Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by j-gray

  1. I need to find all OS X workstations that are missing a specific app and need to know the assigned user so that they can be contacted. Also need to include the OS version, so that we can work with the specific user to update/replace the device as needed.
  2. @MartinK; thank you -somehow I missed that. I'm not very familiar with reports. It seems like once I pick a Table Column or two in the Data section, the remaining data columns to select become quite limited. So for example, I'm able to choose 'logged users', 'computer name', and 'IP address', but then I don't have the option to choose connection time, OS version, or some other required info. Is this by design?
  3. Also, looking over the report options, I don't see a way to pull a report of systems in a Dynamic group, only Static groups. If I could do that, I could get at the info I need based on the Dynamic group I created that is missing the specific software.
  4. I need to generate a report that shows all computers without a specific piece of software installed that also includes the 'assigned user'. I can create a dynamic group that shows systems without a specific app installed (using the 'nor' function). I can export this to csv with the required details, except there's no way I can see to include the user info. Reports don't seem to have an equivalent 'nor' function like the dynamic groups do so while I can pull user info, I'm unable to pull systems without specific software. Am I missing something obvious? Any help appreciated.
  5. @MichalJ Thanks for the explanation, makes sense. It's just annoying to have to use a second product with a second account to manage the primary product. I didn't look closely enough to determine if hardware fingerprints were an issue for us. It was primarily that systems had been out of contact for 1,000 to 2,000+ days, but had not been automatically removed from the console. So long as that piece gets fixed, we should be good.
  6. Thanks for the clarification. I found it to be quite confusing. In part, because now I have to manage on-prem (ESET Protect) licenses in the cloud. And my password for ELA did not work, so I had to go to EBA to reset the password to be able to log into ELA. It feels like a step backwards to have to use a second/additional product (cloud) to manage licenses the for primary product (on-prem). And even a further step backwards when the second product is not working reliably. In the meantime, I've manually deactivated those machines that haven't been online in over 1,000 days. Thank
  7. @Marcos Thanks for the reply. Yes, I contacted support and learned that I had to use Cloud Protect to manage these. I then had to migrate from ESET License Administrator to Protect Cloud. Just got that completed. However, new question: the settings are configured to deactivate after 365 days. However, I have a number that are >1,000 days. I'm not sure why these aren't getting removed. Is there a way to force this cleanup, or do I have to do it manually?
  8. ESMC shows license count at 1584/1600. The console shows a total of 1334 clients and 184 of those show 'no status', so we only have 1150 installed clients. So we should have 434 licenses free. The License Management section shows successful recent synchronizations. I thought there used to be a setting to release licenses when clients are removed (after 90 days of inactivity) from the console. How can I release these licenses that aren't in use?
  9. Yes, ideally we would like to build a package that excludes the components that we don't use (e.g. Media Control, Device Control, Personal Firewall) and have a leaner client. I doesn't look like there's a way to do this en-masse, only when performing a local/manual installation.
  10. Yes, statuses are disabled by policy for these components. Clients do not see a warning about them being disabled. It's in the case of the Big Sur clients where they see the error state pertaining to the system extension for Web and Email protection. From what I gather, even though web and email protection are not enabled by policy, the web and email system extension still needs to be allowed. This is unfortunate, as it appears the only way to resolve this is with a third-party application (MDM).
  11. @Matus If I understand correctly, the only way to allow system extensions and full disk access is via MDM? It's not possible via ssh/terminal? Regarding components, we disable all 'Web and Email' components via policy. In the GUI they show as disabled/grayed out, so should not be causing errors or warnings. We do this for several reasons.
  12. @Matus is there a way to approve this via terminal command? On the client, the GUI shows 'Security Risk'; "Web and Email protection is non-functional" Of course, we do not enable these two components, so we wouldn't expect to see the error. Nonetheless, users see the error status and error messages.
  13. On two systems showing this error, I uninstalled the AV and then reinstalled it. I still get the same error messages in the console for each client. Any suggestions on how to clear this error status?
  14. For those OS X clients running 6.10.460.1 and latest agent, we're finding that most if not all report the following in ERA console: System extension required for Web and Email protection was not configured because of error. Try to restart macOS or reinstall the product. This is after upgrading to Big Sur when already on 6.10.460.1 What's more puzzling is that we do not enable Web and Email protection by policy. Also, the user is presented with these errors frequently enough to be annoyed. Is this expected behavior, and what is the recommended workaround
  15. I'm not finding the setting in OS X policies to display a warning or notification if virus definitions are 'X' days out of date. Can anyone point me in the right direction? TIA
  16. I also tried the task by going to client details, then 'Installed Applications'. I selected CCleaner from the list of applications, then clicked the 'Uninstall' button. That gave the following error: "SoftwareUninstallation: No applications matching name 'CCleaner' were found" Despite the application being installed and being selectable as an application, it does not run. I also tried the software uninstall client task, but CCleaner does not appear in the list of applications to select. Pretty frustrating...
  17. I'm going to guess that it's a permissions issue. On my test system, the task runs successfully and uninstall is successful using the command below: Command line to run: "C:\Program Files\CCleaner\uninst.exe"/S On any other system (all are Win10), while the task runs successfully, the uninstall does not start and the ra-run-command batch file remains in C:\Windows\Temp. Any suggestions on how to get this simple task to run?
  18. Regarding working directory, I put quotes around it and it failed. This is counterintuitive, as at a command prompt, it will fail without quotes due to the space in the path.
  19. Using the first option (command line to run and working directory both populated), I see the following in a batch file that is left in C:\Windows\Temp: uninst.exe /S del C:\Windows\TEMP\ra-run-command-92b883c9-c357-4610-9ecb-62cfa0e9f907.bat The second line is obviously failing as the batch file is still in the directory. I'm assuming based on the command that it's not referencing the working directory?
  20. This should be simple, but I'm having no luck. Task runs successfully but nothing happens on the clients. At the command line, this works perfectly: "C:\Program Files\CCleaner\uninst.exe"/S I have the task set as follows: Command line to run: uninst.exe /S Working directory: C:\Program Files\CCleaner I also tried the following: Command line to run: "C:\Program Files\CCleaner\uninst.exe"/S Either version runs successfully but does nothing. Does the 'working directory' require quotes due to space in the path? I don't believe anything is being logged...
  21. Appears to be profile related; if I scan under my account (domain admin) it does not log anything. If I log in as local admin, it logs the scan(s). Since that scan did not appear in the logs, is there any other way I can tell what the 10 detections were?
  22. I installed ESET and the initial scan started, completed, and was logged. I then ran a scan on the data drive. It completed and shows 10 detections. However, when I click on the 'Show log' link, the second scan does not appear, only the initial scan. Why is only one scan logged and how can I view the detections that were supposedly cleaned?
  23. Agreed. Hence my concerns. I believe something must have changed with the recent upgrades, as everything had been getting remediated properly. No policies have been changed, but ESET is no longer remediating much of anything. Sk8r is classified as a PUP, so potentially forgivable. It's the items flagged as trojans and malware applications that are being retained that are more concerning.
  24. This is what how we have on-demand scanning configured. Cleaning is set to 'always remedy detection':
  • Create New...