SimonB 0 Posted September 20, 2017 Posted September 20, 2017 Hi there, We are deploying ESET File Security for Windows Servers with the 'On-Access scan only' policy. After the client installs the Monitoring tab and in my RA Console the machine is red and alerting that the HIPS and Anti Phishing are disabled. However this is the policy we would like to deploy... so how can I get it to suppress these alerts? I would like my monthly scheduled report to show up clean if real time is on and signatures are up to date. We do not want to run HIPS and Anti Phishing on our Servers. =) Hopefully I am missing something simple! Thanks in advance, SimonB
Administrators Marcos 5,468 Posted September 20, 2017 Administrators Posted September 20, 2017 First of all, I'd like to remind you that real-time protection is interconnected with HIPS which means that disabling HIPS will also deteriorate protection capabilities of the real-time protection module. Disabling HIPS will also disable all dependent protection features, such as Advanced memory scanner, Exploit Blocker, Self defense and Ransomware protection (not included in the current version of server products yet). In order to suppress notifications about disabled modules, disable the appropriate notifications under User interface -> Application statuses.
SimonB 0 Posted September 21, 2017 Author Posted September 21, 2017 Thanks Marcos, just what I was after! Appreciate we are reducing functionality by doing this. I have turned off HIPS and Anti Phishing notifications in RA - now the HIPS alert has gone but the Anti Phishing Alert is still active for some reason. I'll install on a test VM and see if the same thing happens.
SimonB 0 Posted September 21, 2017 Author Posted September 21, 2017 Hi again, I still have 'Anti-Phishing protection is non-functional' alert, after turning off the following statuses: - Anti-Phishing protection is disabled - Anti-Phishing protection is paused Is there another setting for 'non-functional'? Doc attached with screenshots. Appreciate your help! Document1.zip
ESET Staff MichalJ 434 Posted September 21, 2017 ESET Staff Posted September 21, 2017 Hello, you will make this disappear, by purposefully disabling anti-phishing, via a setting policy.
webbdj 1 Posted September 21, 2017 Posted September 21, 2017 Ditto to this question. I have been rolling out ESET6 with the RA appliance as a number of my larger customer sites. Several of my customers are annoyed that their servers are showing up on the problem computers list. I applied the "Antivirus - Real Time Scanner Only" to several of our servers that are performance sensitive. We rarely every access the internet from these servers, but they do utilize API interfaces to partner entities that a https scanner and/or Phishing module may interfere with.. MichalJ comment about purposefully disabling anti-phishing via a policy has not changed the reporting status in ERA that these servers "Anti-Phishing protection is disabled" in the "red alerts" ... On a semi-related note.. the servers were also showing a warning about the "protection grid" until I logged into each one and clicked the checkbox ... One of my sites has over sixty servers, so having to go back and do this for each one is also a bit annoying..
ESET Staff MichalJ 434 Posted September 22, 2017 ESET Staff Posted September 22, 2017 (edited) "Anti Phishing protection disabled" status could be switched off via application of policy here: ESET File Security for Microsoft Windows Server (6+) => Advanced Settings / User Interface / Application Statuses / option below (the other switch is for disabling of the local warning). Apologies for the issues caused by using the default policy. Policy disables the protection, however does not affect the UI related settings (described below) by default. We will adjust the policy, for the future version of ERA. Concerning the protection grid (I assume you are talking about ESET Live Grid participation not configured error), you can either switch it on / off via policy, that would make the warning go away. Since version 6.5 of EFSW, and doing install via ERA (silently), those warnings are no longer displayed. Edited September 22, 2017 by MichalJ
Administrators Marcos 5,468 Posted September 24, 2017 Administrators Posted September 24, 2017 I assume that you have HTTP scanning or protocol filtering disabled as well. Note that doing so exposes the computer to Internet-borne threats. As for suppressing notifications about malfunctioning Antiphishing protection, make sure that you have the following modules in ERA installed: Translation support module 1625 (20170906) Configuration module 1526.2 (20170811) With these modules, you should have 3 options to disable notifications related to Antiphishing protection in the Application statuses setup: paused, disabled, non-functional.
SimonB 0 Posted September 28, 2017 Author Posted September 28, 2017 Hi Marcos, that sounds exactly what I need - but I cant seem to find any information about how to check or install those modules?? Appreciate your guidance! Thanks, Simon
Recommended Posts