Mauricio Osorio 1 Posted February 2, 2021 Share Posted February 2, 2021 Hello guys, A client of ours is presenting this error in his MDM OVA and he wants it to disappear, since he does not have to connect any apple equipment to the MDM. This is important for the client because this error is affecting his performance report. Is there any way to hide this error? Thanks for the help. Link to comment Share on other sites More sharing options...
Rincewind 3 Posted February 3, 2021 Share Posted February 3, 2021 You can hide this message using a policy for "ESET Mobile Device Connector". Here disable the Option "Send iOS related application statuses". Ensure that you assign this policy to the server running the MDM. Also check that the machine is currently talking to the ESMC - according to the screenshot last communication was 13th of january? Mirek S. 1 Link to comment Share on other sites More sharing options...
Mauricio Osorio 1 Posted February 3, 2021 Author Share Posted February 3, 2021 Thanks @Rincewind im going to try that!. Regards. Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted February 5, 2021 ESET Staff Share Posted February 5, 2021 As an explanation why this protection state happens. * Apple decided to follow CA/B rules for browsers (which is quite good for security reasons) * We (ESET) have existing userbase and as we honor our customers previous installations and configurations have to work for some time. * Prefered action for this protecion state is to actually create new certificate either via webconsole or via 3rd party CA and setting it to MDM. Disabling notification via policy is there just for extreme reasons, like our implementation issues etc... * Since EP 8.0 some parts of validation are enforced even for Android, so disabling this in policy might not work for You. Valid flow is using correct certificate/chain. Link to comment Share on other sites More sharing options...
Mauricio Osorio 1 Posted February 5, 2021 Author Share Posted February 5, 2021 Hi @Mirek S. Thanks for your answer, its pretty helpful to understand why is this happening. Do you have any procedure we can use to solve the issue? because i created a new certificate but the error persist. Best Regards. Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted February 7, 2021 ESET Staff Share Posted February 7, 2021 The state could persist due to "currently used" certificate, essentially worst error is reported which might not be best idea for these cases. If You try to request configuration from MDM You should be able to see if there is issue with new certificate. New certificate should be applied on MDM HTTPS interface when all devices install new trust (newly applied certificate root CA). This process is required as we support self-signed certificates and process for using already trusted 3rd party certificates never got in (yet) as most customer use self signed certificates from console. Since newer versions of EESA (10.7+ IIRC) and for all iOS versions device certificate store should also be used for MDM HTTPS certificate validation, meaning using certificates signed by 3rd party certificate authorities and already trusted by devices (verisign, let's encrypt...) can be exchanged without default timeout of one month (as can be configured by policy). HTH, M. Link to comment Share on other sites More sharing options...
Recommended Posts