Karsten1 0 Posted August 28, 2018 Share Posted August 28, 2018 HI, I made a new Installation of ESET ERA 6.5 VA. Then i made a ESET FS Installation on 2 Windows 2016 Server from the default repository (6.5.12014.1). I assined the default policy with real time scan only. Why do i get this messages in ERA and how can i get rid of them? yours Karsten Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted August 28, 2018 Administrators Share Posted August 28, 2018 1, Since you've deployed a new VA, why did you went with v6.5 and not with ESMC? 2, Make sure that HIPS is enabled in EFSW/Endpoint. Changing this setting will require a computer restart for it to take effect. 3, As for disabled anti-phishing, do you have web access protection, protocol filtering and anti-phishing enabled in EFSW/Endpoint? I'd strongly suggest deploying ESMC and Endpoint v7 with default settings on clients for maximum protection. Link to comment Share on other sites More sharing options...
Pinni3 21 Posted August 28, 2018 Share Posted August 28, 2018 First You need to get of presentation mode (IMO it should be disabled by default). Check Your Policies for these products. You need to enable those modules. Last thing : is there reboot requirement ? If not, deal with policies first (presentation mode can be also disabled by a policy) Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted August 28, 2018 Administrators Share Posted August 28, 2018 As for presentation mode, it's possible to set a particular application status not to be reported to ERA/ESMC. As of v7 products, presentation mode doesn't change the protection status at all. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted August 28, 2018 ESET Staff Share Posted August 28, 2018 The default policy "real time only" has HIPS disabled & protocol filtering (which is underlying feature for anti-phishing) disabled as well. Since version 6.5 disabling of those features, that are improving security is reported as a security risk. Unfortunately we have forgotten to update the policy in the way, that also corresponding settings for UI status suppression are enabled (you can suppress by editing the policy, section "user interface" / application statuses and then find the entries for disabled hips, ap & presentation mode. I would however recommend to enable both of the functionalities as Marcos has advised, as they greatly improve the protection of the client. Link to comment Share on other sites More sharing options...
Karsten1 0 Posted August 28, 2018 Author Share Posted August 28, 2018 @marcos: thx for your quick reply. I made the Installation one month before. There was no newer version available then 6.5. . I don´t need HIPS and antiphishing on a fileserver. So i don´t want them to be activated and i don´t want any alert in the ERA @piini3: thx too, i found out, how to disable the presentation mode Link to comment Share on other sites More sharing options...
Karsten1 0 Posted August 28, 2018 Author Share Posted August 28, 2018 Thx MichalJ: that´s what i´m looking for ! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted August 28, 2018 Administrators Share Posted August 28, 2018 15 minutes ago, Karsten1 said: @marcos: thx for your quick reply. I made the Installation one month before. There was no newer version available then 6.5. . I don´t need HIPS and antiphishing on a fileserver. So i don´t want them to be activated and i don´t want any alert in the ERA Do you mean that you don't need the server to be protected against ransomware attacks and possibly new malware that may be executed there, e.g. from a remote machine through vulnerabilities ? I'm asking because you wrote you didn't care about HIPS and wanted to keep it disabled. Link to comment Share on other sites More sharing options...
Karsten1 0 Posted August 28, 2018 Author Share Posted August 28, 2018 1 hour ago, Marcos said: Do you mean that you don't need the server to be protected against ransomware attacks and possibly new malware that may be executed there, e.g. from a remote machine through vulnerabilities ? I'm asking because you wrote you didn't care about HIPS and wanted to keep it disabled. It´s a fileserver, no apps, no web. So i don´t need it anymore. Link to comment Share on other sites More sharing options...
Recommended Posts