Jump to content

Archived

This topic is now archived and is closed to further replies.

ejmorrow

Predefined Targets (Security Management Center)

Recommended Posts

I'm setting up client tasks within Security Management Center to handle scans of different groups of systems that we have.  I can set up the scheduled tasks fine, but when using pre-defined targets such as ${DriveFixed} nothing is scanned, it works fine when I specify by mount point.  These are mostly Linux servers if it matters.

I am assuming the syntax is the same as ERA:  https://help.eset.com/era_admin/65/en-US/client_tasks_on_demand_scan.html

Any insight would be appreciated.  Thanks!

Share this post


Link to post
Share on other sites

Hi EJ,

this function is currently not supported and will be supported with new version 7 (right now it's still not supported in current beta 1). You can however play with it if you like. To sign up for testing, please follow this thread: 

 

Share this post


Link to post
Share on other sites

I'll check it out.  Is there currently any workaround that you know of to limit the scans to local mounts on a Linux server?  Even if it's editing a cfg file on each server, that's fine.  We just can't have multiple servers connecting to NFS/Samba shares and scanning them at the same time.

Thanks

Share this post


Link to post
Share on other sites

Unfortunately there is nothing smart... as smart I mean that it'll detect automatically what is local drive and what is shared mount. In such case only option (v4.5.x) is to do an exclusion - in ERA/ESMC policy > Antivirus > Exclusions > Files and folders to be excluded from scanning :set there mount points of shared drives. Hopefully if you have multiple servers, they're mounted on the same spot so one policy can solve that issue for all. 

We're very sorry for inconvenience.

Share this post


Link to post
Share on other sites

Exclusions would work for us, but they don't appear to be working?  I added "/root/*" to the exclusion list.  Checked /etc/opt/eset/esets/esets.cfg and found "av_exclude = "/root/*::".  Seems correct going off the main pages for esets.cfg.  Restarted the esets_daemon (Not sure if necessary).  

Ran: /opt/eset/esets/sbin/esets_scan /root
Summary of scan: 
     Total: files - 1399, objects 4694

Thought maybe it wasn't really scanning but counting.  So performed an strace and it's indeed opening files to scan them.

Share this post


Link to post
Share on other sites
On 1/16/2019 at 5:59 PM, ejmorrow said:

Exclusions would work for us, but they don't appear to be working?  I added "/root/*" to the exclusion list.  Checked /etc/opt/eset/esets/esets.cfg and found "av_exclude = "/root/*::".  Seems correct going off the main pages for esets.cfg.  Restarted the esets_daemon (Not sure if necessary).  

Ran: /opt/eset/esets/sbin/esets_scan /root
Summary of scan: 
     Total: files - 1399, objects 4694

Thought maybe it wasn't really scanning but counting.  So performed an strace and it's indeed opening files to scan them.

Hi EJ,

It works a little weird due to architecture which is solved in v7. Let me explain.

By executing OD scan in webGUI or command line "esets_scan", settings from product (esets.cfg) (or ERA policy) are not applied. You'll need to use parameters (check -h). In such case, please use following task:

sudo /opt/eset/esets/sbin/esets_scan --exclude="/root" /root

executing scan from ERA uses utility /opt/eset/esets/lib/esets_sci which is checking esets.cfg file and in such case it'll exclude what is defined. This is however not usable much for executing via command line as you get no output into console when you use esets_sci

Does it make sense for you? 

Share this post


Link to post
Share on other sites
On 1/22/2019 at 5:02 AM, Matus said:

Hi EJ,

It works a little weird due to architecture which is solved in v7. Let me explain.

By executing OD scan in webGUI or command line "esets_scan", settings from product (esets.cfg) (or ERA policy) are not applied. You'll need to use parameters (check -h). In such case, please use following task:

sudo /opt/eset/esets/sbin/esets_scan --exclude="/root" /root

executing scan from ERA uses utility /opt/eset/esets/lib/esets_sci which is checking esets.cfg file and in such case it'll exclude what is defined. This is however not usable much for executing via command line as you get no output into console when you use esets_sci

Does it make sense for you? 

I believe so.  Adding av_excludes to esets.cfg will work for scheduled scans within SMC, but won't work for testing on the command line?

Share this post


Link to post
Share on other sites
16 hours ago, ejmorrow said:

I believe so.  Adding av_excludes to esets.cfg will work for scheduled scans within SMC, but won't work for testing on the command line?

exactly:) 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...