kapela86 11 Posted June 8, 2017 Share Posted June 8, 2017 (edited) I'm testing ESET Remote Administrator to deploy it in my company. I run into a stupid problem. In configuring polices, I want to ADD a network to list of known networks "Personal Firewall -> Known Networks". Right now users have their own lists on their computers and I DO NOT want to replace their whole list with list supplied by ERA (and in the end, block users from changing it). Is it possible? Edited June 8, 2017 by kapela86 Link to comment Share on other sites More sharing options...
ESET Staff Oliver 9 Posted June 9, 2017 ESET Staff Share Posted June 9, 2017 Hello, policies in ERA can be merged / combined in way that you will not replace the list on the client device , just add another setting to the existing configuration on specific device . Please follow this link for more information : http://help.eset.com/era_admin/65/en-US/admin_pol_how_policies_are_applied.htm Link to comment Share on other sites More sharing options...
kapela86 11 Posted June 9, 2017 Author Share Posted June 9, 2017 Sorry but this doesn't work as it should because I tested this before posting here. I now think it is a bug in Eset Agent or whatever is applying policies on client. Here's how it can be reproduced every time: 1. I create an installer in ERA with Endpoint Security 6.5.2094.1, I add a licence, ip address of era server, I choose a policy that only has this setting: " Protection type of new networks: Ask user". 2. I install eset using that installer on a PC, after finishing it asks about current network, I set it to home/office, it gets added to known networks on client PC, let's call this network "mycompany.com" 3. In ERA I create a policy that only has " Known networks" set, I add a completely different network there with different settings, let's call it "foo.bar", I set it to Append. I assign this policy to group where that client PC is. 4. After a minute Eset on client PC updates his policies and it removes mycompany.com from list of know networks and adds foo.bar. And that's that. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted June 9, 2017 ESET Staff Share Posted June 9, 2017 The problem is, that the initial "policy" is not a policy, it's a startup configuration that is later replaced by policies. Also append / prepend works only within policies, it is not possible to append a policy to the entries entered locally on a client. We are working on a change, with addition of "local lists", which will be not affected by policies, and it will allow entries set by policy and local ones to coexist. This change is scheduled to EPV7. Currently, I would recommend a workaround, where you request config from client and convert it into policy and append entries via another policy. But I do agree, this is a bit cumbersome. Link to comment Share on other sites More sharing options...
kapela86 11 Posted June 14, 2017 Author Share Posted June 14, 2017 On 9.06.2017 at 11:32 AM, MichalJ said: This change is scheduled to EPV7. When will v7 be released? Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted June 14, 2017 ESET Staff Share Posted June 14, 2017 It´s quite early to confirm, but current estimates are for Q1/2018 Link to comment Share on other sites More sharing options...
Miami 4 Posted June 15, 2017 Share Posted June 15, 2017 On 8. 6. 2017 at 10:14 AM, kapela86 said: I'm testing ESET Remote Administrator to deploy it in my company. I run into a stupid problem. In configuring polices, I want to ADD a network to list of known networks "Personal Firewall -> Known Networks". Right now users have their own lists on their computers and I DO NOT want to replace their whole list with list supplied by ERA (and in the end, block users from changing it). Is it possible? I am just curious why you want to do that? Isn't it more secure to set by default some company network as known network and anything else as public? Then you can build your FW rules base on this and still you can be sure that your rules are applied in correct network. Link to comment Share on other sites More sharing options...
kapela86 11 Posted June 15, 2017 Author Share Posted June 15, 2017 2 hours ago, Miami said: I am just curious why you want to do that? Isn't it more secure to set by default some company network as known network and anything else as public? Then you can build your FW rules base on this and still you can be sure that your rules are applied in correct network. Some time ago I changed domain name that is sent from dhcpd to computers in our network and few computers showed that "new network detected etc etc." As almost every coworker uses standard user account, they couldn't choose what type of network it was (most computers have endpoint security v5, some have v4, i only installed v6 on few new computers). Later I discovered that some computers remembered our network by domain name, some by dhcp server ip address, some by gateway address. Later I decided to deploy ERA, was very happy to find out it's available in virtual appliance and I was testing polices with my laptop. And when I was testing Know Networks, I added one, waited for polices to apply and then I noticed all my known networks were gone. And that's it, that's why I wrote thread Link to comment Share on other sites More sharing options...
Recommended Posts