Jump to content

j-gray

Members
  • Posts

    362
  • Joined

  • Last visited

  • Days Won

    4

j-gray last won the day on May 31 2019

j-gray had the most liked content!

About j-gray

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA

Recent Profile Visitors

3,222 profile views
  1. Thanks again. Is it also possible to determine which updates require or recommend a restart? I just ran an update on a Windows system from 8.1.2031.0 to 8.1.2037.2. I assumed being a minor upgrade that no restart would be required. But in fact a restart is required. I guess I need to assume that any AV update will require a restart. But it would be great to know in advance --that way I could immediately apply updates that don't require a reboot, as opposed to having to wait for a more opportune time.
  2. Thanks for the info -I appreciate it. What is the functional difference between required and recommended. I assume that 'required' indicates AV is not functional. What state is the AV when restart is recommended? Is it still fully functional or are some components not functional?
  3. I can't remember if this dynamic group was a pre-built/canned one, or one that I built. Either way, it quit working after some upgrade when status changed from 'Computer' to 'Device'. The initial query was OR Functionality/Protection problems.Problem = Computer restart recommended / Computer restart required I found that the actual status is now "Device restart required", so added that to the existing OR conditions. However, I found that some clients are also now showing status, "Device restart recommended". But I'm not finding this status under Functionality/Protection problems.Problem with the others. Nor am I finding it elsewhere. Any thoughts on how I can fix this dynamic group to capture all restart conditions?
  4. @Marcos The bulk of the hits are coming frequently and from one cloud hosting provider: 192.241.128.0/17 We have IDS and IPS in place at our edge, but they're not detecting this traffic. Is the ESET component simply a block list, or is there some other logic/analysis in place?
  5. Thanks -I just sent the IPs via PM. Hope that's ok.
  6. Thanks for the reply. There's no visibility or information (other than blacklist) to help us determine why the IP is being blocked. All we know is that they are IP's that are external to our network. Is there any more detailed information logged somewhere?
  7. In ESMC, ESET Server Security logs a detection type 'Security vulnerability exploitation attempt' caused by EsetIpBlacklist. The detection type is labelled as 'Firewall'. As the Server Security policies don't have a specific 'Firewall' section or component, can anyone clarify what component exactly is responsible for this protection? My assumption is that it's the IDS component of Network Protection, but I'm not entirely sure. TIA
  8. @Marcos The other issue is the proxy/VPN component. We're also finding that even when the service is inactive, it gets reactivated after an OS update and causes issues again.
  9. @Marcos Any updates on this, or a possible timeline? Our hardware orders are all coming in now, and of course new hardware is coming with Big Sur installed, so our problems are increasing rapidly. Thank you.
  10. Thanks for the information --I appreciate it.
  11. We're currently running ESET Protect on-prem with Windows and OS X licenses for EEA. I'm referencing the EEI Help documentation, but a little unclear on some details. Could someone please walk me through what it would look like to add Enterprise Inspector so we have full EDR? I gather we would run up a new/separate server for EEI in addition to our existing EP server. Install EP agent on EEI server, then deploy EEI server via EP console. I also gather that clients will need two agents (one for EP and one for EEI)? I don't entirely understand deployment and management from there. Can I use a single web console to deploy both agents and manage all policies? Or do I need to deploy EP agents from the EP console and EEI agents from the EEI console? Is all information aggregated into a single console? Appreciate any pointers or clarification. TIA
  12. Out of curiosity, the EP Antivirus and EP Security feature matrix shows that EP Security has "Component-based installation". Does this mean that we can choose to not install components that are not needed as we're discussing here?
  13. ARD might be a suitable workaround for smaller organizations. Unfortunately, it requires too much manual intervention and constant babysitting to be viable in a larger environment. We need a solution that is both reliable and can be automated.
  14. We use JAMF to deploy the agent, then ESMC installs the client automatically once the agent is installed.
×
×
  • Create New...