Jump to content

How to temporarily disable cloud protection on one work station for trouble shooting


Recommended Posts

I am not sure what the best procedure is to disable temporarily protection on a workstation controlled via the cloud?  If this is not possible, can this be disable locally by the user? It seems to me that locally the options are greyed out. 

Using Endpoint Sec 7.3.2044 and ESET PROTECT Cloud (version: 2.1.24.0 and ESET Management Agent 8.0.1238.0 

I clicked on deactivate the product in the console but I cannot see what this did or how I would revert this now?

Link to post
Share on other sites
  • Administrators

What do you mean by cloud protection? Cloud protection is LiveGrid/EDTD but it's not clear what issue you are trying to troubleshoot. Are you getting a file incorrectly detected or url blocked that you want to try to disable it?

Link to post
Share on other sites

Sorry Marcos, I had intended to post this under the Eset Protect Cloud Forum and somehow ended up in this forum, Perhaps you can move it . 

We are using Cloud Protection with 25 pc and I am monitoring these via the Administrator Function. What I am looking for is a way to temporarily suspend Eset on a specific workstation.  In this particular case the colleague tried to install some legit software and the installation failed several times. While I could not see any indication that Eset had interfered or quarantined from the console, we wanted to rule out that the failure was due to the AV.  I posted the relevant software numbers being used in my original post. 

Normally in a stand-alone AV you can rightclick the icon and temporarily suspend the protection, until reboot or for a number of minutes. It seemed to me that this was not possible on the workstation and I suspect that this is intended to prevent "anyone" to do this, so I was hoping to do this as administrator from my console. How?  

As mentioned I thought perhaps "deactivate the product" for this workstation in the console would be the way, but I can't see any effect. Obviously I would need to know what I deactivated and how to reverse this as our testing is over.

Link to post
Share on other sites
  • Administrators

Or you can completely disable firewall and real-time protection (Windows Defender will activate on Win10 instead) via a policy.

Link to post
Share on other sites

Michalj and Marcos, thanks for that. I will need to study this, to see whether this is within my abilities. I had hoped there was a way to select the workstation within the cloud console and rightclick  disable or similar or perhaps run a task to disable protection.   Can you please also confirm that my understanding is correct that at the workstation you cannot disable protection?

Link to post
Share on other sites
  • Administrators

If settings are not locked by a policy, it's possible to pause or completely disable particular protection features if you mean this. Moreover, it's also possible to set a password to protect settings and thus prevent unauthorized users from tampering.

As a preventive measure against attackers disabling protection we recommend locking default real-time and HIPS settings by a policy.

Link to post
Share on other sites
  • ESET Staff
Posted (edited)

@beethoven Local pausing of the protection requires administrator privileges. Meaning a standard user won´t be able to pause the product. However, pausing is really simple, just click on the machine in ESET PROTECT, choose "new task", and then in the options choose a "run command" option . Over there, just copy the command line from the linked help article (for example to pause the AV "ecmd /setfeature onaccess pause"), and click execute.  Paused protection will trigger a red computer status. Corrective action (re-enabling) can be done by one click over the reported problem. 

Edited by MichalJ
Link to post
Share on other sites

Michalj,  thanks for that - that worked well for me in testing. 

Marcos, how would I set up a preventative policy for locking default real-time and Hips? If I did so, would I still be able to use the command as described by Michalj?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...