what is the easiest way to roll out password protection on eset products?

[roga 0]

My understanding is that to password protect eset products on a managed system (esmc) the agent needs to be password protected.

1) Am I correct that this is the way to password protect?
2) What is the easiest way to do this for a managed network?

regards

Roga

[MichalJ 434]

If you want to prevent local users from modifying settings and uninstalling ESET, the simplest way is to set this via policy. You can configure password in policy per individual application (Endpoint for Windows, and others).

So just setup your ESMC, deploy agents, and configure the password protection policies. 

[roga 0]

Hi @MichalJ Thanks for the quick response

I am trying to mitigate the system following a ransomeware infection which managed to disable eea and efs, will password protection from policy prevent diasabling of protection? - it was my understanding that we also need to protect agent to stop it being disabled

[MichalJ 434]

The best things to do is to: 

1. Password protect the install of Endpoint
2. Password protect the install of Agent
3. Make sure the self-defense of Endpoint is enabled (it protects also the process of the agent) 

[roga 0]

8 minutes ago, MichalJ said:

The best things to do is to: 

1. Password protect the install of Endpoint
2. Password protect the install of Agent
3. Make sure the self-defense of Endpoint is enabled (it protects also the process of the agent) 

So back to original question - what is easiest way to roll out password protection of agent on a managed system?

[MichalJ 434]

1. Deploy agent
2. Configure the password protection policy for it (for agent)
3. Configure the password protection policy for all of the security products deployed 

[roga 0]

14 minutes ago, MichalJ said:

1. Deploy agent
2. Configure the password protection policy for it (for agent)
3. Configure the password protection policy for all of the security products deployed 

Thanks @MichalJ

I had already guessed that, so I guess I should clarify my question:
I have esmc, all of  the clients are managed (windows servers and workstations).
In the above scenario, what is the easiest (least work) way to deploy the agent? Is this something that can be done as a client task, or do I need to run that agentinstall bat file?

[MichalJ 434]

I have to say, that I am now confused. If you have ESMC, and your clients are managed, that would mean that the agent is installed already on the target systems. So then you do not have to do anything, just enable the policy. 

There are co applications needed on the client computer for managed ESET to work properly: 

1. ESET Management Agent (responsible for maintaining the communication with ESET Security Management Center)
2. ESET Endpoint Security / Antivirus / File security, which is delivering the factual protection on the target system 

If you do not have ESET Management Agent (Or Remote Administrator agent, in version 6.5 & older) installed, you can deploy it either via the batch script, or deploy the MSI installer using GPO / SCCM, or use the remote deployment tool (to give you better advice, we will need to know your network topology). 

[roga 0]

Sorry @Michalj if I wasn't clear. I do have agents installed on the cleints.

I thought perhaps that I might need to roll out an updated agent, but from what I understand from what you have said I can introduce password both on agent and client software by policy, without needing to do anything else.

Thanks

[Marcos 5,070]

We strongly recommend upgrading agent to v7 by sending an ESMC upgrade task to the clients.