ronmanp

We do use ERA 6 to activate our endpoints with a client task. That parameter sounds like it's exactly what I need so I'll try it now. I'm sure ERA 6 is good to deploy software but it can't compare to SCCM's feature set. Thanks to both of you.

I'd want that feature too but it's either: Install silently, get the activation prompt at the end, wait a few minutes to activate but even once the license is activated the prompt remains open thus causing confusion for end-users. Push from the web console. Activate manually. Which is unfortunate...

Btw, it appears all settings from my cfg.xml are applied correctly during install except "Minimum verbosity of events to display". If I manually import it again after the installtion it work though.

We are on version 6 and the software install task is not an option. We are a company across different countries with thousand of endpoints. We use SCCM to deploy the MSI.

After a silent install the activation prompt pops up. I have a client task that will run within minutes so that prompt is unnecessary and causes confusions with end-users because they think ESET is not activated so they create support tickets. How can I stop this? I have a cfg.xml file along my MSI to apply policies while installing with all application statuses disabled but the prompt still shows. Would changing the "minimum verbosity of events to display" to "errors" only do the trick? What can I do to make this work? Thanks

I was asking about this because I tested it and it worked just fine. Actually I came across a support case you mentioned but it was denied by developers as invalid - the user was complaining about ehdrv.sys driver and not about HIPS itself. As already mentioned, I'd never disable HIPS as I would lose other crucial protections layers that are almost as important as real-time protection. I hope this is not my support case as I haven't been told that. I agree HIPS is important but we have in-house tools that will break if we enable it. I'll work on making it work but this won't be possible right now.

I didn't have a problem with this - HIPS was disabled in the program's gui on the client. However, why one would like to disable HIPS and lose other important protection layers, such as Exploit blocker and Advanced memory scanner, which can block a huge number of threats upon execution if malware makes it through all other protection layers? That's in fact good. Any exclusion creates a security hole as potential malware in excluded files or folders would remain undetected even if ESET was able to block it otherwise. Wildcards are supported for folders and files, however. If you need to use exclusions, I'd strongly suggest consulting it with Customer care as there's a chance we would be able to solve possible issues in a safe manner. Updates are run via update tasks in Scheduler and this is how it has worked since v2. So you basically need to set up 2 update profiles, each with different setting for updates in different networks. Then you need to create a new update task or edit the existing one and select the primary and secondary update profile. I for one can't think of how this could be made simpler. If you want to discuss particular issues or have questions or suggestions, please create a new topic for each. I've shared my concerns already through technical support. I was just sharing my experience in this thread as I've noticed I'm not the only one living with issues caused by ERA 6. The HIPS issue has been acknowledged by ESET and it is not caused by our environment issue. We are working on it. Real-time scanning exclusions and drive letter wildcards. I know they are bad but some of us need it so we should have the option to use them. It shouldn't be your decision. Again this is something competitors allows you to do. For update profiles I believe that simply creating 2 profiles in the policy and choosing a primary one to have ESET fallback to the second one automatically if the first is unreachable would be a lot simpler than going through the 23 steps from your documentation.

Wouldn't having hundreds of endpoints with mapped network drives start working in the morning all at once kill the file server?

This is true, the web console is all cute and shiny but the administration of ERA 6 is awful. After months of tweaking I'm just starting to to be able to sort of make it work like it's supposed to. Unlike many competitors you can't just set it up and stop thinking about it. You'll have to constantly monitor, fix server/agent communication, activation and policies (e.g. HIPS won't disable and yes I have a support case open) because it's a nightmare to manage. Oh and if you want to use AD to manage your endpoints and assign policies just forget about it. Believe me... For SMB I can recommend it, but for big companies... Brace yourself. Here's 2 of my favorites: we can't use wildcards for drive letters in the real-time exclusions Also why not simply have a single setting that says "Use internal server to get definition updates, if it is not reachable then use ESET's servers." instead of having us go through that whole process? Like many have said before, the product has real potential but right now I feel like a beta tester.

Thanks that's exactly what I needed. Regarding the MSI properties. At some point I'll want to add an external IP address but for now it is just an internal one. I want to add the IP because sometimes I have endpoints experiencing issues resolving the hostname or the FQDN.

<bump>

Hi, Is it possible to set multiple servers within the MSI property "P_Hostname"? If it is possible, in which format should I enter it? Would the values below work? server1;server2;10.0.0.22 I'm also wondering what's the use of the HTTP Proxy under the the "Advanced settings" of the ESET Remote Administrator Agent policy? Is it for the client to access the internet for updates? By default the policy uses the IP of our ESET server which is odd. Finally, for Endpoint Antivirus updates I have 2 update profiles. One for internal that uses our own ESET server for updates and one external when machines are off the network. Can't seem to find a way to make it default to internal and fallback to external when it cannot reach the internal server. It seems it's one or the other, not both. I'm on ERA 6. Thanks,

Oh that's why other services I have running don't have that issue. It's because they expire before 2017/1/1. Thanks for that info. Looks I'll have to upgrade my CA then.

Following these hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3724steps I can now encrypt traffic to/from the web console. In IE it is trusted without any warnings which is what I want: In Chrome I get this warning with a red streak through. I have many other web services and they don't have that issue with Chrome. Anyone experiencing something similar? Thanks,