Jump to content

FerdinandG

Members
  • Posts

    11
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by FerdinandG

  1. I think all of us have the same problem. I can add the MAC address prefix filter to exclude devices that I don't want to be included in the rogue computers list, but there are so many MAC address prefix that I need to add. Printers, switches, NAS, are included in the list and the make the number even bigger, although there is no need to do anything with those devices regarding with ESET. Still waiting for a way to list "computer" only in "rogue computers" list
  2. Hi Marcos, Thank you for your response. Is the default update profile also applied for other task, such as when I trigger to update ESET products from ESMC (Endpoint Antivirus version upgrade)? So I will change the default update profile using ESMC's policy to use proxy A (using the local internet provider), then edit the regular update task in scheduler to use proxy A as the primary update profile and proxy B as the secondary one. However, in Tools -> Proxy server, I still use proxy B as the proxy server. Is the version upgrade still use proxy A as the proxy for upgrading Endpoint Antivirus, installing other ESET product from ESET repository, or probably for ESET LiveGrid feature? Thank you
  3. Hi, Our branches have two proxies in the same subnet, for instance: proxy A: 192.168.0.1 -> Proxy that connected to each branch's internet provider proxy B: 192.168.0.2 -> Apache http proxy that chained to http proxy in the HQ Is it possible to have dual update profile for ESET Endpoint Antivirus 7.x, so the client will try to connect to proxy A first. While connection in proxy A is not ok (update failed, proxy cannot reach), then the client will try to update using proxy B as backup. Proxy A should has highest priority, so proxy B only be used if proxy A fails. At the end, direct connection should be used when proxy A and proxy B fail (probably when the client is outside the branch's network). Thank you.
  4. I just read about Time Based Criteria in Throttling setting. Is this something that I can also use to set the range when the task is allowed to run?
  5. Hi Marcos, I created the task and the trigger from Tasks menu on ESMC ver 7.2, but I could not find the settings for skipped task in there.
  6. Hi, I created an on-demand in depth scan task and set a weekly trigger on it. The task starts every Saturday at 00.00 AM. My goal is to run an in depth scan to computers that still powered on over the weekend. However, on Monday morning, I notice that there are computers start to run the task, although those computers were turned off during the weekend and powered on on Monday morning. Can I define the range/expiration of the trigger, let say 24 hours, so for clients who did not receive the trigger in 24 hours after the defined schedule (in this case the clients are off during the weekend) will not triggered to do the scan on Monday morning? Thanks
  7. Hi, Can we change the rogue detection to detect computers only? Adding MAC address prefix blacklist filtering to exclude non-computer devices to the policy seems hard to do because we have 300+ branches that have their own devices with different brands. We need to add so many MAC addresses prefix to have computer only list. For the reports, I can add Rogue Computers.Detected OS to show only the devices that have certain operating system, for instance Windows. But is there any way to change the criteria of detection to detect computers only? Or at least the way to change the rogue chart in the Dashboard so it shows only computers, not all the devices detected by RD sensors. Thank you
  8. Hi, We need to migrate to another ESMC servers due to database change. In the old ESMC server, we use MySQL database, but since the number of endpoints keep growing, we found that the performance is getting poor. So we decided to build another ESMC server that uses SQL Server 2019 as the database. We have successfully import the static groups and policies to the new ESMC server. We tried to migrate several endpoints from the old ESMC server to the new one using policy. However, in the new ESMC server, the endpoints are located into Lost & Found group, not in the original group in the old ESMC server. Is there any way to automatically map the endpoints in the new ESMC server based on the old ESMC server groups? For information, in the old ESMC server we use GPO scripts to automatically map the endpoints into groups (based on the location).
  9. The replication interval is 50 minutes, at working hours the pending logs are about 4000 to 5000 logs now. While using ESMC 7.1, the pending logs are about 1500 to 2500 as far as I remember. Actually I would like to say that the performance is not good. Most of the reports cannot be displayed due to 90000ms time out error. Some of the panels in the dashboard fail to show, for instance the Product Version Status. Even the ESET Application tab took ages to show, and needs to retry several times before the tables are shown. We have told this problem to the local support, and they are still want to try to tuning the database first. We need to create reports based on ESMC reports and we are still struggling to do such thing. I'm afraid that the more endpoints are successful to connect to the ESMC server, the more dashboard panels will failed to load.
  10. Hi @MartinK, Currently we are upgrading from ESET Endpoint Antivirus 5 to ESET Endpoint Antivirus 7.3 in all of our endpoints. The number of actively connected endpoints right now are 37.000, but at the end they should be around 46.000 endpoints. All endpoints connected to ESMC through two Apache HTTP Proxy servers, but we have more local Apache HTTP Proxy in our 300-ish branches that chaining to those two Apache HTTP Proxy servers at the HQ. We have three different timezone so the temporary peaks might be divided into three groups based on the timezone. I suppose we have adequate storage/IO performance because the database disks are in our enterprise storage. The thing that I'm concerned is we are using MySQL 5.7 on Linux for the database. Is there any configuration to increase the MySQL database performance? FYI, we have separated ESMC and database servers.
  11. Hi, We've recently upgraded ESMC server from 7.1 to 7.2. However, we've noticed that the number of pending logs increased around three times since then. Is there any way to increase the ESMC performance in order to reduce the number of pending logs? We've also noticed from the ESMC server's status.html, there is Replication Throttling scope that showed the following settings: •Max logs count is : 14000 •Max logs KB is : 1048576 KB •Max agents is : 280 Are these settings limit the number of logs that are processed by the server? If so, can we change the limits? Because we often see that the number of logs count or agents are more than the maximum number and the replication throttling state is throttled. ESMC is running on Windows Server 2012 OS with 4 CPU core and 16GB RAM. The average CPU utilization is around 25% and the average memory usage is 8GB Thank you
×
×
  • Create New...