Jump to content

Disable alerts for purposely disabled modules


SimonB
 Share

Recommended Posts

Hi there,

We are deploying ESET File Security for Windows Servers with the 'On-Access scan only' policy.  After the client installs the Monitoring tab and in my RA Console the machine is red and alerting that the HIPS and Anti Phishing are disabled.  However this is the policy we would like to deploy... so how can I get it to suppress these alerts?

I would like my monthly scheduled report to show up clean if real time is on and signatures are up to date.  We do not want to run HIPS and Anti Phishing on our Servers. =)

Hopefully I am missing something simple!

Thanks in advance,
SimonB

Link to comment
Share on other sites

  • Administrators

First of all, I'd like to remind you that real-time protection is interconnected with HIPS which means that disabling HIPS will also deteriorate protection capabilities of the real-time protection module. Disabling HIPS will also disable all dependent protection features, such as Advanced memory scanner, Exploit Blocker, Self defense and Ransomware protection (not included in the current version of server products yet).

In order to suppress notifications about disabled modules, disable the appropriate notifications under User interface -> Application statuses.

Link to comment
Share on other sites

Thanks Marcos, just what I was after!  Appreciate we are reducing functionality by doing this.

I have turned off HIPS and Anti Phishing notifications in RA - now the HIPS alert has gone but the Anti Phishing Alert is still active for some reason.  I'll install on a test VM and see if the same thing happens.

Link to comment
Share on other sites

Hi again, I still have 'Anti-Phishing protection is non-functional' alert, after turning off the following statuses:

- Anti-Phishing protection is disabled
- Anti-Phishing protection is paused

Is there another setting for 'non-functional'?

Doc attached with screenshots.

Appreciate your help!

Document1.zip

Link to comment
Share on other sites

Ditto to this question.   I have been rolling out ESET6 with the RA appliance as a number of my larger customer sites.

Several of my customers are annoyed that their servers are showing up on the problem computers list.  I applied the "Antivirus - Real Time Scanner Only" to several of our servers that are performance sensitive.   We rarely every access the internet from these servers, but they do utilize API interfaces to partner entities that a https scanner and/or Phishing module may interfere with..

MichalJ comment about purposefully disabling anti-phishing via a policy has not changed the reporting status in ERA that these servers "Anti-Phishing protection is disabled" in the "red alerts" ...

On a semi-related note.. the servers were also showing a warning about the "protection grid" until I logged into each one and clicked the checkbox ... One of my sites has over sixty servers, so having to go back and do this for each one is also a bit annoying..

 

Link to comment
Share on other sites

  • ESET Staff

"Anti Phishing protection disabled" status could be switched off via application of policy here:

ESET File Security for Microsoft Windows Server (6+) => Advanced Settings / User Interface / Application Statuses / option below (the other switch is for disabling of the local warning).

Apologies for the issues caused by using the default policy. Policy disables the protection, however does not affect the UI related settings (described below) by default. We will adjust the policy, for the future version of ERA.

Concerning the protection grid (I assume you are talking about ESET Live Grid participation not configured error), you can either switch it on / off via policy, that would make the warning go away. Since version 6.5 of EFSW, and doing install via ERA (silently), those warnings are no longer displayed.

AP disabled.png

livegrid.png

Edited by MichalJ
Link to comment
Share on other sites

  • Administrators

I assume that you have HTTP scanning or protocol filtering disabled as well. Note that doing so exposes the computer to Internet-borne threats.

As for suppressing notifications about malfunctioning Antiphishing protection, make sure that you have the following modules in ERA installed:

Translation support module 1625 (20170906)
Configuration module 1526.2 (20170811)

With these modules, you should have 3 options to disable notifications related to Antiphishing protection in the Application statuses setup: paused, disabled, non-functional.

Link to comment
Share on other sites

Hi Marcos, that sounds exactly what I need - but I cant seem to find any information about how to check or install those modules??  Appreciate your guidance!

Thanks,

Simon

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...