Jump to content

Predefined Targets (Security Management Center)

ejmorrow

By ejmorrow
in ESET Products for Linux Servers

 Share

Recommended Posts

ejmorrow

ejmorrow 0

Posted
Posted (edited)

I'm setting up client tasks within Security Management Center to handle scans of different groups of systems that we have.  I can set up the scheduled tasks fine, but when using pre-defined targets such as ${DriveFixed} nothing is scanned, it works fine when I specify by mount point.  These are mostly Linux servers if it matters.

I am assuming the syntax is the same as ERA:  https://help.eset.com/era_admin/65/en-US/client_tasks_on_demand_scan.html

Any insight would be appreciated.  Thanks!

Edited by ejmorrow
Link to comment
Share on other sites
  • Former ESET Employees
Matus

Matus 21

Posted
  • Former ESET Employees
Posted

Hi EJ,

this function is currently not supported and will be supported with new version 7 (right now it's still not supported in current beta 1). You can however play with it if you like. To sign up for testing, please follow this thread: 

 

Link to comment
Share on other sites
ejmorrow

ejmorrow 0

Posted
  • Author
Posted

I'll check it out.  Is there currently any workaround that you know of to limit the scans to local mounts on a Linux server?  Even if it's editing a cfg file on each server, that's fine.  We just can't have multiple servers connecting to NFS/Samba shares and scanning them at the same time.

Thanks

Link to comment
Share on other sites
  • Former ESET Employees
Matus

Matus 21

Posted
  • Former ESET Employees
Posted

Unfortunately there is nothing smart... as smart I mean that it'll detect automatically what is local drive and what is shared mount. In such case only option (v4.5.x) is to do an exclusion - in ERA/ESMC policy > Antivirus > Exclusions > Files and folders to be excluded from scanning :set there mount points of shared drives. Hopefully if you have multiple servers, they're mounted on the same spot so one policy can solve that issue for all. 

We're very sorry for inconvenience.

Link to comment
Share on other sites
ejmorrow

ejmorrow 0

Posted
  • Author
Posted

Exclusions would work for us, but they don't appear to be working?  I added "/root/*" to the exclusion list.  Checked /etc/opt/eset/esets/esets.cfg and found "av_exclude = "/root/*::".  Seems correct going off the main pages for esets.cfg.  Restarted the esets_daemon (Not sure if necessary).  

Ran: /opt/eset/esets/sbin/esets_scan /root
Summary of scan: 
     Total: files - 1399, objects 4694

Thought maybe it wasn't really scanning but counting.  So performed an strace and it's indeed opening files to scan them.

Link to comment
Share on other sites
  • Former ESET Employees
Matus

Matus 21

Posted
  • Former ESET Employees
Posted
On 1/16/2019 at 5:59 PM, ejmorrow said:

Exclusions would work for us, but they don't appear to be working?  I added "/root/*" to the exclusion list.  Checked /etc/opt/eset/esets/esets.cfg and found "av_exclude = "/root/*::".  Seems correct going off the main pages for esets.cfg.  Restarted the esets_daemon (Not sure if necessary).  

Ran: /opt/eset/esets/sbin/esets_scan /root
Summary of scan: 
     Total: files - 1399, objects 4694

Thought maybe it wasn't really scanning but counting.  So performed an strace and it's indeed opening files to scan them.

Hi EJ,

It works a little weird due to architecture which is solved in v7. Let me explain.

By executing OD scan in webGUI or command line "esets_scan", settings from product (esets.cfg) (or ERA policy) are not applied. You'll need to use parameters (check -h). In such case, please use following task:

sudo /opt/eset/esets/sbin/esets_scan --exclude="/root" /root

executing scan from ERA uses utility /opt/eset/esets/lib/esets_sci which is checking esets.cfg file and in such case it'll exclude what is defined. This is however not usable much for executing via command line as you get no output into console when you use esets_sci

Does it make sense for you? 

Link to comment
Share on other sites
ejmorrow

ejmorrow 0

Posted
  • Author
Posted
On 1/22/2019 at 5:02 AM, Matus said:

Hi EJ,

It works a little weird due to architecture which is solved in v7. Let me explain.

By executing OD scan in webGUI or command line "esets_scan", settings from product (esets.cfg) (or ERA policy) are not applied. You'll need to use parameters (check -h). In such case, please use following task:

sudo /opt/eset/esets/sbin/esets_scan --exclude="/root" /root

executing scan from ERA uses utility /opt/eset/esets/lib/esets_sci which is checking esets.cfg file and in such case it'll exclude what is defined. This is however not usable much for executing via command line as you get no output into console when you use esets_sci

Does it make sense for you? 

I believe so.  Adding av_excludes to esets.cfg will work for scheduled scans within SMC, but won't work for testing on the command line?

Link to comment
Share on other sites
  • Former ESET Employees
Matus

Matus 21

Posted
  • Former ESET Employees
Posted
16 hours ago, ejmorrow said:

I believe so.  Adding av_excludes to esets.cfg will work for scheduled scans within SMC, but won't work for testing on the command line?

exactly:) 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...