MichalJ

You have to contact your local ESET sales representative, so they can check the status of your license. You can also PM me your public license ID, so I can check your license status.

Can you export the not-working report template? I was trying to replicate it, but i my case it worked as expected. Also please export the endpoint and agent policies that are applied on the machines. You can send me them via private message. Also, what are your ERA server settings? Is everything else working OK? Are endpoints communicating with server?

Can you please specify the exact version number of your application (located in help&support section of your GUI)

Hello, this is a bug, that will be fixed in the next release.

Hello. Yes, it can.

What license have you used? Have you also tried local activation on the client? What was the error code? You can PM me your public license ID (xxx-xxx-xxx). Also please report which product (name & version) you were trying to activate.

Policy for "Security product for windows" applies for both Endpoint Antivirus and Endpoint Security. However, not all features are includes in Endpoint Antivirus, so we need to understand which settings you are using (maybe paste here a screenshot of the created policy). Ideally, you apply such policy to a group, where all of your terminals are located.

There are two ways, how to block URLs. By the means of "webcontrol" which is available only in Endpoint security, and by the means of "Web Acess Protection" which has its url management. This is available also for Endpoint Antivirus. Check: hxxp://help.eset.com/eea/6/en-US/index.html?idh_config_epfw_scan_main_page.htm

Basically the answer is yes. In some cases, clients might have a problem with updates, and this information will tell you that.

The only way is to specify exclusions in general, for both "on-access" and "on-demand" scanners. We do not currently support specification of different exclusions for different scanners. Exclusions are set in "Antivirus / Exclusions / Paths excluded from scanning". Also, policy will not start a scan. Policy can only schedule a scan. What could help you is to create a "on-demand computer scan" task, which will be triggered by "joined dynamic group trigger", in the group you want to use. However, the exclusion policy, needs to be defined by policies, and only for the Endpoint as a whole. Please note, that even if you apply a different policy to the dynamic group, with the exclusions set, the task will start before the policy get applied (that´s the internal mechanism of ERA agent as of now). We are planning to change this behavior, but this change won´t be done in the next release (6.5).

Hello, you should use the following DG template conditions (in "contains" field, enter your "domain.suffix").

Can you let us know here your versions (endpoint, agent, webconsole & server)? We will try to replicate the issue in-house. Thank you.

Maybe one important thing to add is, that ERA agent will start reporting the rule hits after rules were created (as mentioned in the KB article), and corresponding report template was created on ERA server and replicated to agents (agents have connected to ERA server at least once since template creations). Entries logged on Endpoint before this won't be transferred to ERA. Steps described in the KB article should be working (they worked for me before), so there might be a specific isdue in your setup / configuration. When opening ticket, please report your ERA version (console / server, as located in "about"), together with ERA agent and Endpoint Security version (as shownd in client details / installed applications). Ticket needs to be first handled over by your local distributor & office to HQ support and then to devs. This usually takes up to couple of days.

Hello, it depends if ERA agent is installed (computer is managed) or no (unmanaged). Umanaged computers could be filtered in Computers tab by clicking the "unmanaged" filter icon in the top filter (4 buttons, unmanaged is the "O" icon. To find machines without any product installed you have to use dynamic group template condition "managed product mask" with expression "not in" and choose all options except ERA agent. Detailed instructions are in the ERA documentation: hxxp://help.eset.com/era_admin/64/en-US/index.html?dynamic_group_examlpes.htm Hope that this heps.

As of now, the only way is to check it locally on the machine. Navigate to : C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs to see it.

Was it a clean installation or an upgrade from previous version? What is the operating system used?

Hello, there are basically two things in your post, that needs to be addressed: We will change the webcontrol configuration dialogs in the version 6.5 in a way, that it will be able to select also security groups from AD (not only users) and that after confirming, you won´t see "SID" but instead a user name. Till version 6.4 it was by design, but we are going to change it soon (6.5 is scheduled to be released in late January 2017). Concerning getting the WebControl reports into ERA, you can create a webcontrol report, however in order to show any data, the logging verbosity of your rules needs to be configured to "warning" severity, so ERA agent will overtake the logs from the Endpoint, and report it back to ERA. Just out of curiosity, what is problem you are trying to solve, by getting the webcontrol logs / reports in your ERA console?

We are planning to do it, but not in 6.5. Currently anticipated timeline is during 2017.

Please post your questions in english, as that is the official forum language. Thank you.

You can you use the "joined dynamic group trigger" only in case, when your target is actually the dynamic group. Maybe this was the problem in your case. PS: Together with ERA 6.5 release, we will also publish a standalone "push deployment tool" that will allow remote push installation of the all-in-one installers. But I will still recommend using a GPO/SCCM or the live installers method for agent deployment and then standalone task for Endpoint installation. Also, please note, that the Endpoint will report "not activated" red status, till not activated.

ERA allows you to run command, however it does not allow automatic execution of another task afterwards (chaining of tasks). This is planned for next ERA release (not 6.5).

No, it is not possible to use wildcards in the path. We are tracking this as an improvement, however it won´t be done in Endpoint 6.5

Hello xola, the short answer is : Not at the moment. For ESET Endpoint Security / Antivirus 6.5, there will be the option to configure "override mode" access. However, it still won´t be able to specify local exclusions. It will work in a way, that for the duration of the "override mode" it will make all of the settings "unlocked", and after it ends, it will apply back the settings set by policy. Best practice scenario would be to test the local exclusions, and then notify the administrator, to add them to the policy for your client. In ERA 6.5 it would be also possible to "append" granular exclusions on top of other exclusion lists from other policies (basically merge multiple exclusion lists). For what reason you would like to grant your users to have the ability to define exclusions? As wrongly set exclusions might make the entire security product ineffective.

Also, please let us know the version of ERA you have installed (in "about" section in the left menu) + also the method you have used (all in one on Windows, appliance, etc). Also, if the server is a physical machine or a VM. Please, also confirm, if this was a migration from previous ERA (endpoints), and if you have checked the option to install apache http proxy (you can see it enabled in server settings, and there are policies named "http proxy usage" assigned to group "all"). Answering those questions will help us to understand your problems.

In this case the SCEP does not support "agent supports uninstall" meaning ERA agent won't be able to uninstall it this way. In this case the AV remover is the only option.