xola 0 Posted November 11, 2016 Share Posted November 11, 2016 Hi, I'm using ESET EPS 6.4.2014.2 and ERA 6.4.295.0 (seems to be up to date). When I try to change the settings (managed via policy) on a client computer after typing the security password, I could change some of the settings in the advanced settings. But some of the settings are write protected and a light lock sign appears beside the switch. How could I change this settings on a specific client? Thanks in advance for any feedback. Regards, xola Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted November 11, 2016 Administrators Share Posted November 11, 2016 That's because the locked settings are controlled by a policy so you cannot change them on clients. However, as of Endpoint v6.5 you will be able to define exceptions for settings that can be overriden locally after entering a password. These exceptions will be controlled by policies too. Link to comment Share on other sites More sharing options...
xola 0 Posted November 11, 2016 Author Share Posted November 11, 2016 Thank you for your answer. How can I create an exception? For better unterstanding I want to do the following: - Create a policy for default settings on all clients - Protect the settings on the clients by password - Allow to overwrite settings if I have the password Is it possible to do this with policies and exceptions? Regards, xola Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted November 11, 2016 ESET Staff Share Posted November 11, 2016 (edited) Hello xola, the short answer is : Not at the moment. For ESET Endpoint Security / Antivirus 6.5, there will be the option to configure "override mode" access. However, it still won´t be able to specify local exclusions. It will work in a way, that for the duration of the "override mode" it will make all of the settings "unlocked", and after it ends, it will apply back the settings set by policy. Best practice scenario would be to test the local exclusions, and then notify the administrator, to add them to the policy for your client. In ERA 6.5 it would be also possible to "append" granular exclusions on top of other exclusion lists from other policies (basically merge multiple exclusion lists). For what reason you would like to grant your users to have the ability to define exclusions? As wrongly set exclusions might make the entire security product ineffective. Edited November 11, 2016 by MichalJ Link to comment Share on other sites More sharing options...
xola 0 Posted November 11, 2016 Author Share Posted November 11, 2016 Hi Michal, the users themselfes should never be able do do some exclusions. But the admin should be able to do this. In my case a password protection would be enough security for that. What you describe is exectly what I want: Enter the override mode by password and set back after the reason for this was fixed. But for me it semms that this won't be able with policies, because I could enter the override mode, but could not change the settings. So with the password I could only look at the settings, but could not change them because they are locked. Or is there a way to do this? xola Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted November 11, 2016 Administrators Share Posted November 11, 2016 What you describe is exectly what I want: Enter the override mode by password and set back after the reason for this was fixed. But for me it semms that this won't be able with policies, because I could enter the override mode, but could not change the settings. So with the password I could only look at the settings, but could not change them because they are locked. Or is there a way to do this? It will work this way: 1, You'll enable Override mode, specify the maximum time for it, select AD users who will be able to activate it and enable other policy settings. 2, The policy will be downloaded by agent. 3, Users authorized to use the Override mode will be able to change settings otherwise set by a policy. Link to comment Share on other sites More sharing options...
xola 0 Posted November 11, 2016 Author Share Posted November 11, 2016 1, You'll enable Override mode, specify the maximum time for it, select AD users who will be able to activate it and enable other policy settings. Yes, that's what I need. Question is where to enable the override mode, and how to specify the maximum time. Could you help me again? Xola Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted November 11, 2016 Administrators Share Posted November 11, 2016 1, You'll enable Override mode, specify the maximum time for it, select AD users who will be able to activate it and enable other policy settings. Yes, that's what I need. Question is where to enable the override mode, and how to specify the maximum time. Could you help me again? All these settings will be available when creating or editing a policy. Note that this feature is not currently available and will be first supported by v6.5 Endpoint, server products and ERA. Link to comment Share on other sites More sharing options...
xola 0 Posted November 12, 2016 Author Share Posted November 12, 2016 Ok, I see. Do you know the date when this will be released? Xola Link to comment Share on other sites More sharing options...
Zashita 0 Posted November 15, 2016 Share Posted November 15, 2016 It will work this way: 1, You'll enable Override mode, specify the maximum time for it, select AD users who will be able to activate it and enable other policy settings. Hi, does it means it will be mandatory to be in a domain, and to have authenticated domain users to be able to enter in override mode ? BR, GT Link to comment Share on other sites More sharing options...
Miami 4 Posted March 29, 2017 Share Posted March 29, 2017 I will just add that override mode can be activated from client side through "Advanced setup". There is a "Override policy" button down on the left side. Link to comment Share on other sites More sharing options...
Recommended Posts