j-gray
-
Posts
620 -
Joined
-
Last visited
-
Days Won
5
Posts posted by j-gray
-
-
We don't use the email and web components of the client and have them completely disabled. However, the network proxy piece still gets installed and causes issues for our end-users
Is there a policy setting that disables or removes the proxy? Alternatively is there a way to uninstall this piece or have it not install in the first place?
TIA
-
16 minutes ago, MartinK said:
What would be actually the use-case you are targeting by this report? Just to pair employees with devices that are no longer connecting?
I need to find all OS X workstations that are missing a specific app and need to know the assigned user so that they can be contacted. Also need to include the OS version, so that we can work with the specific user to update/replace the device as needed.
-
@MartinK; thank you -somehow I missed that.
I'm not very familiar with reports. It seems like once I pick a Table Column or two in the Data section, the remaining data columns to select become quite limited. So for example, I'm able to choose 'logged users', 'computer name', and 'IP address', but then I don't have the option to choose connection time, OS version, or some other required info.
Is this by design?
-
Also, looking over the report options, I don't see a way to pull a report of systems in a Dynamic group, only Static groups.
If I could do that, I could get at the info I need based on the Dynamic group I created that is missing the specific software.
-
I need to generate a report that shows all computers without a specific piece of software installed that also includes the 'assigned user'.
I can create a dynamic group that shows systems without a specific app installed (using the 'nor' function). I can export this to csv with the required details, except there's no way I can see to include the user info.
Reports don't seem to have an equivalent 'nor' function like the dynamic groups do so while I can pull user info, I'm unable to pull systems without specific software.
Am I missing something obvious? Any help appreciated.
-
@MichalJ Thanks for the explanation, makes sense. It's just annoying to have to use a second product with a second account to manage the primary product.
I didn't look closely enough to determine if hardware fingerprints were an issue for us. It was primarily that systems had been out of contact for 1,000 to 2,000+ days, but had not been automatically removed from the console. So long as that piece gets fixed, we should be good.
-
Thanks for the clarification. I found it to be quite confusing. In part, because now I have to manage on-prem (ESET Protect) licenses in the cloud. And my password for ELA did not work, so I had to go to EBA to reset the password to be able to log into ELA.
It feels like a step backwards to have to use a second/additional product (cloud) to manage licenses the for primary product (on-prem). And even a further step backwards when the second product is not working reliably.
In the meantime, I've manually deactivated those machines that haven't been online in over 1,000 days.
Thank you.
-
@Marcos Thanks for the reply. Yes, I contacted support and learned that I had to use Cloud Protect to manage these. I then had to migrate from ESET License Administrator to Protect Cloud. Just got that completed.
However, new question: the settings are configured to deactivate after 365 days. However, I have a number that are >1,000 days.
I'm not sure why these aren't getting removed. Is there a way to force this cleanup, or do I have to do it manually?
-
ESMC shows license count at 1584/1600. The console shows a total of 1334 clients and 184 of those show 'no status', so we only have 1150 installed clients. So we should have 434 licenses free.
The License Management section shows successful recent synchronizations.
I thought there used to be a setting to release licenses when clients are removed (after 90 days of inactivity) from the console.
How can I release these licenses that aren't in use?
-
On 3/17/2021 at 4:25 AM, Matus said:
Is that what you're looking for? If you're looking for some hybrid where disabling = un-integrating from system and enabling is integrating, this is not possible and not even on a roadmap as integrating on big sur is quite complicated process...
Yes, ideally we would like to build a package that excludes the components that we don't use (e.g. Media Control, Device Control, Personal Firewall) and have a leaner client.
I doesn't look like there's a way to do this en-masse, only when performing a local/manual installation.
-
6 hours ago, Matus said:
I got it. It's normal that user sees error messages. It's a warning that protection which SHOULD be enabled, is disabled and is risk for security. If you do not want to show those messages, you've to also disable showing of application statuses:
Yes, statuses are disabled by policy for these components. Clients do not see a warning about them being disabled.
It's in the case of the Big Sur clients where they see the error state pertaining to the system extension for Web and Email protection.
From what I gather, even though web and email protection are not enabled by policy, the web and email system extension still needs to be allowed. This is unfortunate, as it appears the only way to resolve this is with a third-party application (MDM).
-
10 hours ago, Matus said:
Accepting of SEXT is possible (learn more or here), but so far we haven't figured out how to approve "Proxy Configuration".
We've contacted Apple about 1-2 month ago and we've received information that it's not possible to do remotely... But we're still looking into a way how to do it (so far without any results)...
"Of course, we do not enable these two components..." - could you please elaborate a little more? Which components and how did you not enabled them. I'm not sure what is goal you're trying to achieve by not enabling them.
Thank you
@Matus If I understand correctly, the only way to allow system extensions and full disk access is via MDM? It's not possible via ssh/terminal?
Regarding components, we disable all 'Web and Email' components via policy. In the GUI they show as disabled/grayed out, so should not be causing errors or warnings. We do this for several reasons.
-
1 hour ago, Matus said:
If you however see something wrong with WEP in GUI or terminal command, please check if:
SEXT was approved: System Preferences > Security & Privacy > General
@Matus is there a way to approve this via terminal command?
On the client, the GUI shows 'Security Risk'; "Web and Email protection is non-functional"
Of course, we do not enable these two components, so we wouldn't expect to see the error. Nonetheless, users see the error status and error messages.
-
On two systems showing this error, I uninstalled the AV and then reinstalled it. I still get the same error messages in the console for each client.
Any suggestions on how to clear this error status?
-
For those OS X clients running 6.10.460.1 and latest agent, we're finding that most if not all report the following in ERA console:
System extension required for Web and Email protection was not configured because of error. Try to restart macOS or reinstall the product. This is after upgrading to Big Sur when already on 6.10.460.1 What's more puzzling is that we do not enable Web and Email protection by policy.
Also, the user is presented with these errors frequently enough to be annoyed.
Is this expected behavior, and what is the recommended workaround?
TIA
-
I'm not finding the setting in OS X policies to display a warning or notification if virus definitions are 'X' days out of date.
Can anyone point me in the right direction?
TIA
-
I also tried the task by going to client details, then 'Installed Applications'. I selected CCleaner from the list of applications, then clicked the 'Uninstall' button.
That gave the following error: "SoftwareUninstallation: No applications matching name 'CCleaner' were found"
Despite the application being installed and being selectable as an application, it does not run.
I also tried the software uninstall client task, but CCleaner does not appear in the list of applications to select.
Pretty frustrating...
-
41 minutes ago, Marcos said:
Does it actually do something if you run the command via "psexec -s" in the system account?
Yes, this method works.
-
31 minutes ago, MartinK said:
Also note, that most common issue with run command taks is that scripts are executed with AGENT's security context, i.e. as LOCAL SYSTEM, which might have limited access to specific resources, including user desktop, and therefore extra care has to be made when accessing network shared, protected disks or even executing applications that might require access to desktop environment, or environment of standard user.
I'm going to guess that it's a permissions issue. On my test system, the task runs successfully and uninstall is successful using the command below:
Command line to run: "C:\Program Files\CCleaner\uninst.exe"/S
On any other system (all are Win10), while the task runs successfully, the uninstall does not start and the ra-run-command batch file remains in C:\Windows\Temp.
Any suggestions on how to get this simple task to run?
-
12 minutes ago, MartinK said:
If I recall correctly, working directory is probably set by "parent" process, i.e. it is set before script is started, and therefore it is not visible in script content directly.
Regarding removal of script, in case path is correct, could you verify that script is not running? In case it is blocked on execution of first line, it might explain why delete operation was not called...
Regarding working directory, I put quotes around it and it failed. This is counterintuitive, as at a command prompt, it will fail without quotes due to the space in the path.
-
Using the first option (command line to run and working directory both populated), I see the following in a batch file that is left in C:\Windows\Temp:
uninst.exe /S
del C:\Windows\TEMP\ra-run-command-92b883c9-c357-4610-9ecb-62cfa0e9f907.batThe second line is obviously failing as the batch file is still in the directory. I'm assuming based on the command that it's not referencing the working directory?
-
This should be simple, but I'm having no luck. Task runs successfully but nothing happens on the clients.
At the command line, this works perfectly: "C:\Program Files\CCleaner\uninst.exe"/S
I have the task set as follows:
Command line to run: uninst.exe /S
Working directory: C:\Program Files\CCleaner
I also tried the following:
Command line to run: "C:\Program Files\CCleaner\uninst.exe"/S
Either version runs successfully but does nothing.
Does the 'working directory' require quotes due to space in the path? I don't believe anything is being logged...
-
11 hours ago, Marcos said:
I'm unable to reproduce it. Do you mean that whenever you run a custom scan it's not logged?
Appears to be profile related; if I scan under my account (domain admin) it does not log anything. If I log in as local admin, it logs the scan(s).
Since that scan did not appear in the logs, is there any other way I can tell what the 10 detections were?
-
I installed ESET and the initial scan started, completed, and was logged. I then ran a scan on the data drive. It completed and shows 10 detections.
However, when I click on the 'Show log' link, the second scan does not appear, only the initial scan. Why is only one scan logged and how can I view the detections that were supposedly cleaned?
ESET Network Protection Proxy and Big Sur
in ESET Endpoint Products
Posted
Thanks for the reply.
We use web mail, which already has malware, phishing, spam, etc. protection. My understanding is that ESET mail protection is specific to IMAP and/or POP, which we do not use nor allow. We have dedicated appliances that handle web filtering and malware.
Regardless, the proxy piece causes pop-ups for the end users that require interaction, causing confusion and support calls. Even with JAMF we haven't been able to allow and/or suppress these. It's quite an annoyance for a feature that we don't need or want.