roga 2 Posted August 12, 2019 Share Posted August 12, 2019 My understanding is that to password protect eset products on a managed system (esmc) the agent needs to be password protected. 1) Am I correct that this is the way to password protect? 2) What is the easiest way to do this for a managed network? regards Roga Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted August 12, 2019 ESET Staff Share Posted August 12, 2019 If you want to prevent local users from modifying settings and uninstalling ESET, the simplest way is to set this via policy. You can configure password in policy per individual application (Endpoint for Windows, and others). So just setup your ESMC, deploy agents, and configure the password protection policies. Link to comment Share on other sites More sharing options...
roga 2 Posted August 12, 2019 Author Share Posted August 12, 2019 Hi @MichalJ Thanks for the quick response I am trying to mitigate the system following a ransomeware infection which managed to disable eea and efs, will password protection from policy prevent diasabling of protection? - it was my understanding that we also need to protect agent to stop it being disabled Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted August 12, 2019 ESET Staff Share Posted August 12, 2019 The best things to do is to: Password protect the install of Endpoint Password protect the install of Agent Make sure the self-defense of Endpoint is enabled (it protects also the process of the agent) Link to comment Share on other sites More sharing options...
roga 2 Posted August 12, 2019 Author Share Posted August 12, 2019 8 minutes ago, MichalJ said: The best things to do is to: Password protect the install of Endpoint Password protect the install of Agent Make sure the self-defense of Endpoint is enabled (it protects also the process of the agent) So back to original question - what is easiest way to roll out password protection of agent on a managed system? Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted August 12, 2019 ESET Staff Share Posted August 12, 2019 Deploy agent Configure the password protection policy for it (for agent) Configure the password protection policy for all of the security products deployed Link to comment Share on other sites More sharing options...
roga 2 Posted August 12, 2019 Author Share Posted August 12, 2019 14 minutes ago, MichalJ said: Deploy agent Configure the password protection policy for it (for agent) Configure the password protection policy for all of the security products deployed Thanks @MichalJ I had already guessed that, so I guess I should clarify my question: I have esmc, all of the clients are managed (windows servers and workstations). In the above scenario, what is the easiest (least work) way to deploy the agent? Is this something that can be done as a client task, or do I need to run that agentinstall bat file? Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted August 12, 2019 ESET Staff Share Posted August 12, 2019 I have to say, that I am now confused. If you have ESMC, and your clients are managed, that would mean that the agent is installed already on the target systems. So then you do not have to do anything, just enable the policy. There are co applications needed on the client computer for managed ESET to work properly: ESET Management Agent (responsible for maintaining the communication with ESET Security Management Center) ESET Endpoint Security / Antivirus / File security, which is delivering the factual protection on the target system If you do not have ESET Management Agent (Or Remote Administrator agent, in version 6.5 & older) installed, you can deploy it either via the batch script, or deploy the MSI installer using GPO / SCCM, or use the remote deployment tool (to give you better advice, we will need to know your network topology). Link to comment Share on other sites More sharing options...
roga 2 Posted August 12, 2019 Author Share Posted August 12, 2019 Sorry @Michalj if I wasn't clear. I do have agents installed on the cleints. I thought perhaps that I might need to roll out an updated agent, but from what I understand from what you have said I can introduce password both on agent and client software by policy, without needing to do anything else. Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted August 12, 2019 Administrators Share Posted August 12, 2019 We strongly recommend upgrading agent to v7 by sending an ESMC upgrade task to the clients. Link to comment Share on other sites More sharing options...
Recommended Posts