Jump to content

Local change of settings


xola

Recommended Posts

Hi,

 

I'm using ESET EPS 6.4.2014.2 and ERA 6.4.295.0 (seems to be up to date).  When I try to change the settings (managed via policy) on a client computer after typing the security password, I could change some of the settings in the advanced settings. But some of the settings are write protected and a light lock sign appears beside the switch. How could I change this settings on a specific client?

 

Thanks in advance for any feedback.

 

Regards, xola

Link to comment
Share on other sites

  • Administrators

That's because the locked settings are controlled by a policy so you cannot change them on clients. However, as of Endpoint v6.5 you will be able to define exceptions for settings that can be overriden locally after entering a password. These exceptions will be controlled by policies too.

Link to comment
Share on other sites

Thank you for your answer. How can I create an exception?

 

For better unterstanding I want to do the following:

 

- Create a policy for default settings on all clients

- Protect the settings on the clients by password

- Allow to overwrite settings if I have the password

 

Is it possible to do this with policies and exceptions?

 

 

Regards, xola

Link to comment
Share on other sites

  • ESET Staff

Hello xola, the short answer is : Not at the moment.

 

For ESET Endpoint Security / Antivirus 6.5, there will be the option to configure "override mode" access.

However, it still won´t be able to specify local exclusions. It will work in a way, that for the duration of the "override mode" it will make all of the settings "unlocked", and after it ends, it will apply back the settings set by policy.

Best practice scenario would be to test the local exclusions, and then notify the administrator, to add them to the policy for your client.

In ERA 6.5 it would be also possible to "append" granular exclusions on top of other exclusion lists from other policies (basically merge multiple exclusion lists).

 

For what reason you would like to grant your users to have the ability to define exclusions? As wrongly set exclusions might make the entire security product ineffective.

Edited by MichalJ
Link to comment
Share on other sites

Hi Michal,

 

the users themselfes should never be able do do some exclusions. But the admin should be able to do this. In my case a password protection would be enough security for that.

 

What you describe is exectly what I want: Enter the override mode by password and set back after the reason for this was fixed. But for me it semms that this won't be able with policies, because I could enter the override mode, but could not change the settings. So with the password I could only look at the settings, but could not change them because they are locked. Or is there a way to do this?

 

xola

Link to comment
Share on other sites

  • Administrators

What you describe is exectly what I want: Enter the override mode by password and set back after the reason for this was fixed. But for me it semms that this won't be able with policies, because I could enter the override mode, but could not change the settings. So with the password I could only look at the settings, but could not change them because they are locked. Or is there a way to do this?

 

It will work this way:

1, You'll enable Override mode, specify the maximum time for it, select AD users who will be able to activate it and enable other policy settings.

2, The policy will be downloaded by agent.

3, Users authorized to use the Override mode will be able to change settings otherwise set by a policy.

Link to comment
Share on other sites

1, You'll enable Override mode, specify the maximum time for it, select AD users who will be able to activate it and enable other policy settings.

 

Yes, that's what I need.  Question is where to enable the override mode, and how to specify the maximum time. Could you help me again?

 

Xola

Link to comment
Share on other sites

  • Administrators

 

1, You'll enable Override mode, specify the maximum time for it, select AD users who will be able to activate it and enable other policy settings.

 

Yes, that's what I need.  Question is where to enable the override mode, and how to specify the maximum time. Could you help me again?

 

All these settings will be available when creating or editing a policy. Note that this feature is not currently available and will be first supported by v6.5 Endpoint, server products and ERA.

Link to comment
Share on other sites

 

It will work this way:

1, You'll enable Override mode, specify the maximum time for it, select AD users who will be able to activate it and enable other policy settings.

 

Hi,

does it means it will be mandatory to be in a domain, and to have authenticated domain users to be able to enter in override mode ?

 

BR,

GT

Link to comment
Share on other sites

  • 4 months later...

I will just add that override mode can be activated from client side through "Advanced setup".  There is a "Override policy" button down on the left side.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...