Jump to content

Chadh

Members
  • Content Count

    75
  • Joined

  • Last visited

  • Days Won

    3

Posts posted by Chadh

  1. Hi bbraunstein,

     

    Creating your own report or template by creating/modifying the XML code is not officially supported. The only supported method is to create a custom template using the Remote Administrator Console. For more information, please see the ESET Knowledgebase article below:

    How do I create a custom web dashboard report in ESET Remote Administrator? (5.x)

     

    Other members of the community may have suggestions how to accomplish this, however.

     

    Thank you,

    ChadH

  2. Hi kosmito,

     

    Greylisting will analyze mail sent from each unique server address. Gmail, and most other web-based email providers, use many servers to send email.

     

    As Bart suggested, you can set domains or IP addresses to bypass the Greylisting. When evaluating emails, Mail Security takes into account the configurations of the Approved IP addresses list, the Ignored IP addresses list, the Safe Senders list on the Exchange server, the Allow IP list on the Exchange server, and the AntispamBypass settings for the recipient mailbox. However, this will also bypass all other Mail Security Antispam scanning.

     

    Thank you,

    ChadH

  3. Hello MATTRIZZO81,

     

    Please upgrade Remote Administrator to the latest version, 5.2.22. For directions on this process, please use the link below:

     

    How do I upgrade ESET Remote Administrator to the latest version?

     

    After upgrading Remote Administrator server and console, verify if the notification is working correctly. If it is still not working, delete the existing rule, and recreate the notification.

     

    Thank you,

    ChadH

  4. Hello Steven Theck,

     

    Please configure the sending server’s IP address in the Exchange Allow List. For directions on this process, please see the appropriate TechNet articles below:

    After configuring the Allow List, please ensure Mail Security is configured to exclude the addresses on the Exchange Allow List from Antispam scanning. Please follow the steps below for this process:

    1. Open EMSX main program window.
    2. Press the F5 key to enter the Advanced Setup tree.
    3. Navigate to Server protection -> Antispam protection -> Microsoft Exchange Server -> Transport Agent.
    4. In the Transport Agent window, enable the setting "Use Exchange Server whitelists to automatically bypass antispam protection".
    5. Click OK to close the Setup window.
    6. Press the F5 key to enter the Advanced Setup tree.
    7. Navigate to Server protection -> Antispam protection -> Antispam engine and click "Reload of antispam engine parameters".
    8. Click OK to close the Setup window.

    After configuring both of these settings, all emails from the specified server should bypass Greylisting and all other Antispam scanning.

     

    Thank you,
    ChadH

  5. Hello TyNewton,

     

    Please change the syslog_class values in esets.cfg and restart the esets daemon. For directions on this process, please see the steps below:

    1. Edit the configuration file, the default location is /etc/opt/eset/esets/esets.cfg
    2. Locate the following entry: syslog_class = "error:warning:summall:part"
    3. Change the entry to: syslog_class = "error:warning:summ:part"
    4. Save the configuration file
    5. Restart the esets daemon using the following command: sudo service esets restart

     

    Thank you,

    ChadH

  6. Hello Arakasi,

     

    This function is simply a different interface for the NET SEND function within Windows. To test this functionality, please try using the NET SEND command from a Command Prompt window running on the server hosting ESET Remote Administrator Server. Please see the following Microsoft TechNet article for your reference: Net send

     

    From the article:

    • The Messenger service must be running for messages to be received.
    • You can send a message only to a name that is active on the network. If you send the message to a user name, that user must be logged on and running the Messenger service to receive the message.

    If the NET SEND command works from Command Prompt, but does not work using the Remote Administrator, please let me know.

     

    Thank you,

    ChadH

  7.  Hi jtelep,

     

    This issue occurs because there is a hard-coded limit to the size of files Remote Administrator (ERA) can accept from its clients. By default, File Security for Linux will log every object it scans.

     

    To resolve this, our Linux developers suggest changing File Security’s configuration file (esets.cfg) to log only important events (e.g. errors, warnings, etc.). Simply change the syslog_class values in esets.cfg and restart the esets daemon. This will reduce the log size so there should not be any issue transferring them to the ERA server. For directions on this process, please see the steps below:

    1. Edit the configuration file, the default location is /etc/opt/eset/esets/esets.cfg
    2. Change line 73 to: syslog_class = "error:warning:summ:part"
    3. Save the configuration file
    4. Restart the esets daemon using the following command: sudo service esets restart
    5. Send an On-Demand scan task from the ERA server, or wait until the next scheduled scan completes

     

    Thank you,
    ChadH

  8. Hello Kittamaru,

     

    I apologize in advance for my lack of knowledge on this subject - I've been thrust into a role I wasn't quite prepared for and am scrambling to get caught up as quickly as possible!

     

    No problem. J Everyone starts out as a beginner. Hopefully we can address your questions and concerns.

     

    Do the groups allow (as I think) for different policies to be distributed to different workstations?

     

    Definitely. For more information about groups and using them to assign policies, please see the Knowledgebase articles below for instructions on this process:

    Please note, if you use Parametric Groups to automatically assign your clients based on specified parameters, the Enter Rule Condition field will accept wildcards. For example, an OS Name Mask of “*server*” (without the quotes) will create a group of all clients connected to Remote Administrator that are running a Windows Server operating system (e.g. Server 2003, Server 2008, etc.).

     

    Now, I have access to the remote server and the workstations, so my thought was I would use groups to maintain different policies. The reason is, some workstations will need to have access to the internet for looking up prices, parts, etc, while others should be restricted to manufacturer websites only

     

    If you are using Endpoint Antivirus, you can use Web Access Protection to allow/block web sites by the URL. For more information about Web Access Protection, please see the Knowledgebase article below for instructions on this process:

    If you want to block all web sites, except for those you want to explicitly allow, please follow the steps below:

    1. Open the main program window by double-clicking the ESET icon in your Windows notification area or by clicking Start  All Programs  ESET  ESET Endpoint Security or ESET Endpoint Antivirus.
    2. Press the F5 key to open the Advanced Setup window.
    3. Expand Web and email  Web access protection, click URL address management and then select List of addresses excluded from filtering from the drop-down menu.
    4. Select the check box next to Allow access only to HTTP addresses in the list of allowed addresses.
    5. Select List of allowed addresses from the drop-down menu.
    6. Click Add to individually add the addresses you want to allow users to access. For each website, be sure to include a wildcard "*" symbol, as in "*eset.com*". Click OK to save your changes.
    7. Click OK to save your changes and exit the Advanced Setup window.

    Thank you,

    ChadH

  9. Hello WBlank,

     

    First, please ensure both the Remote Administrator (ERA) server and console are on the latest version on the old server and the new server.

    For instructions on this process, please see our Knowledgebase article How do I upgrade ESET Remote Administrator to the latest version?Next, please set the clients to use the new server’s address, using the Policy Manager. Please make these adjustments to the policy on both the old and new ERA server. For instructions on this process, please see below:

    1. Open the ESET Remote Administrator console (ERAC) by double-clicking the ESET Remote Administrator Console icon on your Desktop, or by clicking Start  All Programs  ESET  ESET Remote Administrator Console  ESET Remote Administrator Console.
    2. Click Tools  Policy manager.
    3. Select the policy that applies to the client workstations you want to transfer to your new server and click Edit.
    4. Please navigate to the appropriate location for you product(s), based on the directions below:
      1. For Endpoint products: Expand Windows desktop v5  Kernel  Settings  Remote administration and then click Primary server address.
      2. For NOD32 and Smart Security Business Edition version 3 and 4: Expand Windows product line v3 and v4  Kernel  Settings  Remote administration and then click Primary server address.
      3. For File Security for Windows Server: Expand Windows Server 4.5  File Security 4.5 for MS Windows Server  General Settings  Miscellaneous  Remote administration  Primary server and then click Server address.
      4. For Mail Security for Exchange: Expand Windows Server 4.5  Mail Security 4.5 for MS Exchange Server  General Settings  Miscellaneous  Remote administration  Primary server and then click Server address.
    5. Type the hostname or IP address of your new server into the Value field.
    6. Please navigate to the appropriate location for you product(s), based on the directions below:
      1. For Endpoint products: Expand Windows desktop v5  Update  Profile  Settings, and then click Update server.
      2. For NOD32 and Smart Security Business Edition version 3 and 4: Expand Windows product line v3 and v4  Update  Profile  Settings, and then click Update server.
      3. For File Security for Windows Server: Expand Windows Server 4.5  File Security 4.5 for MS Windows Server  Update module  Profile and then click Update server.
      4. For Mail Security for Exchange: Expand Windows Server 4.5  Mail Security 4.5 for MS Exchange Server  Update module  Profile and then click Update server.
    7. Type the hostname (or IP address) and port # of the new server into the Value field in the form hxxp://hostname:2221 (or hxxp://xxx.xxx.x.x:xxxx)
    8. Click Console and then click Yes to save your changes. Client workstations assigned to this policy will inherit your new server settings the next time that they check into the ERAS.

    If your workstations are not appearing in the Clients tab of the new Remote Administrator, please click or copy/paste the following ESET Knowledgebase article into your web browser:

    Why can't I see client workstations in the client tab of the ESET Remote Administrator Console?

     

     

    Thanks,

    ChadH

  10. Hello bootsoft,

     

    Please follow the steps below to import a custom SSL certificate for use with the Dashboard:

     

    Please Note: these directions assume Remote Administrator Server 5 is installed with the default locations and Remote Administrator Console is installed on the same system.

    1. Copy your certificate file to the Remote Administrator Server configuration directory. This directory is located at the following location:
      1. Server 2003, XP:

    C:\Documents and Settings\All Users\Application Data\ESET\ESET Remote Administrator\Server\configuration\

    1. Server 2008, 2011, 2012; Windows 7, 8:

    C:\ProgramData\ESET\ESET Remote Administrator\Server\configuration\

    1. Open the ESET Remote Administrator Console (ERAC) by double-clicking the ERAC icon on your desktop, or by clicking Start -> All Programs -> ESET -> ESET Remote Administrator Console -> ESET Remote Administrator Console.
    2. In the main program window, click Tools -> Server Options.
    3. Click the Advanced tab -> Edit Advanced Settings -> ESET Remote Administrator -> ERA Server -> Settings -> Dashboards.
    4. Click Local certificate and change the Value field from configuration\era_http_cer.pem to the name of your certificate file, including the extension. Ensure configuration\ precedes the name of your certificate file.
    5. Click Local certificate type and select the appropriate certificate type from the Value drop-down menu.
    6. Click Local certificate key and change the Value field from configuration\era_http_key.pem to the name of your key file (if needed for your certificate type), including the extension. Ensure configuration\ precedes the name of your certificate file (if needed for your certificate type).
    7. Click Local certificate key type and select the appropriate certificate key type from the Value drop-down menu.
    8. Click Console to save your changes.
    9. Restart the ESET Remote Administrator Server and ESET RA HTTP Server services. For directions on this process, please click here.

    You should now be able to connect to the Dashboard with your custom certificate.

     

    Thank You,
    ChadH

  11. Hi Infractal,

     

    Sorry for the slow response. We have a newly released version of Endpoint Antivirus, 5.0.2228, which contains some additional fixes for SSL. Please upgrade to the latest version and see if the issue persists:

     

    How do I Download and Install ESET Endpoint products? (5.x)

     

    If the issue persists after upgrading, please PM me your license information (ESET username and email) and I will open a case. We will need to collect additional logging information to submit to our developers.

     

    Thank you,

    ChadH

  12. Hello nfree,

     

    Please try restarting the ESET Remote Administrator server service. For directions on this process, please click or copy/paste the following ESET Knowledgebase article into your web browser
    -------------------------------------------------------------------------------
    How do I restart the ESET Remote Administrator Server service?
    hxxp://kb.eset.com/zap/SOLN743
    -------------------------------------------------------------------------------

     

    You will need to reconnect the console to the server after restarting the service. Please try deleting the client after reconnecting.

     

    Thank you,

    ChadH

  13. Hello dpaul@pionbank,

     

    ESET Mail Security for Microsoft Exchange Server (EMSX) requires a supported version of Exchange to be installed on the system prior to installing EMSX. It will not install on a system without Exchange.

    For support operating systems and versions of Exchange, please see Section 1.2 - System Requirements in the EMSX User Guide.

     

    Thank you,

    ChadH

  14. Hello bot,

     

    Thank you for your patience.

     

    I believe any AS exclusions (approved senders etc) would be performed after a rule check.

     

    You are correct, Rules will apply before the Antispam Engine filters the email.

     

    For the By message recipient condition to work as expected, the value needs to be defined using the following syntax: “usera@contoso.com” OR “usera” (with the quotes included). For example: “Richard.Parker@contoso.com” OR “Richard Parker” (with the quotes included).

     

    Next, you need to use operator OR for additional email addresses. For example: “Richard.Parker@contoso.com” OR “Richard Parker” OR “John.Doe@contoso.com” OR "John Doe" (with the quotes included).

     

    To achieve your desired result, you will need to create two rules; this can’t be accomplished with only one rule. You need the following rules:

     

    Rule 1:

    • By message recipient
    • condition: "usera@contoso.com" OR “usera” OR "userb@contoso.com" OR “userb”
    • action: “No action”
    • Evaluate other rules: leave unchecked (ensures to skip all other rules)
    • Scan by AS: leave checked
    • Scan by AV: leave checked

    Rule 2: (Rule 1 MUST be a higher priority than Rule 2)

    • By attachment type: *.7z;*.ace;*.arj;*.bz2;*.cab;*.dbx;*.gz;*.lha;*.msi;*.rar;*.sis;*.tar;*.zip;*.exe

    Thank you,

    ChadH

  15.  Hello Razzle69,

     

    The setting On multi-user systems, display notifications on the screen of this user will only apply if the ESET product is installed on a machine with multiple simultaneous users logged in (e.g. Terminal Servers).

     

    On most single-user systems (e.g. desktop/laptop workstations), ESET will display the threat notifications to the currently logged-in user. Please follow these steps to ensure your users are notified about threats found:

    1. Open the ESET Remote Administrator Console by double-clicking the ERAC icon on your Desktop, or by clicking Start -> All Programs -> ESET -> ESET Remote Administrator Console -> ESET Remote Administrator Console.
    2. In the main program window, click Tools and then Policy Manager.
    3. Select your desired policy and click Edit to open ESET Configuration Editor.
    4. Navigate to Windows Desktop v5 -> Kernel -> Settings -> Default user interface values.
    5. Select Suppress user settings and click the check box on the right to enable this option. Click the Mark button on the right, if it can be clicked.
    6. Select Minimum verbosity of events to display and ensure the value is Informative records or Warnings. Click the Mark button on the right, if it can be clicked.
    7. Select Display only notifications requiring user intervention and uncheck the box on the right. Click the Mark button on the right, if it can be clicked.
    8. Click File -> Save.
    9. Click File -> Quit.

    These settings will be adjusted after the clients assigned to this policy check-in to the Remote Administrator server. The users will need to log out and log back in before the changes will take effect.

     

    Thank you,

    ChadH

  16. Hello JonBastyan,

     

    These attachments are necessary for the HTML to display correctly. Removing them or hiding them is not currently an ability of the Remote Administrator reports.

     

    We are looking into improving the Report function of Remote Administrator; however, we do not have a timeline for when any changes will be implemented.

     

    Thanks,

    ChadH

  17. Hello Mark,

     

    Emails that are received from senders that are on your Blocked Senders list in Mail Security will be immediately considered as spam. As a result, they will be handled based how you have configured Mail Security to handle spam (the default behavior is to tag the email with [sPAM] in the subject line and deliver the email to the intended recipient).

     

    There is no way to use the Blocked Senders list to immediately delete email, unless Mail Security is configured to delete all email flagged as spam.

     

    If you would like to automatically delete the email that meet certain conditions, instead of treating them as spam, you can set up a user-defined rule. These rules will apply before the antispam module scans the email. In your case, you can configure a rule to delete emails from a specific domain. For more information about rules and how to configure them, please see Section 3.1.2 - Rules in the Mail Security user manual.

     

    Thank you,

    ChadH

×
×
  • Create New...