Jump to content

Dynamic Group Template Expression for ESET File Security


JRV
 Share

Recommended Posts

I created a Dynamic Group Template to use with a Dynamic Group to find all servers with outdated ESET File Security for Microsoft Windows Servers. The template consists of an "Application Name" rule and an "Application Version" rule.

The "Application Name" rule finds no matches for "ESET File Security for Microsoft Windows Servers". Even when I copy & paste the name from the Repository entry to avoid any typos.

I changed the operator from "equals" to "contains"; still no hits. Then I removed one word at a time from the end of the name and checked for hits after each removal. None until I had dropped back to "ESET File Security". Unfortunately, this is a match for two products.

Kind of moot, here, because we don't have any "ESET File Security for Microsoft Windows Servers Core" machines, so the Group will perform as intended. But I'm surprised by how loose I had to make the criteria in order to match the intended targets.

Is there a more accurate way to filter for "ESET File Security for Microsoft Windows Servers"?

Link to comment
Share on other sites

  • ESET Staff

@JRV

For dynamic groups, the important name is the one, that is reported in the "installed applications" report, by the operating system, as that is the one, that Agent takes into consideration, when it evaluates Dynamic Group membership.

For EFSW (ESET File Security for Microsoft Windows Server) it is only "ESET File Security", so that is the condition you need to specify in your Dynamic Group Condition.

As you have correctly stated, that "ESET File Security" Is reported for both EFSW and EFSC, you can specify additional condition, for the product version. If I do recall correctly, the 4.5.12xxx.x & 4.5.13xxx.x were used for EFSW, and EFSC, so you should use following conditions:

  • Application Name (in) ESET File Security
  • Application Version (has mask) *.*.12*.*
  • Application Version (not equal) "Latest EFSW" build available.

NOTE: For ESET File Security for Microsoft Windows Server Core, the change would be, that second condition would be Application Version (has mask) *.*.13*.*

Edited by MichalJ
Link to comment
Share on other sites

Thanks, Michal, I can see that would work. With ESET, there always seems to be a way, however obscure, but this gets pretty opaque! Someone following behind me would be puzzled by that Application Version mask rule.

Seems odd we'd use strings as criteria for the Application Name anyway. ERA should know the product IDs, which are, presumably, unique, and simply offer ESET products in a dropdown list to build the rule. 

We also need to be able to select "Outdated version" as a selection for "Application Version" to put this on Auto-Pilot. We should not need to edit the Dynamic Group Template with each new version. 

Link to comment
Share on other sites

  • ESET Staff

@JRV I do agree with the statement about "obscure way" in some cases. ERA framework is extremely powerful, but not always very "straight forward". Trust me, that we are doing our best, to address those statements. Currently the issue is (pure architecture-related explanation), that product itself does not know that it is outdated. Also, ERA Agent does not know it either. Only ERA server knows it, as it has connectivity to ESET Repository. I want to assure you, that we have received many requirements from customers like you, to simply have a condition "outdated" for the software and are working on a solution for that problem towards the future. 

We are going to bring some improvements concerning the journey of updating clients in the future version, however this DG is not yet there. 

If you want to achieve a state, when ESET software gets automatically updated to the latest version, the new Endpoint 7 will have that functionality, where you will be able to handle "application upgrades" the same way, as "module updates" - as soon as when update gets available, app will download it, and deploy it. Would that work for you? 

Link to comment
Share on other sites

@MichalJ that sounds great! Looking forward to v7!

In an ideal world, it would work something like WSUS, where updates can be approved for install or removal, and approvals could be applied per-Group, to allow us to set up a subset of computers to be used for a test. At larger sites, this would be useful.

However, there are only 11 workstations at this site, and having it happen completely hands-free would be great. I don't recall ever having to downgrade ESET due to problems. As long as that never happens, the less steps it takes to manage ESET, the better!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...