MichalJ

@TheMartin Thanks for the feedback / suggestion. I will contact our documentation team, and ask them to prepare the tutorial (video / documentation) with the topic "how to update my ESET environment on the latest version in the simplest way". I agree, it would be a helpful content, which should be more actively promoted in documentation and KB. 

Hello, EEI sends just the hashes, for verification. However ESET applications (in case Live Grid Feedback System is enabled) do send files for in-depth analysis / replication. However your assumption is incorrect - popularity is determined by how often the file is seen in LiveGrid, reputation is the result of the replication / file behavior. 

Hello, @mxp, it´s currently not possible to setup such dynamic group. 
We have internal improvement tracked for this (for internal reference): P_ESMC-12333 

@TheMartin Thanks for the feedback / suggestion. I will contact our documentation team, and ask them to prepare the tutorial (video / documentation) with the topic "how to update my ESET environment on the latest version in the simplest way". I agree, it would be a helpful content, which should be more actively promoted in documentation and KB. 

Description: Color code failing tasks
Detail:  The server used to color code the tasks that are failing. I'm running the latest ESMC, and now, that doesn't happen, and I have a hard time figuring out which tasks are failing. Is there a way to color code it again, or where can I see it? All I get is a generic email saying: "At least one client task has invalid configuration and therefore will fail."

What I would try as a last resort before raising a ticket would be to remove the licenses from your ESMC, and try to re-add them again, either manually, or via the business account credentials. Adding them in our test environment shows correct expiration dates, for December 2021.
 

My recommendation is to check ports usage documentation: https://help.eset.com/esmc_install/71/en-US/ports_used.html
Technically ESMC + Webconsole (tomcat) are listening on following ports:
2222 (can be changed, for example to 443 to reduce possible firewall issues): this port is used by ESMC Agents to connect to ESMC. This one has to be open for client devices. It could possibly be limited to specific IP addresses if possible, but that could possibly block roaming devices 2223: port is used for (my recommendation is to not open this port from outside of server) for Webconsole-to-ESMC communication. If webconsole will be installed on the same machine (= default scenario), there is no need to expose this port for console to work correctly second use is for ESMC Agent installers in case of "Server assisted installation". I would strongly recommend to omit this functionality, it is deprecated in favor of all-in-one installers which are much more suitable for MSP scenario. 443: standard port for access to ESMC Webconsole via browser. Port has to be opened for ESMC users to access console. My recommendation is to enable access to this port only for known IP addresses if possible. There is also possibility to perform additional hardening of Apache Tomcat configuration to enable only most secure TLS ciphers, you just have to be sure your browser will support it. Also make sure that when installing ESMC, so called "Advanced security mode" is enabled in it's configuration. It will prevent connections of older ERA Agents but should work for ESMC 7.1 Agents installed even on oldest supported systems (Windows XP).

Hello,
This is related to the new exclusions system. In case your policy has been converted from an old one, or you use older version of ESMC than 7.1, you will have the split of Performance & Detection Exclusions. If you create a new policy, you can only add performance exclusions to it, and detection exclusions would be handled via the new exclusions tab in the main menu. 
So the one with detection exclusions is most probably a policy that included some detection exclsions (other than by path) before. The one which does not have them, is a policy which had not them defined before. 

Hello @Marc K
Are your Endpoints activated using license key / security admin credentials?  Or have you activated them using offline license file ? 
In case the second one, you will have to reactivate with a new license file, in case the first one, can you verify that your endpoints can access https://edf.eset.com/edf?  When connectivity to our license servers is broken somehow, your endpoints are not able to get the updated license information. 
Last option could be, that the license did not correctly export to our update servers, however for that we would need your public license ID, so we can check whether there are no sync issues with your license. 

Actually you have to use different tasks to upgrade applications:
Components upgrade task is required to upgrade ESMC Agents Software installation task is required for upgrade of other ESET applications

Solved. I had OBDC version 5.3.13 After downgrade to 5.2.7. I was to able install Era ESET Agent Thank you very much

Please provide list of installer parameters you are using to deploy AGENT (only parameter names, no need for passwords or other sensitive details). From log it seems you are performing so called server-assisted installation, but probably with wrong hostname:port configuration, resulting in communication failure.
Also once ESMC is installed, you might use also live installer created in console to deploy AGENT, it has no parameters so it would be much simpler.

For those of you in the same situation, I first had to install SP3 for SQL Server 2008 R2 Express because you can't directly upgrade to SQL Server 2017 Express unless you are running SP3.  I was running SP2.  Once this was done, I upgraded to SQL Server 2017 Express by using the custom install option.  I then opened ESMC and went to Help->About.  The DB version is now showing Microsoft SQL Server 2017 (RTM) Express Edition (64-bit) 14.0.1000.169.  I then went to Help->Upgrade Product and a new client task was created.  After a few minutes, I was kicked out of ESMC and I could not log back in.  A few minutes later, the login page wouldn't even come up, but after some more time, it finally came up and I was able to log back in.  ESMC is now showing it is v7.1717.0 and the Web Console is at v7.1.393.0.  The last thing I did was install SQL Server Management Studio (SSMS) on my server so I could manage the DB a little easier.
https://docs.microsoft.com/en-us/sql/database-engine/install-windows/supported-version-and-edition-upgrades-2017?view=sql-server-ver15
https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15

Hello, you are using unsupported MySQL version (5.5) which is no longer supported in ESMC 7.1. The only option is to upgrade your database to the one supported by ESMC 7.1 or downgrade ESMC back to 7.0 till you are able to process the upgrade. 

@schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. 
With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510

Just for clarification for others in case they encounter this issue: unknown state indicates that for specific application version ESMC is not yet aware of it's state. This normally happens when new version of application is seen for the first time and it should be resolved automatically in no more than 1 hour.

MDM Core is activated (although it does not consume license seat, activation is done only for the purpose of getting the valid update credentials for receiving module updates). Each mobile device needs to be activated separately, using the "product activation task" targeted towards the particular mobile device entry. 

MDM Core is activated (although it does not consume license seat, activation is done only for the purpose of getting the valid update credentials for receiving module updates). Each mobile device needs to be activated separately, using the "product activation task" targeted towards the particular mobile device entry. 

@m.gospodinov That was exactly the recommendation I wanted to give. Please note that you can also play a bit with the dashboards, make the "table view" displayed as default, and also when you edit the report template you can edit the "top 10" setting, so if you have more than 10 different problems you can list them all (that depends on size of your network mostly). 

10. Dashboard > Computers > Security risk > Detailed information - I get a list with computers that have a problem. Most just require restart but others have different problems. Is there a way to separate them or at least add a field with the problem? Right now I have to click on each of these computers to see details and then go to alerts, which is extremely time consuming.
p.s. I found it - Dashboard > Top computer problems > Expand the field > Table view.

Thank you for the feedback. I will check on our side, whether there is anything to be done to change it. I agree, that impossibility to turn it off when anything is wrong is an inconvenience. I will try to give you update here next week. 

When you remove the "offline computers", is the checkbox "deactivate license" checked? As licensing is evaluated on the cloud licensing servers, you need to make sure, that checkbox for license removal is set. Also, you will have to click "synchronize licenses" in the license screen, to update the listing, as by default it refreshes every 24 hours. 

Hello, I will try to give you some advice:
Your fist case, should be done in a way that you use "nested dynamic groups". First one will do "Machine is not Windows XP" where I would recommend solution when you first filter out Windows XP machines:  Then you will filter out the ones that do not have the right version:  You can run a task on a list of computers differently: Select them in the computers table, choose each entry, and then click in the footer button "actions" and run task  From the task wizard, when you specify a trigger, you can inside specify either "add groups" or "add computers". When you click "add computers" you can choose whatever computer you like.  When you are in the "client tasks" section, and you expand the entry of the task, grey lines are for triggers. If you click on the "trigger entry" it shows you "delete". Afterwards the console asks you whether you want to delete a trigger.  In client tasks section.  It will install over, perform the upgrade of the computer. However, if you have already Agent installed, the most convenient way is to use software install task.   
 

For number 1, maybe @MartinK might be able to shed some light. I can confirm that the "is one of" and "is not one of" is working for me OK. 
Point in 6 is related to the fact, that the underlying data is not correlated with computer information. However I do agree, it would be a good idea to have it somehow interconnected, so I will report an improvement request for that.  However, you can apply a filter on "dynamic group" so if you have a DG set on particular criteria, you can also filter the report (for example windows XP DG). 

With regards to the number 7, this functionality will be available in the next release. You will have an option to download the generated report output directly from the dashboard.
What is also possible in current version is, that when you drill down, apply filters, you can click "generate and download", to get the data exported in CSV format.