j-gray

You don't need to create any GPO's, just run from your local workstation to sync AD computer objects. You can check the log file to hopefully glean some useful info: C:\ProgramData\ESET\ActiveDirectoryScanner\Logs You might also re-run it with the '--debug' switch to generate more verbose logs. HTH/

Now it looks like it's no longer available in EP Console, but the Changelog info is still there. Did this release get pulled already?

I just noticed that EI Connector version 2.2.4100.0 was recently released. The only info in the changelog is, "Fixed: various minor bugs". Is more detailed information available anywhere?

I believe I heard/read somewhere that patch management for macOS is on the roadmap for the near future. Can anyone confirm approximately when? Also curious what products will support this; both Antivirus and Security, or just one or the other? Appreciate any information.

@MartinK Thanks for the reply. In these cases, the only AV that is installed is ESET. We're simply trying to either install or reinstall the agent on Windows desktops that appear to be no longer managed. I tried the command you provided on my test machine, but it did nothing; no errors, nothing logged in the ESET folder and nothing logged in Windows Event Viewer. I can run the executable manually without issues, so the file/installer is known good. The issue appears to be with the "--silent" switch. Nothing happens if I use that switch only.

Circling back on this again to see if anyone has had any luck running agent installs remotely?

I created an alert for EI Incidents of Medium or High severity affecting servers, added a recipient, selected the groups to monitor, enabled the rule and had a successful test. However, when systems in those selected groups trigger a Medium severity incident (no High severity have occurred yet), I get no email alert. I do get other alerts not related to Inspect. The rule is pretty basic, so I'm not sure what the issue is or where to look:

Eset Inspect cloud version 2.2.4046.0 was released a few days ago, but the updated EI Connector is not available in the EP Console to create an install task. Is there any ETA when it will be there?

Our Remote Desktop Server creates many detections daily for 'Injection into system process [F0413b]'. The triggering processes are different, but as far as I can tell, the event is always, "CodeInjection tssdis.exe(6864) (ApcQueue)" What would be the proper syntax to exclude any Event triggered by tssdis.exe? Appreciate any assistance.

Thank you for the quick response! I'll give that a try. I thought I recalled having dynamic groups when on-prem, so thought I might be missing something now that we're in the cloud.

In EI Console when I'm creating an exclusion, the only available Target groups are groups from EP Console that were created by syncing Active Directory. I'm not seeing any of the other groups from EP Console, particularly Dynamic Groups. I'd like to be able to assign exclusions by OS but currently can only do so by Active Directory org units. Is this possible?

I've searched the various documentation with no success. When I run epi_win_live_installer.exe /silent it runs silently but fails with error 1602 Per some other documentation, I tried epi_win_live_installer.exe /silent /accepteula which does not run at all and logs nothing. Am I missing any other secret command line arguments that will get this to work?

Description: Streamline licensing and ESET components Detail: Too many components and licensing is cumbersome. Currently, we have three cloud consoles (EP, EI, EBA) to manage all functionality. We have two agent installs (macOS and Win), two EI Connector installs (macOS and Win), three AV installs (macOS, Win desktop, Win Server). We need separate hosts and installs for RD Sensor, another install for the Bridge and another install for the Active Directory Scanner. All with constant updates, etc. Major competitors use a single agent install that can have any functionality enabled or disabled as needed. So much simpler to manage versus these myriad components.

@Marcos Thanks for that --totally missed the licensing limitation. RD Sensor could provide functionality that we desperately need, but just isn't viable with the current model. There's no way we can deploy them at every site and on every subnet, particularly given there is no install for macOS. The manual install is painful, as well. It would be great if this functionality was built into the existing agent and could be enabled if/when needed on any client.

The following seems to work: Install WinPcap then install RD Sensor Stop RD Sensor service Uninstall WinPcap and install Npcap (must choose the option to "Install Npcap in WinPcap API-compatible mode" Restart RD Sensor service Based on the trace.log file it appears to be working properly. The bigger issue is that we have 15 sites with 3-5 subnets each. I can't see doing this manual process a minimum of 45 times.