Howitzer 0 Posted July 19, 2019 Posted July 19, 2019 Hi. I'm a new customer setting up ESET and I'm hitting a wall in regards to getting ESET to auto deploy to new desktops. I've been following this guide: https://help.eset.com/esmc_admin/70/en-US/admin_how_to_automate.html but it's not working. EXAMPLE: automatically deploy ESET products on newly connected Windows desktops 1.Create a Dynamic Group, and name it without security product. a.Make it a child group of the pre-defined group Windows computers > Windows (desktops). b.Click New Template. c.Add the following rule: Computer > Managed products mask. d.As operator select not equal. e.Select the mask ESET protected: Desktop f.Click Finish to save the group. So I've done everything in section #1 above, but instead of listing all desktops that do not have ESET, it's just listing all my desktops... Right now I have ESET installed on 4 desktops, and we're planning to do our rollout to the other 200+ desktops on Monday. So with that in mind, I have attached several screenshots to show what I have done. I am 99% confident it is exactly as the guide says. I'm not sure what I'm missing. Thank you! My ESMC versions: ESET Security Management Center (Server), Version 7.0 (7.0.577.0)ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) All desktops: The list of desktops in the dynamic group that's supposed to NOT have ESET installations: The dynamic group (proof that I'm using the correct template): The dynamic group template (proof that the Rules are set according to the guide):
ESET Staff MichalJ 434 Posted July 20, 2019 ESET Staff Posted July 20, 2019 Try to change conditions in a way, that mask “is one of” and choose agent and then mask is not one of “endpoint”. That should work.
Howitzer 0 Posted July 22, 2019 Author Posted July 22, 2019 Thanks MichalJ. I don't think that will work though. My goal is to have known computers that do not have ESET protection show up in this list. Your solution seems to depend on the fact the Agent is installed but the Endpoint is not. I'm looking for a Dynamic Group (or something) to make me a list of which new computers have been added to my network in AD and do not have ESET installed. Regardless, I attempted to do as you suggested but I do not see "Endpoint" as an option in the list of masks. I also went ahead and tried the "Installed Software" category and I set it to NOR, with the rule "application name contains ESET Endpoint Security". Now I'm getting 0 results in my "Without security product" Dynamic Group, even after doing a new AD synchronization and waiting 10 minutes.
Administrators Marcos 5,468 Posted July 22, 2019 Administrators Posted July 22, 2019 Since dynamic groups are evaluated by agent on clients, without an agent installed a client cannot report in a dynamic group.
Howitzer 0 Posted July 22, 2019 Author Posted July 22, 2019 6 minutes ago, Marcos said: Since dynamic groups are evaluated by agent on clients, without an agent installed a client cannot report in a dynamic group. Ah! Well then that makes sense why nothing is working. This guide https://help.eset.com/esmc_admin/70/en-US/admin_how_to_automate.html is what lead me down this rabbit hole. So I'll have to abandon ESMC as a way to manage/alert new computers without ESET. Unless there's another feature in ESMC that I do not yet know of? Thank you!
Administrators Marcos 5,468 Posted July 22, 2019 Administrators Posted July 22, 2019 You can use Rogue Detection Sensor to detect machines without ESMC agent which you can then put to a static group and deploy agent. With agent installed, you will be able to take advantage of dynamic groups.
Recommended Posts