MichalJ

Hello, FreeBSD is not officially tested and supported for ESET Remote Administrator agent. For list of compatible systems please check: hxxp://help.eset.com/era_install/64/en-US/index.html?linux.htm

Hello, was this anyhow communicate with ESET Support? (could you send me your respective ticket numbers?) I have briefly consulted your issues with developers, and what they have suggested is, to analyze your database, if you are willing to provide it & ideally alongside some screenshots (logs from the affected computers) of what should be reported, but is not (computer that is installed, and connecting, but not visible in Remote Administrator). Are you sure, that the computer was not renamed (task that is executed automatically over lost & found), or it is placed in a different group. Have you used search, or you were using filters by the means of dynamic groups (for the mac computers)? Also, when you have tried to troubleshoot, have you tried to remove the agent completely (uninstall, and install again) or you was always doing repairs? Does it appear as a new computer after re-install? You can contact me via private message, in case you will have any other inputs / or details.

Configuration module update should be done automatically by ERA agent (it has default configuration, that tries to update its modules regularly). You can configure the update server / interval, in ERA Agent policy. It might be possible, that ERA agent is not able to update (for example, if you are updating from the mirror server, or via proxy, and you have not configured the proxy in the ERA agent policy settings).

Hello Staj, what tools / products / services, are you using for the forensic analysis? And what is the desired output of such? As of now, setting like you want is not possible within Endpoint products. If you set it to "NO Cleaning" it will display an interactive window, that will ask user for action, which might not be what you want. It is not possible to configure "action to take, when cleaning not possible / done" like in case of Mail Security products (for processed mails). So to understand you, even when the file has been cleaned / deleted, you still expect the option to put a "copy" of the file, to the quarantine, right?

Hello, just to let you know, there is an open task with Endpoint Documentation team, for properly documenting SCCM deployment method for the Endpoint. I will let you know, once published.

Could you please export the policies from your ERA, and send them to me via a private message? We will try to take a look internally to determine the cause. It might be related to changes in "Configuration Module". Please also provide me with the information about the currently used version of the "Configuration Module".

Hello, ESET Remote Administrator will be only available in the form of the Azure-based image (it is available like this, since the version 6.3). It will be possible to update any Azure appliance to 6.5 + we will republish the package some time after the release. More details about azure VM: https://azure.microsoft.com/en-us/marketplace/partners/eset/eset-remote-administrator/ It is not possible to share further details (as the project is in development), but during 2017 we will release first beta, and then (according to the current road-map) also general availability of ESET Cloud Administrator, which will be the new, cloud-based version of ERA.

As a workaround, you can theoretically not do a notification, but instead create a report, showing clients in the dynamic group of your choice (Windows Computers, for example). So create a report template, showing a computers in a dynamic group (first). Then "schedule" a generate report task (in server tasks) triggered by "dynamic group content change", so you will receive the report, in the format of your choice, every time clients are changed. This should be used as a workaround.

You can do it, by the means of adding the desired DG into the filter of the report. This is an example of how to configure such report.

If you are using ESET Endpoint Antivirus, there is currently no way, how to achieve monitoring of blocked webpages by ESET Endpoint Antivirus. The report template shown by me, works only for ESET Endpoint Security, as that only uses the Webcontrol functionality. ESET Endpoint Antivirus does not have Webcontrol in it. Concerning the question about the different UI, I am using ERA 6.5 in my testing environment. This version is not yet generally available, but we are preparing for the release in the early Q1/2017 (by the end of January). About adding pictures, you can click on "More reply options" in the footer of your response, browse for a file by clicking "browse" and then attaching the file and publishing reply.

We are working on changing the notifications engine for either 6.5, or next release (it is still in the works, and not confirmed for 6.6). This feature will be then included, but is not available as of now.

Hello, You should login with your security admin credentials to ESET License Administrator, locate the "seats" that have not connected in last 30 days (for example), in "unit management section" and deactivate them from there.

Yes, that is correct. ERA 6.5 will be shared with ESET partners just before Christmas, with planned release by the end of January 2017.

When using ESET Endpoint Antivirus, there is no way, how to report access to all pages. Blocked webpages list won't be a solution, also diagnostic logging would not help, as ERA won't collect them (they are in intended for troubleshooting).

Couple of useful examples are in our documentation: hxxp://help.eset.com/era_admin/64/en-US/index.html?dynamic_group_examlpes.htm

Logging severity of the rule has to be set to "warning" not "always". I am not sure, if you can use wildcards for the URLs, I would recommend using "cathegory based" rule, where all URL groups are set. Screenshots attached. Then configure report like this (attached). PS: Such webcontrol report could generate excessive loads of data, as one page visit could log in multple (tens) of entries, which might significantly impact ERA server performance (!)

For such specific issues, I do recommend to contact your local ESET representative. This is not an official support forum / ticketing system. It is a community, where sometimes ESET employees are able to help. If the root cause of the problem requires more time to analyze you should use the standard support channels.

Try to reactivate first, if it won't work try to remove it (settings will be still applied, but not "locked" on the client) andthen reactivate. That should help.

It looks to me, that the policy was made using exported configuration from the older version of File Security (6.2/6.3) which had a bug, that it also contained the license infirmation, which was used for updating the program modules since then. The license is now no longer valid, so updating does not work. What should help, is either removing the policy and reactivating, or upgrading to the newest (6.4) build of File Security and activating again, ad the issue is no longer present in 6.4.

ERA 6.5 will be released in January (expected),this feature will be available then, it is not available as of now.

Answer to your question is: Partially - ESET has web control, which can be configured in a way, that you configure a Web Control rule for a category group that will include all sub-categories, Rule will be set to "log" and will have a severity set to warning. You can then create a report template in ERA V6. Details are listed here: hxxp://support.eset.sk/kb6043/?viewlocale=en_US What you should do in this case is to create a report with "group by URL" and then "row count" which will show you the number of visits per each URL. What you can then do, you can limit this to specific group of computers (filter by) or by TOP hits, and sort by the count descending. Report template columns configuration is in the attached screenshot. Please note, that WebControl is working in a way, that per one URL it creates more log entries, as it traces all of the sub-links, favicon, or subpages. The problem is, that per one visit, it can create 10s of entries, so the reporting will not be accurate. No, this is not possible. However, ESET offer a technology alliance partner product Safetica, which does have this functionality (productivity reports). Details are here: https://www.eset.com/int/business/endpoint-security/data-loss-prevention/

It should be fixed as of now. We are sorry for the inconvenience.

Hello, I have checked the status of your license. In our licensing system, everything looks OK, so I have forwarded the issue to the team responsible, they should be able to fix the problems, hopefully soon.

What version of ESET file security you are using? I would suggest upgrading to the latest version available and then reactivating.

I have read your post, but I am not sure I am getting it right. So I will try to summarize: You have updated ERA components (agents / server / webconsole) to version 6.4 (from version 6.3) You have updated ESET Endpoint Antivirus from version 6.3.2016 to 6.4.2014 You have updated ESET File Security from version (?) to version 6.4.12002.1 Your network was set-up in a way, that ESET File Security 6.x was used to create a mirror (set by ERA policy ? Or set locally?), and all of your Endpoints were updating from this mirror server (hostname / IP address was set as the "update server address" in the policy for ESET Endpoint Antivirus) What I need to understand is: When your ERA V6 was installed, did you "check" the option to install Apache HTTP proxy, that could be used for caching of the updates (it is an alternative to the old mirror server, that also allows communication with ESET LiveGrid, and licensing servers). If this was checked, and installed there are policies configured to "HTTP Proxy Usage" created in your Remote Administrator "Policies" section). If not, it is not related to Apache HTTP Proxy. If yes, the mirror is "redundant" if your network was configured properly