Is there a report to advise disabled Protection on Endpoints

[Microbe 3]

Hi Team,

Can you please advise if there is a way to

a) generate a report to let an admin know if a device has disabled their EP protection status?

b) Then have a policy to re-enable the protection after that computer reboots?

 

Customer using latest versions of ESMC and EPs

[Marcos 4,714]

You can filter computers with problems in the Computer window, you can create dynamic groups for computers with specific issues and you can also generate a report with problematic computers or use the existing one:

[MichalJ 430]

You can theoretically even automate this, using dynamic groups: 

• Create a dynamic group template, that will monitor specific functionality problems
• Create a dynamic group using this template, ideally under the "all group" 
• You can either set a policy, that will be applied to make sure feature is enabled (however, once the machine leaves the dynamic group, settings will revert back to state before)
• You can execute a run command task, that will enable specific protection features, if they were not "disabled permanently", but just paused (by a local user, having admin rights). 

Details are here: https://support.eset.com/en/kb6382-use-eset-command-line-ecmdexe-to-importexport-security-product-configurations-in-eset-endpoint-products-65-and-later 

[Microbe 3]

Thanks, I believe customer has created a policy for some "field laptops" to allow the user to "disable the product via context menu on the chance they need to do this to access a foreign network", however sometimes they forget to re-enable.

So do you think if they edit that policy to only allow pause protection your suggestion would work?

 

[Marcos 4,714]

It should work. For instance, you can create a dynamic group like this:

[Microbe 3]

Thanks for the assistance will revert back to customer.