PuterCare 3 Posted November 12, 2020 Share Posted November 12, 2020 Hi all, I am trying to solve a problem I have. On the dashboard of ESMC I can see that there are some outdated agents, if I click the bar chart and select Update Installed Eset Products it says "No ESET products that can be updated automatically have been found". I can generate a report and filter by the outdated status but I can't then run a task based on the report and to do this manually would take too long. I tried to create a new dynamic group using Application Name filter but then it does not list the Version Check Status filter so I can't then only add devices which are outdated. Has anyone got a workaround for this or is there another method I am missing? Is there also a way to use filters to show when a product is less than i.e. < 7.3.* ? Thanks Link to post Share on other sites
INDUS_MH 1 Posted November 12, 2020 Share Posted November 12, 2020 You currently cannot Update agents via the dashboard, only the Security Software. To update the agents you have to create a upgrade security management center components task and run that on the outdated machines. Link to post Share on other sites
PuterCare 3 Posted November 12, 2020 Author Share Posted November 12, 2020 Just now, INDUS_MH said: You currently cannot Update agents via the dashboard, only the Security Software. To update the agents you have to create a upgrade security management center components task and run that on the outdated machines. Thanks, this is what I do already but my issue is I can't find a way to create a dynamic group so I can apply the task to only computers running outdated agents. Do you know how to create a dynamic group that only lists outdated agents? Link to post Share on other sites
INDUS_MH 1 Posted November 12, 2020 Share Posted November 12, 2020 I don't know how to create that group, but if you send the task to all machines it will skip the ones with the current agent installed. Link to post Share on other sites
Administrators Marcos 3,694 Posted November 12, 2020 Administrators Share Posted November 12, 2020 1 minute ago, PuterCare said: Thanks, this is what I do already but my issue is I can't find a way to create a dynamic group so I can apply the task to only computers running outdated agents. Do you know how to create a dynamic group that only lists outdated agents? Without thinking how to accomplish that, what about sending an ESMC component upgrade task to all machines? If the machines have the latest version of agent, nothing will be done. On machines where agent is not up to date, it will be updated. Link to post Share on other sites
PuterCare 3 Posted November 12, 2020 Author Share Posted November 12, 2020 1 minute ago, Marcos said: Without thinking how to accomplish that, what about sending an ESMC component upgrade task to all machines? If the machines have the latest version of agent, nothing will be done. On machines where agent is not up to date, it will be updated. Thanks, that is what I do already but I just wondered if there was a way to use a dynamic group so I can set up an automatic task just like I do for when an unactivated client joins to auto-activate it. I wasn't sure if running this task to all clients would use resources on the ESMC server or clients unnecessarily. It seems if we were able to filter the Computers section like we are able to in the reports section then this is easily achievable and also I could use the "does not contain" filter on the software version with a value of "7.3." to list devices that need the urgent update. At the moment I sort my computers list by version and then manually select any that need an update. I know I can filter using specific versions but at the moment my priority is reaching at least 7.3 so we are ready for the various issues on the horizon. Link to post Share on other sites
Miami 4 Posted November 12, 2020 Share Posted November 12, 2020 12 minutes ago, PuterCare said: Thanks, that is what I do already but I just wondered if there was a way to use a dynamic group so I can set up an automatic task just like I do for when an unactivated client joins to auto-activate it. I wasn't sure if running this task to all clients would use resources on the ESMC server or clients unnecessarily. It seems if we were able to filter the Computers section like we are able to in the reports section then this is easily achievable and also I could use the "does not contain" filter on the software version with a value of "7.3." to list devices that need the urgent update. At the moment I sort my computers list by version and then manually select any that need an update. I know I can filter using specific versions but at the moment my priority is reaching at least 7.3 so we are ready for the various issues on the horizon. Hello, we use dynamic group with following template configuration to show us all V6 Agents. I am sure you can adjust that to ver 7. Of course the group is populated on next connection of the client (agent). PuterCare and hgm 2 Link to post Share on other sites
Miami 4 Posted November 12, 2020 Share Posted November 12, 2020 Using "not regex (7.3).*" could work. PuterCare 1 Link to post Share on other sites
PuterCare 3 Posted November 12, 2020 Author Share Posted November 12, 2020 (edited) 3 hours ago, Miami said: Using "not regex (7.3).*" could work. This seems to work, thanks. EDIT: Actually, it just shows macOS clients as they are on pre v7, when I get some more time will look into this and see if I need to alter my filters or it might just be only showing non-v7 clients. Edited November 12, 2020 by PuterCare Link to post Share on other sites
GregA 3 Posted November 12, 2020 Share Posted November 12, 2020 This is my Dynamic Group rule. PuterCare and hgm 2 Link to post Share on other sites
PuterCare 3 Posted November 12, 2020 Author Share Posted November 12, 2020 48 minutes ago, GregA said: This is my Dynamic Group rule. Thanks, I was trying to avoid having to set specific versions but if that's my only option then so be it. I think I will use "does not contain" and then use the latest package version and for the OS name I will use "contains" "Windows" and I will set the software name to EES as I only use EES (Mac/Windows) and EFS for servers. Link to post Share on other sites
Shell 0 Posted November 19, 2020 Share Posted November 19, 2020 I've done this using the following created template. However, you will need to edit the version each time a new one is released. It goes something like this but you can edit it to fit your needs and the current version number. AND (All conditions have to be true) Installed software.Application name - is one of - ESET Management Agent, ESET Remote Administrator Agent And Installed softwware.Application version - Not equal - "Version number" And OS edition.OS type - Equal - Microsoft Windows Link to post Share on other sites
Miami 4 Posted November 23, 2020 Share Posted November 23, 2020 Why not use the regex? With regex you can match versions the way you wish. If you need to care only about Agents version 7.2 versions use following regex (7\.2).* When you use it with application filter (to show only Eset Agents), it should match all 7.2 agent versions. OR, you can try to use following filter for outdated product. Its just my guess that it could work, I have not tested it, yet. Link to post Share on other sites
ESET Staff MichalJ 390 Posted November 23, 2020 ESET Staff Share Posted November 23, 2020 Hello @Miami This particular example as shown above, would not work. As the source of this particular problem is actually "Security product". It also states about the Endpoint Security / Antivirus, not about the management agent. Link to post Share on other sites
elkatarro 0 Posted January 23 Share Posted January 23 (edited) On 11/12/2020 at 10:24 AM, Marcos said: Without thinking how to accomplish that, what about sending an ESMC component upgrade task to all machines? If the machines have the latest version of agent, nothing will be done. On machines where agent is not up to date, it will be updated. Assuming above suggestion is it a good practice to issue a cyclic task of updating agents, say, once a month? From my observations so far it is quite lightweight bandwith-wise and works well over VPN too. But is it a safe and good practice? Edited January 23 by elkatarro Link to post Share on other sites
Administrators Marcos 3,694 Posted January 23 Administrators Share Posted January 23 29 minutes ago, elkatarro said: But is it a safe and good practice? Why not? Sending an ESET PROTECT components upgrade task to update agent on clients is a standard and recommended way how to upgrade agent. Link to post Share on other sites
ESET Staff MartinK 340 Posted January 25 ESET Staff Share Posted January 25 On 1/23/2021 at 9:53 PM, elkatarro said: Assuming above suggestion is it a good practice to issue a cyclic task of updating agents, say, once a month? From my observations so far it is quite lightweight bandwith-wise and works well over VPN too. But is it a safe and good practice? It should be fairly safe, but be aware that as of now, each upgrade of ESET PROTECT actually requires modification of component upgrade task, so that latest target version is used -> this means that periodic execution won't be automatically updating AGENTs as it might be expected. On 11/12/2020 at 10:00 AM, PuterCare said: Hi all, I am trying to solve a problem I have. On the dashboard of ESMC I can see that there are some outdated agents, if I click the bar chart and select Update Installed Eset Products it says "No ESET products that can be updated automatically have been found". I can generate a report and filter by the outdated status but I can't then run a task based on the report and to do this manually would take too long. As of ESET PROTECT 8.0, upgrade initiated via dashboard should be working, as with other ESET products. It helps to automate processes that are required on the background, i.e. components upgrade task is created and scheduled to be executed on selected clients. Link to post Share on other sites
Recommended Posts