dynamic groups expressions, update antivirus on list of computers, delete a trigger

m.gospodinov · September 16, 2019

Hello. I'm currently learning how to operate security management center and I have several problems with basic functionality.
1. When I look at the dashboard, there are a lot of computers(total 141) that don't have the latest antivirus version - 7.1.2053.0. Mainly they are with 7.0.2091.0, 7.0.2100.4 and 7.1.2045.5. I create a template for a dynamic group that contains the following expressions/rules :

Installed software . Application name = (equal) ESET Endpoint Antivirus
Installed software . Application version doesn't contain 7.1.2053.0
OS edition . OS name doesn't contain Microsoft Windows XP Professional

But in the dynamic group appear only four computers. I also tried this way, but again the same four computers :

Installed software . Application name = (equal) ESET Endpoint Antivirus
Installed software . Application vendor contains ESET
Installed software . Application vendor = (equal) ESET, spol. s r.o.
Installed software . Application version doesn't contain 7.1.2053.0
OS edition . OS name doesn't contain Microsoft Windows XP Professional

2. The second problem is that I can't find how to push a task to a list of computer names, only to groups.

3. The third problem is that I can't find how to delete a trigger. I have two tasks that are being executed on one of my dynamic groups and I want to remove the execution of one of them without deleting the task itself.

4. Where can I see a particular task on what groups/triggers is being executed?

That's all for now but I'm sure more questions will pop up as I continue to clean the mess of my predecessor.

p.s. 5. another question - what will happen if I run the RemoteDeploymentTool and install the latest version if there is already a previous version installed?

Edited September 16, 2019 by m.gospodinov

MichalJ · September 17, 2019

Hello, I will try to give you some advice:

Your fist case, should be done in a way that you use "nested dynamic groups".
1. First one will do "Machine is not Windows XP" where I would recommend solution when you first filter out Windows XP machines:
2. Then you will filter out the ones that do not have the right version:
You can run a task on a list of computers differently:
1. Select them in the computers table, choose each entry, and then click in the footer button "actions" and run task
2. From the task wizard, when you specify a trigger, you can inside specify either "add groups" or "add computers". When you click "add computers" you can choose whatever computer you like.
When you are in the "client tasks" section, and you expand the entry of the task, grey lines are for triggers. If you click on the "trigger entry" it shows you "delete". Afterwards the console asks you whether you want to delete a trigger.
In client tasks section.
It will install over, perform the upgrade of the computer. However, if you have already Agent installed, the most convenient way is to use software install task.

m.gospodinov · September 17, 2019

Hello and thanks for the tips.

1. I tried with nested groups. First filtered all computers that are not XP or Server. When I sort the results by "Security Product Version" I see there are some that have an older version that 7.1.2053.0. Then I create a sub group with just these two expressions :

Installed software . Application name = (equal) ESET Endpoint Antivirus
Installed software . Application version doesn't contain 7.1.2053.0

Again only the same four computers. Is it possible that the filters applied are somehow not working or searching a different scope? Just to experiment I try creating a brand new dynamic group and playing with expressions. When I try :

Installed software . Application version ≠ (not equal) 7.1.2053.0

OR

Installed software . Application version doesn't contain 7.1.2053.0

I get results that contain computers WITH 7.1.2053.0 version. Why?

2. My list of computernames is a .txt file. They have agent and an older antivirus version (7.0...) installed. I want to upgrade them to 7.1.2053.0. According to your answer to point 5, I can use the RemoteDeploymentTool to run the installation onto this .txt file is that right?

3 and 4. That's exactly what I was looking for, thanks.

6. When I use the dashboard to check computers sorted by antivirus version, click on "detailed information" and then on the applied filters, I have an option to add another filter. The problem is that I don't have an option to add filter by OS version. It would be nice to have that.

Edited September 17, 2019 by m.gospodinov

MichalJ · September 17, 2019

For number 1, maybe @MartinK might be able to shed some light. I can confirm that the "is one of" and "is not one of" is working for me OK.

Point in 6 is related to the fact, that the underlying data is not correlated with computer information. However I do agree, it would be a good idea to have it somehow interconnected, so I will report an improvement request for that. However, you can apply a filter on "dynamic group" so if you have a DG set on particular criteria, you can also filter the report (for example windows XP DG).

m.gospodinov · September 17, 2019

52 minutes ago, MichalJ said:

"I can confirm that the "is one of" and "is not one of" is working for me OK."

This doesn't work :

Installed software . Application version is not one of {7.1.2053.0}

This works :

OS edition . OS name is not one of {Microsoft Windows XP Professional}

Also. This gives me any results as if not filtered at all :

Installed software . Application version doesn't contain 7.1.2053.0

This gives me filtered results, yet not complete, as mentioned before :

Installed software . Application name = (equal) ESET Endpoint Antivirus
Installed software . Application vendor = (equal) ESET, spol. s r.o.
Installed software . Application version doesn't contain 7.1.2053.0

I really can't grasp the logic behind these filters. Is there a thorough guide on using them?

7. Another problem I just came upon. When I check the dashboard > overview > security risks there are some machines. Most of them just require a restart. How can I export a list of these machines so I can put it to powershell to restart at a convenient time?

Edited September 17, 2019 by m.gospodinov

MichalJ · September 18, 2019

With regards to the number 7, this functionality will be available in the next release. You will have an option to download the generated report output directly from the dashboard.

What is also possible in current version is, that when you drill down, apply filters, you can click "generate and download", to get the data exported in CSV format.

Edited September 18, 2019 by MichalJ

MartinK · September 18, 2019

On 9/17/2019 at 12:22 PM, m.gospodinov said:
Again only the same four computers. Is it possible that the filters applied are somehow not working or searching a different scope? Just to experiment I try creating a brand new dynamic group and playing with expressions. When I try :
Installed software . Application version ≠ (not equal) 7.1.2053.0
OR
Installed software . Application version doesn't contain 7.1.2053.0
I get results that contain computers WITH 7.1.2053.0 version. Why?

I would have to verify by my self to be sure, but reason is probably that negation of specific condition is not very clear and it can be easily misunderstood. For example condition Installed software . Application version doesn't contain 7.1.2053.0 will be probably always true, as there will be also ESMC Agent with different version in list of installed applications. In case of version it makes no sense to use this kind of expression.

My recommendation is to use positive conditions inside group definition, and instead negate result, i.e using NAND group type with following filters:

Installed software . Application name = (equal) ESET Endpoint Antivirus
Installed software . Application version = (equal) 7.1.2053.0

m.gospodinov · September 19, 2019

On 9/18/2019 at 9:17 AM, MichalJ said:

...What is also possible in current version is, that when you drill down, apply filters, you can click "generate and download", to get the data exported in CSV format...

That did it, thanks! Still it would be nice to add checkboxes to each of the lines in the attached image and export them all at once.

11 hours ago, MartinK said:

...as there will be also ESMC Agent...

Now that explains a lot! As I suggested, the filters looked at a different scope but I never thought that difference would be just another ESET software on the client computer. I'll play again with dynamic groups later.

8. Now I'm removing offline computers but I don't see change in the number of licenses. What I'm doing is this : find the computer by name > click on it and then click on "Remove" > click on "stop managing" > click on "remove device". The number of used licenses doesn't change.

Edited September 19, 2019 by m.gospodinov

MichalJ · September 19, 2019

When you remove the "offline computers", is the checkbox "deactivate license" checked? As licensing is evaluated on the cloud licensing servers, you need to make sure, that checkbox for license removal is set. Also, you will have to click "synchronize licenses" in the license screen, to update the listing, as by default it refreshes every 24 hours.

m.gospodinov · September 19, 2019

Yes, "I want to deactivate installed ESET products" is checked by default and I don't uncheck it. I logged into https://ela.eset.com/ with our account and was able to resolve the problem by checking individual computer names. The "problem" was that some of the oldest machines were not using a license, probably my predecessor has cleaned them. So that's ok.

9. BUT! 😁 From the dashboard I exported a list of machines that had never connect to the security management center. Then I put that list to powershell so I can check when these machines have connected to the active directory. Now I have a list of stale computers that haven't connected for more than 90 days and I want to remove them from the security management center (ERA). The problem is that I have a .txt file with the names and there's no option to run a task against that .txt file. The computers are not that much so I'll delete them one by one, but it would be a nice option to have.

m.gospodinov · September 25, 2019

10. Dashboard > Computers > Security risk > Detailed information - I get a list with computers that have a problem. Most just require restart but others have different problems. Is there a way to separate them or at least add a field with the problem? Right now I have to click on each of these computers to see details and then go to alerts, which is extremely time consuming.

p.s. I found it - Dashboard > Top computer problems > Expand the field > Table view.

Edited September 25, 2019 by m.gospodinov

MichalJ · September 25, 2019

@m.gospodinov That was exactly the recommendation I wanted to give. Please note that you can also play a bit with the dashboards, make the "table view" displayed as default, and also when you edit the report template you can edit the "top 10" setting, so if you have more than 10 different problems you can list them all (that depends on size of your network mostly).

Sign In

dynamic groups expressions, update antivirus on list of computers, delete a trigger

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics