ronmanp 2 Posted August 24, 2017 Share Posted August 24, 2017 (edited) Using Endpoint Antivirus 6.6.2046.0 with ERA 6.5.522.0. We disable Protocol Filtering by policy so we also disable the application statuses that relate to it. Just after upgrading to 6.6.2046.0 from 6.5 I started having warnings about it again. After checking I see that Endpoint Antivirus 6.6.2046.0 added two new application protocol filtering statuses that can't be changed by policy yet. Please see screenshot comparing the options I have from the server vs what I have locally. I assume we'll need to wait for ERA 6.6 to fully support Endpoint Antivirus 6.6.2046.0? As a side note, I suggest that when you disable a functionality by policy the client should automatically stop sending alerts about it. Edited August 24, 2017 by ronmanp Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted August 24, 2017 Administrators Share Posted August 24, 2017 Could you please clarify why you need to keep protocol filtering off? It will make computers with Internet connection vulnerable to threats coming from the Internet. It also affects Advanced memory scanner detections. Link to comment Share on other sites More sharing options...
ronmanp 2 Posted August 24, 2017 Author Share Posted August 24, 2017 We have other products in place for that. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted August 24, 2017 Administrators Share Posted August 24, 2017 25 minutes ago, ronmanp said: We have other products in place for that. But why not to use additional protection? ESET's modules are interconnected and disabling protocol filtering also affect behavior in-memory detection by Advanced memory scanner. What issues do you run into if protocol filtering is enabled? Link to comment Share on other sites More sharing options...
ronmanp 2 Posted August 25, 2017 Author Share Posted August 25, 2017 Thanks for the advice, I'll keep that in mind but it will take time for us to evaluate the feature and roll it out to all of our endpoints. So with that said, how can I disable these two alerts like I used to be able with previous builds? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted August 25, 2017 Administrators Share Posted August 25, 2017 In the web console, navigate to Help -> About and make sure that the version of the Configuration module is 1526.2. It's currently only available on pre-release update servers so you'd need to go to Admin -> Server settings -> Updates and select "Pre-release". Link to comment Share on other sites More sharing options...
ronmanp 2 Posted August 25, 2017 Author Share Posted August 25, 2017 Thanks Marcos, I'd rather wait a bit as I found this in the documentation. Do you have an ETA for the new configuration module to make it into the regular release? We do not recommend that you select Pre-release updates for production systems as this is a risk. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted August 25, 2017 Administrators Share Posted August 25, 2017 It will be staggered release so not all users will update at once. Some users might receive it next week and the rest of users afterwards. Also thank you for pointing out this scary warning. We'll likely replace it with the description from Endpoint help: Pre-release updates are updates that have gone through thorough internal testing and will be available to the general public soon. You can benefit from enabling pre-release updates by having access to the most recent detection methods and fixes. However, pre-release updates might not be stable enough at all times and SHOULD NOT be used on production servers and workstations where maximum availability and stability is required. Link to comment Share on other sites More sharing options...
ronmanp 2 Posted September 22, 2017 Author Share Posted September 22, 2017 Fyi, I now have the latest configuration module but I still can't disable these two statuses from ERA. ESET Support Case 69797 has been opened. No ETA yet... Link to comment Share on other sites More sharing options...
e3z 3 Posted September 27, 2017 Share Posted September 27, 2017 Just an Fyi; we are experiencing the exact same issue as ronmanp on the v. 6.6.2046.0 client upgrade. Like OP stated, we are also on Configuration module 1526.2 and have other products in place to handle "Web access protection". Extensive testing would be necessary to enable this feature as this change would affect many users. Thank you & no response needed Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted September 27, 2017 Administrators Share Posted September 27, 2017 1 hour ago, e3z said: Just an Fyi; we are experiencing the exact same issue as ronmanp on the v. 6.6.2046.0 client upgrade. Like OP stated, we are also on Configuration module 1526.2 and have other products in place to handle "Web access protection". Extensive testing would be necessary to enable this feature as this change would affect many users. Thank you & no response needed Check also the version of the Translation support module. What type of update do you have selected in the Server setup? With "regular update", I have the following modules: Update module 1069 (20161122) Translation support module 1630 (20170922) Configuration module 1526.2 (20170811) SysInspector module 1269 (20170321) Regarding disabled Web access protection, if would like I could provide you with some very fresh phishing/scam/malicious links that would be blocked by ESET. You could try them on an isolated system to find out if your current solution would block them or not. Nevertheless, it's also important to take into account that ESET's protection modules are interconnected and information from the firewall or Web access protection could be used by other protection modules while evaluating the suspiciousness of an object. Link to comment Share on other sites More sharing options...
e3z 3 Posted September 27, 2017 Share Posted September 27, 2017 Hi Marcos, we are also set to Regular update. Our Transition support module is v. 1611 instead of 1630 as you are displaying. Could it be that we have yet to receive an update that would correct the issue? Thank you for a further explanation of Web access protection and how it interacts with other ESET modules. I can revisit the possibility of enabling this feature as time & tide will allow. Link to comment Share on other sites More sharing options...
ronmanp 2 Posted September 27, 2017 Author Share Posted September 27, 2017 Same here. I've been told by ESET support that ERA 7 is coming out and it should support all the 6.6 configurations out of the box. Also been suggested to locally configure a client, click on request configuration from ERA and then create a new policy with the imported configuration. I didn't try that as I'll just be sticking to 6.5 until there's a proper solution. Link to comment Share on other sites More sharing options...
e3z 3 Posted September 27, 2017 Share Posted September 27, 2017 Thank you for your input ronmanp. Your post has been extremely helpful in troubleshooting this issue. Link to comment Share on other sites More sharing options...
Recommended Posts