Jump to content

MichalJ

ESET Staff
  • Posts

    2,217
  • Joined

  • Days Won

    65

Kudos

  1. Upvote
    MichalJ gave kudos to MartinK in Update Agent Version   
    This seems to be an common misunderstanding and we should probably improve communication to users so that it is clear.

    In case of components upgrade task, you are actually selecting version of ESET PROTECT Server component, that you can actually upgrade to. In other words, in case your infrastructure is based on ESET PROTECT Server for Windows, you will be offered only the same or later version for the same platform. This version is later used for selection of compatible AGENT installers. So for example, as you have selected version 8.1.1223.0 as compatibility version, when this task is executed on macOS device, ESET repository is searched for latest AGENT version for macOS, that is compatible with ESET PROTECT 8.1.1223.0. which is currently version 8.1.3215.0. So the most confusing part is that you are actually not selecting version of AGENT to be installed, but just reference version used for compatibility.
     
  2. Upvote
    MichalJ received kudos from j-gray in Adding Enterprise Inspector   
    Hello @j-gray, I will try to help.
    Our EDR works in a way, that it requires a separate server with a separate console, however the "EDR console" is inteded only for incident investigation. Management / deployment / activation still happens in ESET PROTECT.
    So given the fact that you have already deployed ESET PROTECT environment, those are the steps needed: 
    Install ESET Enterprise Inspector on a dedicated machine. You will have to connect it to your ESET PROTECT, as it uses single sign on between those two, and ESET PROTECT is the one that is also managing user access rights. On this machine, also install ESET PROTECT Agent (you will need it, for future updates).  EEI server needs to be installed manually, you can´t do it from EP Server (not the first time).  Once your EEI Server is installed and running, you can proceed with installation of a component called "EEI Agent". Even though it is named "agent" it is a very small binary, that just sends the detection metadata gathered by our Endpoints (Endpoint is the "AGENT" per se) to the EEI Server, where the detection logic resides.  You will have to specify the EEI server connection details into the policy for EEI agent, that you can assign to group all (they will connect). Also, you will have to activate EEI Agent (If you have the latest version of ESET PROTECT, there is a context menu option called "deploy EEI Agent", that will do the trick for you).  Once you have your environment setup, EEI detections will appear also in ESET PROTECT. From there, you can easily navigate to details of each detection. You can also access the EEI UI directly, if you are interested in just the EDR functionality. 
    Hope that this helps.
    Michal 
     
  3. Upvote
    MichalJ gave kudos to DonaldDucko in Future changes to ESET Security Management Center / ESET Remote Administrator   
    In the reports data section, could we please get remaining free space for individual storage drives? In percent of total drive space would be best, and it would need to be per drive, instead of combined.
    Thank you in advance!
     
  4. Upvote
    MichalJ gave kudos to dmaasland in Block ransomware behavior automatically   
    You can add an action to a rule. If you want to edit a built-in rule, duplicate it first. Then, add the desired action to it:
     
     
    The action you're looking for would be "BlockProcessExecutable" or "CleanAndBlockProcessExecutable". Check out page 6 in the EEI rule guide: https://help.eset.com/tools/eei/eei_rules_guide_1.6.pdf
     
    Don't forget to also specify the "TriggerDetection". This is the default action if no action is specified, but gets overwritten as soon as you specify your custom action. This causes the rule to not create a detection but only block the executable if you don't add that action as well.
  5. Upvote
    MichalJ gave kudos to Marcos in ESA+CISCO ISE   
    ESA RADIUS supports PAP and MS-CHAPv2 (both can be found mentioned in following article: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_net_acc_flows.html#wp1134831)

    It should work if the product supports authentication using external RADIUS server using PAP or MS-CHAPv2. In the past we had customers who used Cisco products including Cisco ISE.
    We have RADIUS integration manuals for some Cisco products :
    https://support.eset.com/en/kb3473
    https://support.eset.com/en/kb3481
     
  6. Upvote
    MichalJ gave kudos to Marcos in Eset Full Disk Encryption   
    Are you referring to the errors in the log or is there an error reported in gui? The resolution of the screen shot of gui is too small to be able to read the text.
    The errors in the log mean that ESET's EDF servers were inaccessible. Please read https://support.eset.com/en/kb332 for a list of IP addresses and ports that must be allowed for specific functionalities to work.
     
  7. Upvote
    MichalJ received kudos from igi008 in Security product configuration - Select Multiples   
    Hello @endpointandcats
    You do not have to select the configuration during the installer creation. You can simply assign all of the relevant "policy templates" (or custom made policies) to group all (or any group or even an individual computer), which means that the resulting configuration would be created as a merge of those policies. 
    Alternatively, you can create your own custom template, where you configure the product as you want, and then you choose this template during the installer creation process. 
    Please note, that there is a difference between a configuration and policy. Configuration sets the values to the desired state, but does not lock them on the client (if the local user has admin rights, he can change the settings). Policy on the other hand, if setting has "apply/force" flags set, would lock the setting, and prevent it from being edited. 
    Hope that this helps.
    Michal
  8. Upvote
    MichalJ gave kudos to Marcos in ESET Enterprise Inspector version 1.6.1716 has been released   
    Release date: June 1, 2021
    ESET Enterprise Inspector 1.6.1716 has been released.
    The installer is now available for download from the download page.
    Changelog:
    Added: Granular User Access rights (permission sets in ESET PROTECT)
    Added: Incidents view
    Added: Remote Connection method
    Added: Reduction of “Detection overload”:
    Learning mode
    Protection against noisy Rules
    Default Exclusions suggestions
    Profile based configuration in installer to setup the product for various user types
    Choice of 3 preset Profiles
    Choice of Rules to enable based on four Severity levels
    Choice of Data collection options
    Choice of Data retention periods
    Change of default views
    Improved: Database improvements:
    Event Filters created automatically for noisy Computers
    DB Purge process improvement
    Display estimated DB required space on Dashboard
    Warning for sub-optimal DB configuration
    Warning in case of insufficient space
    Improved: User Interface improvements
    Notifications view
    Improved Details view
    Filtering in Raw Events view
    Categorization for Rules
    Display PEDrop module hash in UI
    Improved: Detection capabilities improvements
    Ability to detect login brute-force
    Ability to detect misuse of trusted DLLs
    Ability to monitor discovery techniques using WMI GetObject method
    Re-evaluation of Rules severity values (based on latest telemetry statistics)
    Change of Ruleset to reflect compromised flag
    Improved: REST API improvements
    Ability to disable/enable Rules
    Ability to create/manage Exclusions
    Ability to trigger Network Isolation
    Added Trigger Event for Detections
    Ability to upload a list of hashes to be blocked
    Ability to update Computer state
    Other improvements:
    Ease of deployment – All-in-one installer with EI Agent (ESET PROTECT 8.1 required)
    Performance and scaling improvements
     
    Known Issues:
    As of version 1.6, we are introducing a new feature, "Optional Rules". There is a separate group of rules that are not enabled by default, yet they are installed by the installer but in a disabled state. Users can decide for these rules if they suit their environment and enable them manually.
    Having this feature, we have decided to move some of the existing rules to the "Optional" category. It means some of the existing rules enabled in your environment may, after the installation, become disabled because they are updated with the new version of the rule, which is optional now. Please check disabled rules after the upgrade from previous versions if some of the rules you want to have enabled were not disabled by this mechanism.
    Support Resources:
    Online Help (user guide): ESET Enterprise Inspector
  9. Upvote
    MichalJ received kudos from Gintaras P in WEB filtering for Android devices enrolled via MDM   
    Hello @Gintaras P Per my knowledge, web filtering for our ESET Endpoint Security for Android is currently considered feature, for addition later this year. I will check it with our product management, and come back to you once confirmed. 
  10. Upvote
    MichalJ gave kudos to Marcos in This feature is not monitred by Windows Security (firewall)   
    You must go one step back to select the product:

  11. Upvote
    MichalJ gave kudos to M.K. in Policy not whitelisting spam   
    Hi,
    the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately.
    Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update.
    Regards, Matej
  12. Upvote
    MichalJ gave kudos to MartinK in Installing Agent through CMD QUITET doesn't work for ESET PROTECT CLOUD   
    Could you please provide standard trace.log from AGENT or possibly search it for more detailed connection errors? I do not see any obvious problem with deployment method you are using - in case no mistake was made during parameters processing, it should work. From provided status.html it is not clear why connection is failing, it might be network related, but also certificate related. As it seems that certificate of ESET PROTECT Cloud service has been accepted, it might be problem with AGENTs certificate -> in steps you mentions "same old file" next to certificates, but if it means that you are attempting to use the same certificates an you used with on-premise solution, that won't work -> devices managed by cloud service are assigned certificate generated by service itself, and that is only certificate that will enable your devices to connect.

    Also note, that there is even simpler deployment method:
    Download AGENT MSI file and install_config.ini (so called GPO installer) into the same folder Initiate silent installation of AGENT via msiexec command, but without product specific parameters (those P_***) Observe that installer properties are automatically loaded from install_config.ini, i.e. there is no need to copy them to command line
  13. Upvote
    MichalJ received kudos from Peter Randziak in MITRE RESULTS   
    Hello, thank you.  And yes, we do have plans to add Linux coverage, in the reasonable future. 
  14. Upvote
    MichalJ gave kudos to j-gray in Help generating a software report with user login info   
    I need to find all OS X workstations that are missing a specific app and need to know the assigned user so that they can be contacted. Also need to include the OS version, so that we can work with the specific user to update/replace the device as needed.
  15. Upvote
    MichalJ gave kudos to pronto in Configure period for warning: Last connected   
    Okay, thanks for the effort. The setting is not a matter of life or death but as a nice to have it would be great...
    Thx & Bye Tom
  16. Upvote
    MichalJ gave kudos to Marcos in ESET Protect   
    ESET PROTECT is a new name for ESET Security Management Center. There are no plans to change the names of Endpoint security products.
  17. Upvote
    MichalJ gave kudos to Marcos in Workstation Management Agent upgrade   
    You should do the following:
    1, Create an ESET PROTECT component upgrade task:

    2, Select the referenced ESET PROTECT server:


    3, Select targets and click Finish:

  18. Upvote
    MichalJ received kudos from Peter Randziak in Currently running the appliance RASA 7.2, would like documentation for migrating to PROTECT Entry   
    Hello @jcy If you have purchased ESET PROTECT Entry, then indeed you should be able to activate ESET PROTECT Cloud.
    Just do the following (if you have not done so): 
    Create EBA account at eba.eset.com  Add your license key there. If you register EBA under the same e-mail that the license was purchased under, license will be added automatically. Once the license is added a tile showing "setup ESET PROTECT Cloud" will appear. You can choose the DC location, and setup your EPC instance.  Once instance is done and running, you can proceed according to the migration manual posted above. Can you please share with me the license e-mail that you have received from whoever sold you the license? Ideally via private message, as the email should have included the instructions. 
    Regards,
    Michal 
  19. Upvote
    MichalJ gave kudos to Marcos in What happen when lisence expired   
    14 days before your license is due ESET will start notifying you. After your license expires, modules will stop updating and after a couple of days Windows Defender will activate itself instead of ESET on Windows 10.
  20. Upvote
    MichalJ gave kudos to Marcos in ESET Dynamic Threat defense console status feature request   
    The button is subject to future changes. We are aware that it's a bit confusing now.
  21. Upvote
    MichalJ gave kudos to MartinK in EFDE custom policy not showing under applied policies   
    If my understanding is correct, you created installer where you included policy for EFDE? If so, it is actually expected behavior, as installer will just configure installed product to use settings from embedded policy, but to enforce settings, policy has to be applied also in console in a standard way. If so, solution would be to visit policies screen and assign required policy to groups or devices. In other words, policy as included in installers are intended primarily for initial configuration used until management agent is able to fetch policies and other properties from ESET PROTECT.

    We will also try to improve communication of this behavior so that is it more clear.
     
  22. Upvote
    MichalJ gave kudos to Peter Randziak in Do I need a new license?   
    Hello @noorigin,
    ECA is now ESET PROTECT Cloud, see https://support.eset.com/en/kb6889-eset-protect-cloudwhats-new for details.
    To use ESET PROTECT Cloud an eligible license is required https://www.eset.com/int/business/solutions/security-management/#purchase
    I would contact your ESET sales department to check what is the best option for you to upgrade your license to ESET PROTECT Cloud one...
    Peter
  23. Upvote
    MichalJ received kudos from Ufoto in Access to multiple ESET Protect Cloud tenants   
    Hello @Ufoto
    As of now, this is indeed not possible. I assume, that you are a reseller, and you have more than one customer, that has their own EPC instances. As of now, you will have to have a different aliases for every such instance, as one "EBA USER" can be linked only to one EBA instance, and one EPC Instance. 
    We are working on a new reseller focus portal, which will allow you to have a "service level login" to all your customers EPC instances. So yes, there is plan to add multi instance access, however I can´t confirm exact timeline at this moment. But our target experience is similar to the one you are referring to. 
    Regards,
    Michal 
  24. Upvote
    MichalJ received kudos from Peter Randziak in Access to multiple ESET Protect Cloud tenants   
    Hello @Ufoto
    As of now, this is indeed not possible. I assume, that you are a reseller, and you have more than one customer, that has their own EPC instances. As of now, you will have to have a different aliases for every such instance, as one "EBA USER" can be linked only to one EBA instance, and one EPC Instance. 
    We are working on a new reseller focus portal, which will allow you to have a "service level login" to all your customers EPC instances. So yes, there is plan to add multi instance access, however I can´t confirm exact timeline at this moment. But our target experience is similar to the one you are referring to. 
    Regards,
    Michal 
  25. Upvote
    MichalJ received kudos from Aryeh Goretsky in Is there a screenshot of ESET Endpoint Antivirus 8 GUI for Linux 8.0.3.0?   
    Hello, for what purpose you would need that? 
    I was checking the official documentation, and it does not include screenshots. We might ask our QA / PM to get some, but I am interested in understanding the purpose. 
    But as a sneak peek: 
     
    Thanks.

×
×
  • Create New...