execute a command "wbinfo", if the user is corrently referenced in the domain: wbinfo --user-domgroups <username SID>”. This command will return the SIDs of groups where the user belongs. If it returns the old list, problem will be here. In the upcoming ESMC 7.1 (to be released in mid-November), we have adjusted the way how domain users are authenticated, where Samba/Winbind will no longer be used. That would be the recommended solution. Regards, Michal
  3. I would recommend to contact customer care. They might be able to help you with your request. I would try "re-provisioning" of the user.
  4. @Bill Lyons As of now, there are still two "mixed" concepts in ESMC. And that´s Resolved/Unresolved threats, and "Active" threats. I would recommend to not use the "active threats" for the dynamic group creation, as that works only for the AV related detection type, therefore the "count" of computers in that group would not match up (would be smaller as other detection techniques are not counted as "matching criterion". The count of "unresolved" detections column in "computers" pane should reflect the filtered view of "threats" pane for a particular computer. You can verify by going to "computer details", where there is a tab called "Threats". Only threats reported by "Antivirus" are being "marked as resolved" automatically, the other ones, regardless if they were blocked or not, are not automatically resolved. As stated in the post above, this is something to be eventually changed, but intention of "showing them" is that they might indicate some problem, that should be checked by the security staff. resolving of threats on a computer by running a scan (that covers path of that particular threat) works only for AV detection type reported threats. To clear content of the "active threats" DG, you have to execute an in-depth scan, with strict cleaning enabled, covering "all disks".
  5. @CCross I would try to respond to your question: No, the "auto resolving" applies currently only for detections reported by "antivirus" module. Detections by firewall / hips / and other modules needs to resolved manually. We are tracking improvement for it (internal reference "IDEA-872") It´s not currently possible to track ones that were "resolved automatically" and "resolved manually". Such functionality is currently available only inside our EDR product, Enterprise Inspector. We are as well tracking improvements for both adding the field about who did it (P_ESMC-13329), and also more complex incident workflow management. (IDEA-663) Regards, Michal
  6. Have you modified permission sets for default Administrator account?
  7. The best thing would be to do it via a ticket. But as you stated that customer care has issues with troubleshooting, I would include @MartinK to this topic. Me personally won´t be able to help you, but he might be the right one to at least outline some potential course of action.
  8. MDM Core is activated (although it does not consume license seat, activation is done only for the purpose of getting the valid update credentials for receiving module updates). Each mobile device needs to be activated separately, using the "product activation task" targeted towards the particular mobile device entry.
  9. This table is "filled in" only after the first successful login of each of the group members. When you login, do you login in the format DOMAIN\user.name and make sure that the checkbox "login to domain" is selected? If yes we will need a trace-log from the unsuccessful domain login attempt.
  10. @GrantMG If you have a "dead seat", you can remove it using either ESET Lciense Administrator or ESET Business account. Just search for a particular computer in the list (you can sort by the last connected time). The same functionality is available for home products, inside my.eset.com portal.
  11. No, this option is not possible, and not planned to be added. In general, the "VSDB version" is a bit of a "legacy", Currently, where majority of detections are coming via ESET Live Grid cloud reputation system, or by other behavior based modules, info about your virus signatures lost its relevancy. Also, Endpoints do have more than 20 modules in them, which means that just info about VSDB (detection engine) would not tell you whether the client really is updated. If you want to be alerted, you can configure Endpoint setting to trigger red status when modules have not been updated in longer time frame than a day. Also, the information could be added to a dedicated report template, that you can put on dashboard + you can see it in "client details".
  12. @Mindflux You are right. If you have not selected the setting during VA setup, setting in server settings won´t enable it. You have following options: Install HTTP proxy on a dedicated windows box, ideally using all in one isntaller Add it to the VA. AFAIK this steps should work: https://help.eset.com/era_deploy_va/65/en-US/enable_apache_http_proxy.html
  13. If you will update to ESMC V7, you will have the option to use "precise date filter", that was added in ESMC V7. There were also several performance improvements done, that should make it a bit better. If I read correctly, you have 18+ million (!) threats reported, which might indicate some more serious misconfigurations. How many clients you have connected to your ESMC server?
  14. maybe @MartinK can then comment, as I am out of any ideas.
  15. When you click on "client details" of the "domain-server", what is listed as the "FQDN" ? AFAIK FQDN is displayed in generated reports. You can execute "rename computers" server task, that will update the computer listing name to "FQDN".
  16. What might be a problem is, that there might be a pending feature update. I am not sure, if those could be installed using standard commands.
  17. What do you mean, that the server name is not correct? Can you post some details, like a screenshot of generated report, and the name of the server where ESMC is running?
  18. No, in this case, the pack actually means 5 devices of the type "desktop" (Windows / Mac / Linux), 5 devices of type "mobile" (Android / iOS) and 1 device of type "server". So in general you can protect up to 11 devices. And yes, you can easily protect multiple locations, there is no limitation in this.
  19. @OllyOrc sorry for the confusion. What was the previously installed version of EFSW? That was my original question.
  20. As far as I know, those three errors in ESMC are displayed in case, when the "protocol filtering" component is disabled, or not working properly. What is the version of the operating system, and what is the version of the Endpoint program? That would help to identify the root cause (along the logs that Marcos requested).
  21. @j-gray Post has been published on forum just one hour later after your question:
  22. AFAIK, Change of the ports & MDMCore hostname can be only made by re-installation of the Mobile Device Connector component.
  23. @OllyOrc You have not specified whether the ESET File Security is being updated from version 6.5 & older or version 4.5.x You can theoretically affect the "initial scan", by modifying the policy and assigning it to the machine before (initial scan setting switch to off). Initial scan setting applies only for version 6.6 & newer, which means also V7. Also, I am not an EFSW expert, but there is a command line switch to disable the "first scan" listed here: https://help.eset.com/efsw/7.1/en-US/installation_cmd.html
  24. @m.gospodinov That was exactly the recommendation I wanted to give. Please note that you can also play a bit with the dashboards, make the "table view" displayed as default, and also when you edit the report template you can edit the "top 10" setting, so if you have more than 10 different problems you can list them all (that depends on size of your network mostly).
×
×
  • Create New...