Jump to content

6.6 Application Statuses


ronmanp
 Share

Recommended Posts

Using Endpoint Antivirus 6.6.2046.0 with ERA 6.5.522.0.

We disable Protocol Filtering by policy so we also disable the application statuses that relate to it. Just after upgrading to 6.6.2046.0 from 6.5 I started having warnings about it again.

After checking I see that Endpoint Antivirus 6.6.2046.0 added two new application protocol filtering statuses that can't be changed by policy yet. Please see screenshot comparing the options I have from the server vs what I have locally. I assume we'll need to wait for ERA 6.6 to fully support Endpoint Antivirus 6.6.2046.0?

As a side note, I suggest that when you disable a functionality by policy the client should automatically stop sending alerts about it.

ESET Endpoint Antivirus.png

Edited by ronmanp
Link to comment
Share on other sites

  • Administrators

Could you please clarify why you need to keep protocol filtering off? It will make computers with Internet connection vulnerable to threats coming from the Internet. It also affects Advanced memory scanner detections.

Link to comment
Share on other sites

  • Administrators
25 minutes ago, ronmanp said:

We have other products in place for that.

But why not to use additional protection? ESET's modules are interconnected and disabling protocol filtering also affect behavior in-memory detection by Advanced memory scanner. What issues do you run into if protocol filtering is enabled?

Link to comment
Share on other sites

Thanks for the advice, I'll keep that in mind but it will take time for us to evaluate the feature and roll it out to all of our endpoints.

So with that said, how can I disable these two alerts like I used to be able with previous builds?

Link to comment
Share on other sites

  • Administrators

In the web console, navigate to Help -> About and make sure that the version of the Configuration module is 1526.2.

It's currently only available on pre-release update servers so you'd need to go to Admin -> Server settings -> Updates and select "Pre-release".

Link to comment
Share on other sites

  • Administrators

It will be staggered release so not all users will update at once. Some users might receive it next week and the rest of users afterwards.

Also thank you for pointing out this scary warning. We'll likely replace it with the description from Endpoint help:

Pre-release updates are updates that have gone through thorough internal testing and will be available to the general public soon. You can benefit from enabling pre-release updates by having access to the most recent detection methods and fixes. However, pre-release updates might not be stable enough at all times and SHOULD NOT be used on production servers and workstations where maximum availability and stability is required.

Link to comment
Share on other sites

  • 4 weeks later...

Fyi, I now have the latest configuration module but I still can't disable these two statuses from ERA

ESET Support Case 69797 has been opened. No ETA yet...

image.png.8c253a4f1f4962ce1a564481e1c6f44a.png

image-2017-09-22-08-46-26-796.png

Link to comment
Share on other sites

Just an Fyi; we are experiencing the exact same issue as ronmanp on the v. 6.6.2046.0 client upgrade. Like OP stated, we are also on Configuration module 1526.2 and have other products in place to handle "Web access protection". Extensive testing would be necessary to enable this feature as this change would affect many users.

Thank you & no response needed :)

Link to comment
Share on other sites

  • Administrators
1 hour ago, e3z said:

Just an Fyi; we are experiencing the exact same issue as ronmanp on the v. 6.6.2046.0 client upgrade. Like OP stated, we are also on Configuration module 1526.2 and have other products in place to handle "Web access protection". Extensive testing would be necessary to enable this feature as this change would affect many users.

Thank you & no response needed :)

Check also the version of the Translation support module. What type of update do you have selected in the Server setup?

With "regular update", I have the following modules:

Update module    1069 (20161122)
Translation support module    1630 (20170922)
Configuration module    1526.2 (20170811)
SysInspector module    1269 (20170321)

era6_update_servers.png

Regarding disabled Web access protection, if would like I could provide you with some very fresh phishing/scam/malicious links that would be blocked by ESET. You could try them on an isolated system to find out if your current solution would block them or not. Nevertheless, it's also important to take into account that ESET's protection modules are interconnected and information from the firewall or Web access protection could be used by other protection modules while evaluating the suspiciousness of an object.

Link to comment
Share on other sites

Hi Marcos, we are also set to Regular update. Our Transition support module is v. 1611 instead of 1630 as you are displaying. Could it be that we have yet to receive an update that would correct the issue?

Thank you for a further explanation of Web access protection and how it interacts with other ESET modules. I can revisit the possibility of enabling this feature as time & tide will allow.   

Link to comment
Share on other sites

Same here. 

I've been told by ESET support that ERA 7 is coming out and it should support all the 6.6 configurations out of the box.

Also been suggested to locally configure a client, click on request configuration from ERA and then create a new policy with the imported configuration. I didn't try that as I'll just be sticking to 6.5 until there's a proper solution.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...