Jump to content

Recommended Posts

Posted

I have one Dynamic Group Template with regex which is not working. Maybe anyone has an idea why.

What works (without regex):

SC1.PNG.5ed66f8542aa12cb56780f619c35048d.PNG

What doesn't works (with regex):

SC2.PNG.fc45a7910d7976635f072f9c8d56ccb8.PNG

Computers with prefix "kas-" are not part of the group (it's empty).

I also tried "^kas-|^kam-"

and also "^kas\-|^kam\-"

but nothing worked.

THX

  • ESET Staff
Posted

Unfortunately I cannot verify but I would recommend to construct regex without "^" and "$" -> even without those, whole string has to be matching regular expression, so those characters are not required. Maybe regex (kas|kam)-.* will work? Just to be sure, after each modification, it might take some time until new template is re-evaluated by clients.

Posted

Hi Martin,

thanks for you answer, however also the variant you suggested did not work.

I also tried kas-.*|kam-.* which did not work also.

Strange

Posted

I'm running out of ideas.

Is it possible that regex is broken?

I even tried kas.* which also fails.

If I replace "regex" with "has prefix" kas it works. But it is not what I need cause I have to check against two prefixes.

Cheers.

  • Administrators
Posted

Did you wait long enough for changes in DG to replicate to clients and then back to the server?

Posted (edited)
Quote

Did you wait long enough for changes in DG to replicate to clients and then back to the server?

I think so.

To get sure I did the last change yesterday evening and had a look at the results today. Group was still empty. Then I changed from "regex" to "has prefix" and 10 minutes later I saw the first computer appearing in the group.

Edited by offbyone
typos
  • ESET Staff
Posted
19 hours ago, offbyone said:

I think so.

To get sure I did the last change yesterday evening and had a look at the results today. Group was still empty. Then I changed from "regex" to "has prefix" and 10 minutes later I saw the first computer appearing in the group.

Could you please provide version and platform of ERA/ESMC Agent installed on client? Just to be sure there is not an older version which might not have regex support yet. Regardless of that, we will try to reproduce with similar configuration.

Posted

ESET Management Agent    7.2.1266.0
ESET Endpoint Antivirus    7.3.2036.0

  • Administrators
Posted

Since the issue cannot be easily sorted, I would recommend opening a ticket with your local ESET support so that the issue is properly tracked and looked at by developers, if necessary.

Posted

Just for the records.

I changed "Device identifiers.Identifier type" from "Computer name" to "Computer FQDN" and now the regex works.

  • ESET Staff
Posted
23 minutes ago, offbyone said:

Just for the records.

I changed "Device identifiers.Identifier type" from "Computer name" to "Computer FQDN" and now the regex works.

Thanks for letting us know.

Just out of curiosity, could you provide hint what could have been wrong? Both computer name and FQDN are accessible also from console in client details:

image.png

 

Maybe there was just wrong case sensitivity? Or completely wrong/unexpected computer name was reported for those devices?

Posted (edited)

That raises an interesting question.

Are the RegEx within ESET handled case sensitive? Sensitiveness normally is specified outside of the "expression string" with a modifier. For example in Java script you would write /(kas-|kam-).*/i where "i" the the modifier for case-insensitive.

That would explain it as the details for the computer look like follows:

 

sc.png.08b0b80791755660bf887fd95ef36fe5.png

 

 

 

Edited by offbyone
Posted

Just to mention. The operator "has prefix" is not cases sensitive, so I suspect the same for regex. So far I cannot imagine a use case for dynamic group rules where case sensitiveness makes sense.

Does ESET normalize FQDN and computer name to identical cases internally or does it use the values which are returned from OS unaltered?

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...