DeltaSM 0 Posted December 19, 2017 Share Posted December 19, 2017 (edited) Hello everybody, I recently deploy ESET Enpoint Antivirus and I have several questions/issues about it. First question: In ERA, for a specific computer or for a whole Static Group, is it possible to disable policy inheritance? I did search after this features but I couldn't find it. This is particularly annoying when you put policies on "All" static group and have to do some tests on a computer. I know that "Force" parameter exists but it should have a "Disable policies inheritance" feature. Second question: When adding paths or files to exclude (with append option) on the antivirus module and also certificates exceptions for SSL filtering to a policy, why is it impossible for a user to add his own exceptions after this policy is applied? I know that parameter are set by the policy and then user shouldn't modify these ones once applied but, in this case, we just want to have few paths and certificates to be delivered as exceptions for all our users and that users can still add their own exceptions. Problem is that once paths/certificates are applied, settings are locked and users can't add nothing anymore... I don't know if I'm clear enough because it's not easy to explain textually. To sum up: is there a feature for a user to add his own exceptions once exceptions are already delivered by admin through a policy? Third question (most annoying one): We have several users that are running Windows 10 Pro with Users rights (so NON Administrators rights) with UAC activated (default configuration on Windows). We don't set any parameters in the policy applied for files/paths/certificates exceptions in this case and so, users should normally add their own exceptions without problem. However, each time a user wants to add an exception, a prompt is coming and ask for admin credentials. We want our users to manager their exceptions and avoid to enter administrator credentials. That's why I thought that disabling "Require full administrator rights for limited administrator accounts" in the policy options would do the trick (see below on picture) but unfortunately it didn't and I'm still ask to enter admin credentials once I want to add a credentials or even modify the setup settings. Administrator users have no issues and no prompt. So no problem on this side. So question is simple: how can I avoid Administrator rights prompts when adding exceptions or modifying setup on a limited user account? I asked support for our reseller but it seems that they are quite lost too. Thanks in advance. Regards, DeltaSM Edited December 19, 2017 by DeltaSM Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted December 19, 2017 Administrators Share Posted December 19, 2017 1, Disabling inheritance is not possible, but I assume it should be possible to work around it by avoiding assigning a policy to the "All" group and using several static groups or multi-level static groups. Maybe if you could describe the exact scenario and static groups that you use we would be able to provide you with instructions how to achieve what you want. 2, Merging policies with custom settings should be possible as of ERA v7 and Endpoint v7 to my best knowledge. 3, Users without administrator rights cannot change settings. It's worked this way since NOD32 v1. It would be very dangerous if it was possible to disable protection or change settings of a security program without administrator rights. Link to comment Share on other sites More sharing options...
DeltaSM 0 Posted December 20, 2017 Author Share Posted December 20, 2017 (edited) Hello Marcos, First of all, thank for your answer! 1. As a workaround, as you suggest, I put all policies needed by static groups on these groups directly instead of using the "All" group. The reason why I was doing that before was because it was simply easier. It's not a problem anymore but it should be a great feature if we could disable policies inheritance for a static group or a single computer for example. Especially for test purposes. To sum up:problem solved. 2. So it would be possible to deliver exceptions/exclusions from ERA through a policy and still allow the user to add his own exceptions/exclusions? It would be nice! When is V7 plan to be released? EDIT: just found it was planned for Q1/2018. 3. This is a very annoying problem in our case. Especially for SSL filtering and certificates exceptions. We have several self signed certificates internally and users without admin rights are being prompted every time about these certificates. It represent a lot of work for our IT department to manage all these prompts. I understand that this a lack of security in a way but the most important is to have a popup in this case for us. So is there maybe a workaround? Moreover, what is the "Require full administrator rights for limited administrator accounts" parameter? Regards, DeltaSM Edited December 20, 2017 by DeltaSM Link to comment Share on other sites More sharing options...
Recommended Posts