Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by j-gray

  1. Thanks again.

    Is it also possible to determine which updates require or recommend a restart?

    I just ran an update on a Windows system from 8.1.2031.0 to 8.1.2037.2. I assumed being a minor upgrade that no restart would be required. But in fact a restart is required.

    I guess I need to assume that any AV update will require a restart. But it would be great to know in advance --that way I could immediately apply updates that don't require a reboot, as opposed to having to wait for a more opportune time.

  2. I can't remember if this dynamic group was a pre-built/canned one, or one that I built. Either way, it quit working after some upgrade when status changed from 'Computer' to 'Device'.

    The initial query was OR Functionality/Protection problems.Problem = Computer restart recommended / Computer restart required

    I found that the actual status is now "Device restart required", so added that to the existing OR conditions.

    However, I found that some clients are also now showing status, "Device restart recommended". 

    But I'm not finding this status under Functionality/Protection problems.Problem with the others. Nor am I finding it elsewhere.

    Any thoughts on how I can fix this dynamic group to capture all restart conditions?

  3. @Marcos The bulk of the hits are coming frequently and from one cloud hosting provider:

    We have IDS and IPS in place at our edge, but they're not detecting this traffic.

    Is the ESET component simply a block list, or is there some other logic/analysis in place? 

  4. 4 minutes ago, Marcos said:

    Yes, it's Network protection that blocks addresses seen to generate malicious communication. Do you suspect a particular IP address to be blocked incorrectly?

    Thanks for the reply.

    There's no visibility or information (other than blacklist) to help us determine why the IP is being blocked. All we know is that they are IP's that are external to our network.

    Is there any more detailed information logged somewhere?

  5. In ESMC, ESET Server Security logs a detection type 'Security vulnerability exploitation attempt' caused by EsetIpBlacklist. The detection type is labelled as 'Firewall'.

    As the Server Security policies don't have a specific 'Firewall' section or component, can anyone clarify what component exactly is responsible for this protection?

    My assumption is that it's the IDS component of Network Protection, but I'm not entirely sure.


  6. On 7/8/2021 at 7:36 AM, Marcos said:

    We are currently testing a deployment procedure via JAMF which will avoid the dialogs related to extension installation. We should have it ready for publishing soon.

    @Marcos The other issue is the proxy/VPN component. We're also finding that even when the service is inactive, it gets reactivated after an OS update and causes issues again.

  7. On 7/8/2021 at 7:36 AM, Marcos said:

    We are currently testing a deployment procedure via JAMF which will avoid the dialogs related to extension installation. We should have it ready for publishing soon.

    @Marcos Any updates on this, or a possible timeline?

    Our hardware orders are all coming in now, and of course new hardware is coming with Big Sur installed, so our problems are increasing rapidly.

    Thank you.

  8. We're currently running ESET Protect on-prem with Windows and OS X licenses for EEA.

    I'm referencing the EEI Help documentation, but a little unclear on some details. Could someone please walk me through what it would look like to add Enterprise Inspector so we have full EDR?

    I gather we would run up a new/separate server for EEI in addition to our existing EP server. Install EP agent on EEI server, then deploy EEI server via EP console. I also gather that clients will need two agents (one for EP and one for EEI)?

    I don't entirely understand deployment and management from there. Can I use a single web console to deploy both agents and manage all policies? Or do I need to deploy EP agents from the EP console and EEI agents from the EEI console? Is all information aggregated into a single console?

    Appreciate any pointers or clarification. TIA

  9. On 7/13/2021 at 1:40 AM, Marcos said:

    Component-based remote installation via Apple Remote Desktop is described here:

    ARD might be a suitable workaround for smaller organizations. Unfortunately, it requires too much manual intervention and constant babysitting to be viable in a larger environment.

    We need a solution that is both reliable and can be automated.

  10. Yes, it's very problematic. On our clients, once the proxy piece is installed on any Big Sur system, it breaks the internet connection. Even though it's supposed to be disabled.

    If a client chooses not to allow it, the internet connection works, but the ESET icon shows an error state. Even though it's supposed to be disabled.

    If a client allows it, the internet connection does not work. The service has to be set to inactive in order for everything to work.

    This is an issue that really needs some attention and thought. For those of us with a large client base, manual interaction and intervention on a regular basis is not feasible.

  11. Thanks for the reply.

    We use web mail, which already has malware, phishing, spam, etc. protection. My understanding is that ESET mail protection is specific to IMAP and/or POP, which we do not use nor allow. We have dedicated appliances that handle web filtering and malware.

    Regardless, the proxy piece causes pop-ups for the end users that require interaction, causing confusion and support calls. Even with JAMF we haven't been able to allow and/or suppress these. It's quite an annoyance for a feature that we don't need or want.

  12. We don't use the email and web components of the client and have them completely disabled. However, the network proxy piece still gets installed and causes issues for our end-users

    Is there a policy setting that disables or removes the proxy? Alternatively is there a way to uninstall this piece or have it not install in the first place?


  13. 16 minutes ago, MartinK said:

    What would be actually the use-case you are targeting by this report? Just to pair employees with devices that are no longer connecting?

    I need to find all OS X workstations that are missing a specific app and need to know the assigned user so that they can be contacted. Also need to include the OS version, so that we can work with the specific user to update/replace the device as needed.

  14. @MartinK; thank you -somehow I missed that.

    I'm not very familiar with reports. It seems like once I pick a Table Column or two in the Data section, the remaining data columns to select become quite limited. So for example, I'm able to choose 'logged users', 'computer name', and 'IP address', but then I don't have the option to choose connection time, OS version, or some other required info.

    Is this by design?


  15. I need to generate a report that shows all computers without a specific piece of software installed that also includes the 'assigned user'.

    I can create a dynamic group that shows systems without a specific app installed (using the 'nor' function). I can export this to csv with the required details, except there's no way I can see to include the user info.

    Reports don't seem to have an equivalent 'nor' function like the dynamic groups do so while I can pull user info, I'm unable to pull systems without specific software.

    Am I missing something obvious? Any help appreciated.

  16. @MichalJ Thanks for the explanation, makes sense. It's just annoying to have to use a second product with a second account to manage the primary product.

    I didn't look closely enough to determine if hardware fingerprints were an issue for us. It was primarily that systems had been out of contact for 1,000 to 2,000+ days, but had not been automatically removed from the console. So long as that piece gets fixed, we should be good.

  17. Thanks for the clarification. I found it to be quite confusing. In part, because now I have to manage on-prem (ESET Protect) licenses in the cloud. And my password for ELA did not work, so I had to go to EBA to reset the password to be able to log into ELA.

    It feels like a step backwards to have to use a second/additional product (cloud) to manage licenses the for primary product (on-prem). And even a further step backwards when the second product is not working reliably.

    In the meantime, I've manually deactivated those machines that haven't been online in over 1,000 days.

    Thank you.

  • Create New...