[ESET and VMWare View Desktops]

This worked for me.  You may want to tweak the 'both' for communication direction...but this is a start at least.

 

View - USB, Multimedia Redirection              TCP    Any Profile     Allow     Both   Port:  32111,9427

View - PCoIP                                      TCP& UDP    Any Profile     Allow     Both   Port:  4172

View - Agent reporting                                  TCP    Any Profile     Allow     Both   Port:  4001

 

You may need to add 3389 to allow RDP if you're using that instead of PCoIP.

[VDI Environments - Recomposing Images]

Having the same issues in our environment.  Except whenever I have run the 'reset cloned agent' task it never does anything.  I've run it at least 6 different times and it never works.  Agent deployments and security product deployments work fine.

[Endpoint Security 6.x and virtual desktops]

Has anyone had any success with putting the ESET Agent and Endpoint Security 6.x product on a base VMware Hoizon image?

 

I've followed these steps from a KB article but nothing seems to work.

 

With ERA (ESET Remote Administrator) it can be automated this way:

1. Install ERA agent and connect it to the ERA server

2. Install your Endpoint software

3. Create your image for the VDIs

4. Create a task for the deployed machines called "Reset Cloned Agent"

5. Use a dynamic group for "Product not activated" an apply a "Product Activation" task to that folder to automatically activate

6. Each time new Endpoint connects to ERA, it will automatically receive a request to activate this machine, without any user intervention.

NOTE: The most important is step #4, because without doing this step the unique UUID agent numbers would be "fighting“ over it, ERA must know that it was an agent used for cloning (image / base virtual image etc.).

 

My understanding is you create your base image with the agent on and eset product on it.  Run through the process of deploying your virtual desktops using the image.  Then run the 'reset cloned agent' task against those new virtual desktops.  After that they should show up in the 'product not activated' default dynamic group.  At which point you activate them. 

 

'Reset cloned agent' task never even started.  I waited over 24 hours.  Am I missing something, doing something wrong?

 

Thanks,

Owen

[How to clear out threat alerts in ERAS 6]

Within the 'computers' view the threat badges have cleared.  Under the 'Threats' tab the console still shows all of the false positives.  Wondering how to clear that out.  Wondering at this point if the Threats tab is basically considered an archival log and I would need to delete my logs?

 

Also, exclusions don't work for me.  I've excluded the directory where the Endpoint product is saying there's an 'unwanted application', done a rescan multiple times and it still pops up. I had to completely turn off Enable detection of potentially unwanted applications, Enable detection of potentially unsafe applications, and Enable detection of suspicious applications in my policy to get it to stop. 

So as far as i can tell exclusions are broken in ERAS 6

[How to clear out threat alerts in ERAS 6]

We have 30+ false positive threat alerts in our ERAS 6; how do I clear all those alerts out?

[Endpoint Security 6.x ignoring parts of policy]

We're slowly migrating from ERAS 5 to ERAS 6.  I've pushed the 6.1.444 agent and Endpoint Security 6.1.2227 product to some test machines.  All of them are flagging WinZip as a virus or potentially unwanted program even though i have c:\programfiles\winzip* defined in the exclusion list.  I also have a handful of alerts about the OS not being up-to-date even though those machiens are 100% up-to-date with updates and the policy says don't alert on updates.