ejmorrow 0 Posted January 11, 2019 Share Posted January 11, 2019 (edited) I'm setting up client tasks within Security Management Center to handle scans of different groups of systems that we have. I can set up the scheduled tasks fine, but when using pre-defined targets such as ${DriveFixed} nothing is scanned, it works fine when I specify by mount point. These are mostly Linux servers if it matters. I am assuming the syntax is the same as ERA: https://help.eset.com/era_admin/65/en-US/client_tasks_on_demand_scan.html Any insight would be appreciated. Thanks! Edited January 11, 2019 by ejmorrow Link to comment Share on other sites More sharing options...
Former ESET Employees Matus 21 Posted January 15, 2019 Former ESET Employees Share Posted January 15, 2019 Hi EJ, this function is currently not supported and will be supported with new version 7 (right now it's still not supported in current beta 1). You can however play with it if you like. To sign up for testing, please follow this thread: Link to comment Share on other sites More sharing options...
ejmorrow 0 Posted January 15, 2019 Author Share Posted January 15, 2019 I'll check it out. Is there currently any workaround that you know of to limit the scans to local mounts on a Linux server? Even if it's editing a cfg file on each server, that's fine. We just can't have multiple servers connecting to NFS/Samba shares and scanning them at the same time. Thanks Link to comment Share on other sites More sharing options...
Former ESET Employees Matus 21 Posted January 16, 2019 Former ESET Employees Share Posted January 16, 2019 Unfortunately there is nothing smart... as smart I mean that it'll detect automatically what is local drive and what is shared mount. In such case only option (v4.5.x) is to do an exclusion - in ERA/ESMC policy > Antivirus > Exclusions > Files and folders to be excluded from scanning :set there mount points of shared drives. Hopefully if you have multiple servers, they're mounted on the same spot so one policy can solve that issue for all. We're very sorry for inconvenience. Link to comment Share on other sites More sharing options...
ejmorrow 0 Posted January 16, 2019 Author Share Posted January 16, 2019 Exclusions would work for us, but they don't appear to be working? I added "/root/*" to the exclusion list. Checked /etc/opt/eset/esets/esets.cfg and found "av_exclude = "/root/*::". Seems correct going off the main pages for esets.cfg. Restarted the esets_daemon (Not sure if necessary). Ran: /opt/eset/esets/sbin/esets_scan /root Summary of scan: Total: files - 1399, objects 4694 Thought maybe it wasn't really scanning but counting. So performed an strace and it's indeed opening files to scan them. Link to comment Share on other sites More sharing options...
Former ESET Employees Matus 21 Posted January 22, 2019 Former ESET Employees Share Posted January 22, 2019 On 1/16/2019 at 5:59 PM, ejmorrow said: Exclusions would work for us, but they don't appear to be working? I added "/root/*" to the exclusion list. Checked /etc/opt/eset/esets/esets.cfg and found "av_exclude = "/root/*::". Seems correct going off the main pages for esets.cfg. Restarted the esets_daemon (Not sure if necessary). Ran: /opt/eset/esets/sbin/esets_scan /root Summary of scan: Total: files - 1399, objects 4694 Thought maybe it wasn't really scanning but counting. So performed an strace and it's indeed opening files to scan them. Hi EJ, It works a little weird due to architecture which is solved in v7. Let me explain. By executing OD scan in webGUI or command line "esets_scan", settings from product (esets.cfg) (or ERA policy) are not applied. You'll need to use parameters (check -h). In such case, please use following task: sudo /opt/eset/esets/sbin/esets_scan --exclude="/root" /root executing scan from ERA uses utility /opt/eset/esets/lib/esets_sci which is checking esets.cfg file and in such case it'll exclude what is defined. This is however not usable much for executing via command line as you get no output into console when you use esets_sci Does it make sense for you? Link to comment Share on other sites More sharing options...
ejmorrow 0 Posted January 24, 2019 Author Share Posted January 24, 2019 On 1/22/2019 at 5:02 AM, Matus said: Hi EJ, It works a little weird due to architecture which is solved in v7. Let me explain. By executing OD scan in webGUI or command line "esets_scan", settings from product (esets.cfg) (or ERA policy) are not applied. You'll need to use parameters (check -h). In such case, please use following task: sudo /opt/eset/esets/sbin/esets_scan --exclude="/root" /root executing scan from ERA uses utility /opt/eset/esets/lib/esets_sci which is checking esets.cfg file and in such case it'll exclude what is defined. This is however not usable much for executing via command line as you get no output into console when you use esets_sci Does it make sense for you? I believe so. Adding av_excludes to esets.cfg will work for scheduled scans within SMC, but won't work for testing on the command line? Link to comment Share on other sites More sharing options...
Former ESET Employees Matus 21 Posted January 25, 2019 Former ESET Employees Share Posted January 25, 2019 16 hours ago, ejmorrow said: I believe so. Adding av_excludes to esets.cfg will work for scheduled scans within SMC, but won't work for testing on the command line? exactly:) Link to comment Share on other sites More sharing options...
ejmorrow 0 Posted January 25, 2019 Author Share Posted January 25, 2019 Thanks, that's all I needed! Link to comment Share on other sites More sharing options...
Recommended Posts