[Computers view version update issue]

Marcos, 

 

Thanks for replying.  THat sounds like it was the probable senario.  Im glad to hear is not a problem with functionality, however it is causing confustion between other techs.  

How can we force the endpoint to do a recheck and report in the correct version?  Is a reinstall required?

[Computers view version update issue]

Hello,

We are seeing a reporting issue in our Protect server.  Recently we pushed out a update task to upgrade from 9.1 to 10.  The updates completed successfully.  On the endpoint there is no issues, however from the global computers view some are still showing as the old versions. 

If you go into the computers details its showing the endpoint is up to date.

Rebooted server thinking this was a scheduled service that updates this table view.  Still not showing correct.

 

Anyone have any advice?

 

ESET PROTECT (Server), Version 10.0 (10.0.1128.0)

ESET PROTECT (Web Console), Version 10.0 (10.0.132.0)

Microsoft Windows Server 2022 Datacenter (64-bit), Version 10.0.20348.1487 21H2

[ESET Move Detection Exclusions between servers]

ok, so we need to wait untill we recieve a new detection to turn it into a detection exclusion?

 

Is there a better way to add exclusions for on-Demand scans?

[ESET Move Detection Exclusions between servers]

How do you move or re-create detection exclusions from one ESET protect server to another.  I see an import option but not an export.

 

 

[Report on clients connecting via different FQDN]

Hi all, 

We are in the process of migrating from using an internal FQDN  to a public (hostname@company.local to hostname@company.com).  We have about 1000 clients alreay out there using the .local servername. 

As we push the change out with policy is there a way to report on what clients have recieved the change vs the ones that we need to work on?  

[ESET syslog endpoint firewall log]

any suggestions?

[ESET syslog endpoint firewall log]

Hi, 

We have been sending our syslog from our AV server to a SEIM and things are working well so far.  Recently we are piloting a few user moving from ESET Endpoint Antivirus to ESET endpoint security.  We want to start sending the managed firewall logs up through the Syslog.  From our investigation is does not seem the local FW logs are being sent even up to the AV server.  Is this by design or do we have a configuration issue.

[Triggering Module/Definition Updates on demand]

Hi all, 

We are looking to integrate ESET on some classroom computers that have Faronics Deep Freeze on them.  After reviewing their documentation they recommend that you schedule re-occurring "thaws" in which the computer reboots into a "thawed" state and the AV can can update and be "frozen" back to an immutable state.  

Their recommendation is that when you thaw to kick off a script that pulls the latest definitions from your AV server.  Does anyone have any recommendations on how they have gotten this to work?  I have looked at the help KB on ECMD and it does not look like this functionality is possible through that tool.  

The other option I have through of is a custom policy to schedule the updates via the ESET Scheduler.  I see that this might not be best because the timing of the update and the thaw must be in perfect sync to get the timing right.

Anyone else use these two products together?  Any advice from ESET on how to programmatically kick off a Modules update on demand?

[Scanner Exclusions]

On 10/25/2021 at 8:38 AM, Marcos said:

Please provide logs collected with ESET Log Collector so that we can check your ESET configuration as well as the detection log.

How should i provide the logs.  Even 1 day of logs is over 200mb

[Scanner Exclusions]

We are running into some issues with Exclusions and are hoping to gain some more information on the expected behaviors.  We have some directories set as exclusions under Detection Engine > Exclusions.  This seems to correctly exclude these paths from the Real Time Scanner.  The issue we run into is that the other scanners, On-Demand, Idle, Startup often alert on objects inside these folders.  

Could someone explain if this is expected behavior?  If so how do we exclude directories from ALL scanners?  

[Outlook web e-mail protection]

9 minutes ago, Marcos said:

No, antispam is a feature of email client plug-ins.

I understand the AntiSpam is a plugin for the desktop client.  In the Web Protection settings it indicates that it also scans e-mail.  Does it use a different scanner or detection engine then the e-mail plugin?   

 

[Outlook web e-mail protection]

Today we had an phishing incident and the e-mail module for the Outlook Client caught a ton of threats.  We were happy with the performance in that area.   We were asked about those users that use the Outlook web client and not the desktop client.  We didn't notice any alerts from that category of users.  

My question is there any way within the ESET product to protect against a similar threat in webmail?  We do have SSL inspection enabled but were not sure if ESET would detect the same attachment if opened through webmail. 

Any thoughts ?

[Documentation on PROGRAM COMPONENT UPDATE - Auto Update]

@Marcos Its been a few weeks and i have not seen any component updates.  I have verified the settings but non of the clients in my test group have been updated yet.  Any advice on what might be missing?

[Documentation on PROGRAM COMPONENT UPDATE - Auto Update]

We are struggling to get Auto-Update working via policy in or environment.  I confirmed the policy is distributed to the group we are testing on.  We are on 8.0.2028.0 and version 8.1.2031.0 shows as available in the Protect console.  I don't see anywhere where we can accept the EULA.  I was unable to find any info in the documentation on this.  Does anyone have any greater information on this or can link to documentation on the process. 

 

[Gather all local exclusions set on endpoint]

Thanks @Marcos, 

I know you can override local exclusions by "replacing" them with policy.  But if you ever remove that enforcement the local policy comes back into play.  Is there a way to delete the local exclusions with policy?

[Gather all local exclusions set on endpoint]

I have two questions on a similar topic.

Is there a reporting mechanism to query all endpoints with the goal to list all local exclusions set.  

Is there a way to wipe out local exclusions but still keep the ability without replacing them?  If we set the policy based exclusions to replace then we loose the ability to set local policies.  We just want to identify what is set out there and do a clean sweep of locally applied exclusions. 

 

 

[ESET Protect Notification distributions]

I have been looking to change our notifications from e-mail to posting to a teams or slack channel.  I can send the e-mails to the channel and they do show up but it is hard to read and you dot get good info without opening the e-mail.  so no real benefit then sending to a distribution list.  I was looking to see if there was a way to post the notifications through POSTing through connectors and webhooks.  

Hoping that someone out there has found a way to get this working?  Is this on the roadmap for the future?

[ESET v8 update changes]

Marcos,  Thanks for your reply.  From reading other posts i read mention that the update will apply at the next reboot.  Will this allow us to push the update out to users but they will not get the alerts prompting to reboot?  Does it schedule the update at the time of next reboot?

[ESET v8 update changes]

Is there any technical documentation on uPCU and how it will change our update processes?  What parts of ESET are now able to be automatically updated?  just the management agent? or the security product as well?

[Dynamic Template less the Operator?]

Hi all hoping someone out there can direct me to the best way of doing this. 

I'm trying to create a dynamic group for all clients with a version less then the latest.  I thought i would just do something like "Installed software . Application version <= "7.3.2039.0"  or something like that.  It does not appear that there is a less then operator available. 

If this is not possible then is there a better way to accomplish what I'm trying to do here?  Any help would be appreciated.

 

 

[Scan targets via Scheduler]

hi all,  I have been looking through the documentation but have not been able to find the syntax to enter custom Scan Targets through the scheduler.   I want to create an On-Demand scan using the scheduler but want to exclude each users One drive and Sharepoint synced files.  There are 100's of Gb and the scan is taking many hours to complete. i also want to exclude any network mapped drives.

Was hoping we can do something like this:  Exclude C:\Users\*\[Name of SharePoint]

 

[Staggering schedued scans]

Hi,  I am curious to see if anyone can help me with how to configure scheduled scans but stagger them over a time period.  There seems to be this ability in the check in times for the management agent.  Is there a similar way to do this with the scheduler. 

[Dynamic groups based on server roles]

Hi, we are looking to create a dynamic group to sort out Domain Controllers from other server.  Does anyone have a solution to using Dynamic groups to accomplish this?