BrianMorris

We manage about 350 endpoints and this ML/Augur detections has been creating all these tickets for us on many computers for files that have been resident for years. Virustotal has shown no other vendor agreeing so far. Seems like a false positive wild fire to me.

I still have over 100 endpoints with this message.

igi008 -- this is really great, thanks for sharing

This is a great comment. It would be really great if it would just alert me if I had an overage, but it permanently has this warning for when I’m using the correct amount.

A few of my systems were either imaged or had the drive moved to a different computer and this happened. I deleted the asset in PROTECT Cloud and it showed back up. Sometimes I’ll install the Agent installer on top of the existing agent and it will start working.

Did you figure this out? I will go into my MSP Administrator (or eba.eset.com for non-MSP) and deactivate any computers that aren't checking in any longer. This kind of thing happens sometimes for me for some unknown reason.

Hmm, it's a little tough to know what you mean. Did you deactivate the license in ESET PROTECT Cloud or the MSP Administrator site (msp.eset.com)? For simplicity, they have this helpful guide when you select Remove from the menu on a particular computer in PROTECT Cloud -- follow this and you'll be good (there is a deactivate prompt at the end).

I can't seem to find any change logs or any info on 9.1.2051. What's new?

Valid point. You could address this by changing the HTTP to HXXP for the purposes of these notification emails.

Thanks, Marcos. I don't seem to have any policies for the Agent active. I remember having those on the On Prem version, but I don't have one in the CLOUD. There doesn't seem to be any Agent policies in the Built-In Policies list. I just created a brand new policy from scratch for the ESET Management Agent and will test. Thanks.

I've noticed that some of my endpoints only show ESET products instead of all programs that are installed. This computer uses the same policy as 140+ others ones that show applications. How do I get it to show me everything? This has had the agent for a long time.

Here's how I do mine. Alternatively, you could do DOES NOT EQUAL version 9.0.2046.0.

I saw that last year occasionally when CLOUD was new to me. I haven't experienced that in the last 6 months.

Yes! I feed these alerts into my ticketing system, but it misses this key piece of info 🙁

here’s an interesting comment: https://www.dell.com/community/Virus-Spyware/UEFI-infiltration-found-by-ESET/td-p/6191946 ”CompuTrace is a commercial product that is embedded into firmware to help people recover stolen laptops. Doing that requires it to exhibit some virus-like behavior, such as phoning home, and it can also be used to remotely wipe the system since some companies might want to do that if their laptops are stolen. But before you can do any of that, you first have to activate your system's CompuTrace instance. Dell includes the actual application in the firmware, but it doesn't do anything until it's activated. If you haven't yet activated it, you also have the option of deactivating it, but if you do that you will NEVER be able to reactivate it. And if you've already activated it, I believe it can never be fully deactivated.”

cosign!

YES!!! I'm been asking about that since last fall: https://forum.eset.com/topic/29581-edtd-at-a-glance/

I just reviewed my own config and settings. All of the email accounts in my one Outlook profile have the Detected Items folder (although they were probably added many years ago by ESET!) "The emails that will be stored in "Detected items" will also contain infected files? Or they will be moved in Eset quaratine?" ESET would quarantine infected files, but the email itself would reside there (that's my experience). Thunderbird doesn't seem to be a supported email client.

Here's a snip from my ESET Protect CLOUD, I have no issues with Win10 Home.

BTW, I may need to change this up with the EDTD name change: https://help.eset.com/elga/en-US/overview.html On March 23, 2022, ESET Dynamic Threat Defense was re-branded to ESET LiveGuard Advanced. In ESET business products, you can find it also as ESET LiveGuard. Both names refer to the same service.

This was a HUGE problem for me. Here's how I solved for it: I created a Dynamic Group Template - see the pic for hints on how to set it up. I then created a Dynamic Group inside my Static Group of clients with the EDTD license. I set that Dynamic Group to notify me if the Dynamic Group changed. Reply if you need more details!

Here is the documentation on how to do it: https://help.eset.com/protect_cloud/en-US/admin_server_settings_syslog.html?zoom_highlightsub=syslog "1.Click More > Settings > Syslog and click the slider bar next to Enable Syslog sending" When I go there, the Settings link is greyed out. Do I need to submit a ticket to enable it? ALSO -- can I export logs for certain Static Groups or is it all or nothing? (I'm an MSP)

Back in this post, I asked how I could figure out which computers didn't have EDTD activated: None of the tips did what I needed, but I just figured it out. I have a Static group of clients that have EDTD licenses, but I couldn't figure out a way to quickly figure out which had EDTD and which didn't. If I add a new computer, it doesn't throw errors about EDTD not be activated, so I can't do a group based on that. Here is what worked:

Interesting. I think it would be a great idea to just have a little alert when creating the Dynamic Group that it may take "up to x hours/minutes" for matching assets to appear. Also maybe something about the endpoint needing to be online. I was thinking that all of this information is available to view, so it would just pull it from the server, but as you've explained, it doesn't work that way..

Inspired by some recent posts here, I figured out how to create dynamic lists of computers with McAfee or Java or anything installed. My RMM does a lousy job of this, so this is *so* helpful. One thing that threw me off in the past is that the report is blank right after the creation. You need to wait awhile for it to fill in.