nhesetnod32

I ran into an issue with importing a new cert into the ESET Mobile Device manager policy where ESMC was not accepting certificate stating is was invalid. After working with Eset support we ended up recreating the cert with a different passphrase and the cert was validated. I believe the specific character was a '/'.

Hi nichomach, did you see this question posted in the forum? Not sure if it might help you or not but just in case:

I would like to participate in the early access program. Thank you.

Thanks MichalJ. I understand in regards to priority. I think if more folks were aware of this great feature ERA provides it may rise up the ladder :-)

Description: Incorporate Apple Volume Purchase Program into ERA Detail: ERA has functionality to incorporate Apple DEP to manage restrictions to IOS Devices. It would be a wonderful feature to also incorporate the Apple Volume Purchase Program. Apple VPP provides a feature to manage IOS Apps deployed to IOS devices without having to configure an Apple ID. Where Apple DEP is already available within Eset ERA including Apple VPP would provide full circle MDM solution without requiring another application to manage the devices.

I have configured Eset Mobile Device Connector with our Eset Remote Administrator. I have configured Apple DEP and successfully linked our Eset MDC to our Apple DEP program. I am able to create a policy and assign to a mobile device without issue. I am now attempting to configure apps from the Apple App store to be installed onto our managed devices without requiring an Apple ID. I have setup the Apple Volume Purchase Program and purchased the free apps we want to install. After conferring with Eset Suport it looks like ERA does not have a built in feature to install the Apple VPP service token. Just curious if other folks have attempted to use Eset for Mobile Device management and ran into this hurdle and if another solution was utilized?

Can a setting be added as a policy to determine the default setting of the deslock tray icon? The default is to logout/login the user. It would be great if there was a policy where we could pick what the default value could be such as Do Nothing. The more items we can lock down for end users could prevent additional help desk calls :-)

When in the Workstations container and looking at a team can the columns that display be modified? For example can the deslock version be a column you can sort by?

Hi Peter, please provide me the link to the 6.5 beta. It is greatly appreciated!

Try using a filter to filter the OS type by windows and then sorting by language. You should find the 6.2 version in the language you are looking for.

foneil - the link hxxp://support.eset.com/kb3668/ explains that the Microsoft Hotfix 2664888 is a prerequisite to update to the latest version of 6.x. Is this still true prior to deploying this latest version of the agent (6.2.190.0)? I just want to be clear if I still need to deploy that hotfix first. Thanks!

That is correct that will not install if the AV software is already installed.

Could a parameter be added to Eset to activate using the license (.ls) file? I can create an offline license file through the license administrator and use this file to manually activate Eset EAV. It would awesome if I could automate that process by using a parameter.

Wonderful news! Will there be release notes for this version posted in the forum?

I agree there are a multitude of requirements and I was just offering up an alternate solution to deploying the agent outside of using GPO. In our environment with the number of nodes and testing we did prior to full deployment we had little to no downtime and minimal interruption to our users by using the agent deployment task, assigning the EEAV software install task to a group, to deploy once the agent was installed, we had about a 95% success rate. We also had great success running the software uninstall task to remove our old AV using the Third-party antivirus software (Built with OPSWAT). It literally wiped the old AV out. Files and registry settings were completely gone! I was impressed with that process.

Actually, i cant seem to find the option you have for first connect to console etc.. I click my OU for workstations.. then new tasks.. task software install.. the only option for the static group "workstations" lists trigger type static group and Execute asap once then join the "workstations group".. I even tried creating a dynamic group, though one for "no agent installed" and set the parent group to be "workstations", for some reason it didnt populate the machines not installed, but all machines pretty much that had an agent.. something is amiss Yes, those options for the new task are OK. Once you complete all the settings in the task and save it any device that is either in that group or gets placed in the that group will have that task run against it. This assumes that the agent is already installed on the PC. I have found that if the task fails it will run the task again at a later time. Not sure if the time is hours later, next time it checks in based on your agent connection interval or if it is once a day. If you want to adjust the Expiration date select the static group by checking the box in the target list and click the Assign Trigger button.

That is interesting. I created an exclusion on a single client and still multiple days later and a couple of reboots the exclusion still exists. I am curious if I change the policy to force the exclusion policy setting it would clear my single client policy. I will have to test this out.

I deployed the agent using Admin - Server Tasks - All Task Types - Agent Deployment. You can create a task to deploy the agent to devices within your network. If the computers to deploy to are on a domain and you have added a group from your Domain with admin capabilities to access/manage the ERA console you can use that account in the Username/password fields when creating the Agent deployment task. Otherwise you can use a local admin account for the username/password. I have seen GPO used for the deployment as well but the agent deployment worked well for our environment.

I should have been more clear. You would run EEAV as admin from the client. When you get to the advanced setup, in the antivirus setttings the Exclusions section should now be enabled. Any exclusion added here will only apply to this client.

If I understand correctly you are trying to get the AV installed once the agent is deployed to the workstation? There are a few ways to create this but if you go navigate to Admin - Groups - select a group in the right hand pane there is a Tasks Tab. In here you can create a new tasks that will run the install once the machine connects to the console. I have one task that I use for each group within the network. The task will deploy Eset AV usually within minutes of connecting after the agent install. Attached are two screens that show the admin location and one for additional details on the task itself. Hope this is helpful for you.

Is there a command line parameter that can be used to activate Eset by specifying the license (.ls) file? For instance If I place the offline license file (.ls) in the same location as the installer is there a way to specify that license file as a parameter? I can use a program such as nsis to package and deploy Eset. In the command line I include the following parameters ADMINCFG="cfg.xml" I can add the parameter INSTALLED_BY_ERA=1 which supresses the activation screen. It would be tremendous if there could be another option to point to an offline license file as well. Microsoft has a command line to activate Windows and MS Office. I have used the MS Office command line to mass deploy Office and autoactivate. This would be a great feature for Eset for those of us that have devices that cannot see the ERA console.

You can follow the steps in this link to find and generate the license key and an offline license file: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3615&locale=en_US

Try Running Eset As Administrator (Right click Eset Endpoint Antivirus - Run As Administrator) and see if that allows you to edit the path exclusions.

I agree in regards to the tasks. Just a simple option when attempting to deploy the agent to a single/selected group of devices from the computers list. The option could be the next step after selecting "Deploy Agent from ERA Server", Then provide a series of options something like "Select agent task already defined", "New Agent task", then select predefined task and let it run.

Description: Eset Remote Administrator 6 Columns enhancement Detail: Currently the list of columns to display for devices in the remote console is wonderful but can a User Name column option be added? At least to show the last logged on user of a device? I could not find a future enhancements option in the Remote Administrator forum and thought I would place this here for now.