Jump to content

j-gray

Members
  • Posts

    352
  • Joined

  • Last visited

  • Days Won

    4

Kudos

  1. Upvote
    j-gray gave kudos to MichalJ in Adding Enterprise Inspector   
    Hello @j-gray, I will try to help.
    Our EDR works in a way, that it requires a separate server with a separate console, however the "EDR console" is inteded only for incident investigation. Management / deployment / activation still happens in ESET PROTECT.
    So given the fact that you have already deployed ESET PROTECT environment, those are the steps needed: 
    Install ESET Enterprise Inspector on a dedicated machine. You will have to connect it to your ESET PROTECT, as it uses single sign on between those two, and ESET PROTECT is the one that is also managing user access rights. On this machine, also install ESET PROTECT Agent (you will need it, for future updates).  EEI server needs to be installed manually, you can´t do it from EP Server (not the first time).  Once your EEI Server is installed and running, you can proceed with installation of a component called "EEI Agent". Even though it is named "agent" it is a very small binary, that just sends the detection metadata gathered by our Endpoints (Endpoint is the "AGENT" per se) to the EEI Server, where the detection logic resides.  You will have to specify the EEI server connection details into the policy for EEI agent, that you can assign to group all (they will connect). Also, you will have to activate EEI Agent (If you have the latest version of ESET PROTECT, there is a context menu option called "deploy EEI Agent", that will do the trick for you).  Once you have your environment setup, EEI detections will appear also in ESET PROTECT. From there, you can easily navigate to details of each detection. You can also access the EEI UI directly, if you are interested in just the EDR functionality. 
    Hope that this helps.
    Michal 
     
  2. Upvote
    j-gray gave kudos to Wozz in ESET Network Protection Proxy and Big Sur   
    On a Mac/Big Sur  ( using Eset C/S Pro ) An issue with WEB/MAIL not activating I found that ESET Network Protection Proxy , required me to tick the connect on demand box 'every time' the computer was started. ( its found in the apple icon "system preferences/network"  )
    I was running Surfshark VPN on WireGuard so I changed the Surfshark setting back to Automatic IKEv2 , this solved the problem of the WEB/EMAIL protection failing to start after a reboot. (I no longer need to tick the sys pref/network)
    I tried it again with WireGuard on and the issue returned so theres definitely a conflict between the VPN and ESET there may be other conflicts however this fixed my issue.
  3. Upvote
    j-gray gave kudos to karlmikaeloskar in ESET Network Protection Proxy and Big Sur   
    Please just try for a second and understand the problem we are having with Eset on Big Sur since November 2020.
    When installing it prompts the user to approve a network proxy. If they approve, and web and email protection is turned off: We loose network connectivity. If they approve and web and email is on: Our VPN etc breaks. If they don't approve they get a warning that their machine is not protected. But at least things keep working.
    There is a button to enable or disable web and email protection and it doesn't work. Wether that is a risk to take or not is not the point. Your answer is not very helpful when you are arguing against what your customer wants to do.
    Also, keep in mind that this is on a platform where most people do not run an antivirus at all. We are looking at this from completely different sides. And a lot of my peers are looking for other AV products.
  4. Upvote
    j-gray received kudos from MichalJ in Help generating a software report with user login info   
    I need to find all OS X workstations that are missing a specific app and need to know the assigned user so that they can be contacted. Also need to include the OS version, so that we can work with the specific user to update/replace the device as needed.
  5. Upvote
    j-gray gave kudos to MartinK in Help generating a software report with user login info   
    Actually it works in a way that only "supported" combinations are possible, so once you select more and more columns, there is less possibilities to chose from. So from technical perspective, it is "by design" as required combination is most probably not available.
    What would be actually the use-case you are targeting by this report? Just to pair employees with devices that are no longer connecting?
  6. Upvote
    j-gray gave kudos to MartinK in Help generating a software report with user login info   
    Not sure I understand correctly, but filtering devices based on dynamic groups should be farily easy: just filter has t obe added to reports:

    but there might be conflict with other settings, preventing use of such filter.
  7. Upvote
    j-gray gave kudos to TomasP in Current versions of ESET Endpoint for Mac and ECA, ERA 6.x and ESMC 7.0 Management Agents will not support the upcoming macOS 10.15 Catalina   
    Hello @j-gray, our KB backend underwent some changes since then and, unfortunately, not all links were preserved, sorry about that.
    Here is the working link to that content: https://support.eset.com/en/news7335-11th-of-october-2019-eset-business-products-support-for-macos-1015-catalina
    However, that story is over 1 year old, all our current products for macOS run on 10.15.
  8. Upvote
    j-gray gave kudos to MartinK in Proxy Error from multiple clients   
    In case you are using ESET Apache HTTP proxy, it is probable that connections to port 8883 are blocked but it is not clear whether this is the issue. Could you verify configuration of:
    AllowCONNECT 443 563 2222 in httpd.conf? It is possible that enabling this port 8883 will helps AGENT to connect successfully.
    In case direct connection to EPNS servers is not possible, multiple alternatives, including port variants (443,8883) are tried to ensure that connection is made even when configuration is not possible.
  9. Upvote
    j-gray gave kudos to Marcos in PUP not handled   
    Today we've released a fixed version of the Antivirus and antispyware module 1552.3 which addresses cleaning issues on Mac. Could you please check if PUAs are now cleaned properly?
  10. Upvote
    j-gray gave kudos to itman in PUP not handled   
    See this thread: https://forum.eset.com/topic/19081-jsspigotb/ . Also refer to the Eset knowledgebase article link I posted in the thread.
  11. Upvote
    j-gray received kudos from wdbrokaw in Last Connected Not Correct   
    I've found similar instances and attribute it to some form of agent corruption. I haven't found an easy way to repair the agent, but the majority of the time, simply uninstalling and reinstalling the agent resolves the issue.
    Not what I would consider a "fix", but does get things working again.
  12. Upvote
    j-gray gave kudos to Marcos in Agent upgrade task   
    You should not use the Agent deployment task which is intended for deploying agent if not installed yet. To upgrade existing agent to the latest version, use the client task "Security Management Center component upgrade" which you can assign to a dynamic group with outdated agent version, using the Joined dynamic group trigger .
     
  13. Upvote
    j-gray gave kudos to MartinK in All clients are members of all dynamic groups?   
    Unfortunately you are right. Issue has been discovered during ESMC "Early Access" but was not resolved yet. As you noted, it does not respect hierarchy of groups, only results of matching dynamic group templates.
  14. Upvote
    j-gray received kudos from BenjaminMH in Future changes to ESET Endpoint programs   
    Exactly. Though I view wake-up call more like wake-on-lan, requiring network broadcast, which is not a good practice across multiple subnets.
     
    I'm looking for a simple 'send policy' that doesn't require network broadcast. Even if it's a basic command I can run from the client (remotely).
×
×
  • Create New...