MichalJ

So, the response from the tech team is, that we are constantly doing modular changes, To be able to understand the problem in more detail, we would like to ask you to generate a dump from process according to the attached guide (if you are running Endpoint 5, please send me a private message, I will send you the mentioned configuration .xml).

Hello Marcel, I will try to get you and answer for the question 1, if there were any changes in VSDB / Protocol Filtering module, that might affect your application. Concerning your other 2 questions: for question number 2, what was disabled? Web access protection ? Protocol Filtering? Note, if you disable real-time protection, it does not affect protocol filtering in any way. to enable logging for protocol filtering, you have to: Log files > Filtered websites > Advanced setup > Tools > Diagnostics > “Enable Protocol filtering advanced logging”

Once the ERA Agent is installed next to the V5 application, it automatically changes the "server address" to "localhost" and port to "2225". Reason is simple. In case of G1 connector, it basically acts as a local ERA V5 server, listens to the V5 application, and then communicates to the V6 server via the agent. V5 applications could not communicate with V6 server directly, you always need to install ERA agent, next to the V5 application. Please note, that 2222 is the port on which the ERA agent communicates, port 2223 is the port on which the ERA webconsole should communicate to V6 server (at leats, these are the default values).

Hello, as of now, this is not possible. We are however tracking an improvement, so once a new product is connected, it will trigger a notification generation. This should be added in the future ERA versions (currently anticipated to Q4/2016 release).

Hello, First of all, you need to configure web-control rules by policy, to be done using "warning / error" verbosity. ERA handles only those types of events. Then you can create a custom report, by adding a new "report template", in which you add the "symbols" for webcontrol. Details on what symbols to choose are in the following forum post: https://forum.eset.com/topic/4036-era-v6-web-control-report/ Please note, that only log entries collected after the report creation (and replication to ERA server) are collected into the report.

Hello, We are currently tracking an improvement, to allow adding user-defined rules, even in case there are some rules enforced by ERA policy. However this requires larger changes in the product code, so I can´t comment on expected delivery date. As of now, the concept is, that once the setting is set from ERA, it becomes read-only for the user. Larger lists, are as of now handled in a way, that one list = one setting. We would like to adjust this behavior, to allow merging of policy / user rules at some level.

Hello, As of now, you can´t configure product in a way, that it will automatically re-enable some feature after being inactive for some time. We are tracking an improvement, to allow remotely switching on / off of the protection features (from ESET Remote Administrator).

Was the scan triggered with "ASAP" trigger or scheduled trigger? If ASAP, that is a correct behavior - task will execute the moment it reaches the endpoint (when opened). Hope that this helps. @bbahes - we will track it as an improvement request

Hello, No, this is not possible. Once the task is started, ERA is unable to stop it. I am not sure I get your question here. regardless the last failure / success, it would start next time normally (it would trigger as scheduled)

More granular errors are one of the improvements we are going to do for future releases of our products.

Hello Katbert, Adding root certificates to Windows Store is considered as a potential security issue, and we do not want to do that without administrator knowing us doing it (it happened many times in the past, that some 3rd party certification authority has issued a certificate for a domain of a specific company, which was subsequently misused). Concerning the possible problems (also for other users searching for this topic): When a certificate is not trusted (in internet explorer), it means that: support for sha256 is missing (XP/Windows Server 2003)https://blogs.technet.microsoft.com/pki/2010/09/30/sha2-and-windows/ https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO25586 *Windows servers may require the following patch 938397. If using XP to connect the to the server the following patch may also be required 968730. For more information regarding SHA2 and Windows from Microsoft. Additionally for SHA256 connections to be made, TLS1.2 may need to be enabled on the system. https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO25585 another known problem is, when client has forbidden TLS 1.0 and client does not have support for TLS1.1 / TLS 1.2 (edf.eset.com supports only TLS, as others are considered insecure) last issue might be, how Windows updates are distributed. If access to ctdl.windowsupdate.com is blocked, however WSUS does not distribute actual list of trusted roots to clients. Or inccorect configuration of Public Key Policies is present on clients. We are working on improving the activation mechanism for the future versions to be less dependent on updated Windows OS, however the best practice would be to have all certs updated on the machines.

No, however there is already a requirement in place for the time based blocking for WebControl in ESET Endpoint Security. We expect adding it in some future version (however, this is not added yet). The same option is currently absent also for parental control functionality in ESET Smart Security.

Yes, as mentioned in my previous post, this will be changed in the next release of ESET Remote Administrator. It will be possible to generate a pre-configured installer, with a target group.

You have to configure your scanning profile, and adjust cleaning level to "strict cleaning". Default value is "normal cleaning", when it might happen that program locally asks what to do with certain files.

That trigger is not greyed out in case, you have selected a specific dynamic group as a target of such task. In this case, it will trigger when the computer joins the dynamic group, based on the DG criteria (this is evaluated on client, not on the server).

No, as of now, this is not possible. In both cases (using scheduler, or using ERA agent to trigger the scan), the scan is executed with local system privileges, so you need and administrator password to stop it. What problem are you trying to solve, by allowing users manually pause / stop the scan?

Basically, you should uninstall the MDMCore completely, and at the end check "remove database". Then you should install the newest version of MDMCore (version 6.3*) which includes a lot of internal improvements (I assume, that installed version is older). If you want to have more information / steps how to try to resolve the issue you are experiencing, you should open a support ticket.

Hello, this is not possible. What I would recommend, is to use a different certificate for this client, and then create a specific dynamic group, where all of this computers will be listed once they connect to ERA. Then, you can move the computer to the corresponding static group manually. However, we are going to change this behavior, and in ERA 6.3.50 (next release, to be released this summer) it will be possible to specify a target group, when creating ERA Agent installer.

Just FYI, this behavior is going to change in the next release. Once ESET Endpoint Antivirus / Security is installed, ERA Agent will stop reporting this as the interval when it searches is de-synced compared to the Endpoint on. What you need to do, is to manually restart era-agent service (manually restart the computer) to force agent to re-sync this information (which I assume is not acceptable).

Push install won´t work in this case. What you will be able to do, is to export the agent live installers, or create MST.files, that you can distribute using GPO, or some other tool. For the next release of ERA, we are preparing a new option, that will allow you to generate a pre-configured installer combining agent + Endpoint, which one when installed will connect to a target ERA server. Standalone push-install utility is in the works as well, however without a target release date (as it will be a standalone tool it might be released anytime, when finished). That would be a valid solution for this use-case.

Ok, if I understand this correctly, your active directory structure does not copy the location structure, is that correct? If this is not the case, and you have it done by location, then it should not be a problem. Basically you will periodically run the AD sync task and ERA will make sure, that correct computers are in correct groups. Even if a new computer is added to a corresponding AD group, it will be synced to ERA. In ERA, device can be a member of only ONE static group at a time. Meaning, if it synced from AD, you can´t keep it there, and at the same time has in the other static group (per my advice above). Other solution I have in mind for you, is to have location-based dynamic groups, based on the peer certificates. Meaning, if agent is using a specific certificate, it will fall into the particular dynamic group. You will have to create multiple agent certificates, based on locations, and apply them to agents via policies. Also use those certs upon agent installation on computers. You can then use those dynamic groups as filters for reports.

Basically, what you can do, for dashboards / groups, you can create a structure in the way: Location 1 (static group) - desktops (static group) - servers (static group) - whatever... (static group) Location 2 (static group) - desktops (static group) - servers (static group) - whatever... (static group) When creating users, you can grant them access to a specific static group. This will filter their view in "Computers" to only selected sub-tree (Admin 1 = Location 1, Admin 2 = Location 2). All dashboards will be filtered to that view as well. You can still have "root" administrator, that has access to all groups. If this is not working for your case, and you want to filter just the dashboards, you need to duplicate report templates for each one of the users, and you have to define "filter" to each by the selected static group. So you will have general dashboard, and dashboard for user 1 and dashboard for user 2.

Hello, what you need to do, is to adjust the threat-sense parameters for On-Demand (selected scanning profile) and On-access (Real-Time file system protection) to "strict cleaning" as on the picture below.

Can you please provide the exported policy (from ERA) which sets the scans which are not working, and also exported configuration from the client you have? As an alternative, I would suggest that you won´t use scheduler and policy, (as in the case of V5) rather use create new Client Task in ERA (Admin / Client Task / New / Security Product / On Demand Scan) and enter the parameters (targets / triggers) after you create such task. You will be able to monitor executions in ERA web console.

In case you have used IE or Microsoft Edge browsers, there is an issue with older certificates used to sign the installers, which are no longer accepted by Microsoft. You should use other browser, and there won´t be any issue. We will fix this upon the next service release.