ESET Network Protection Proxy and Big Sur

[j-gray 33]

We don't use the email and web components of the client and have them completely disabled. However, the network proxy piece still gets installed and causes issues for our end-users

Is there a policy setting that disables or removes the proxy? Alternatively is there a way to uninstall this piece or have it not install in the first place?

TIA

[Marcos 4,919]

As far as I know there's no option to not install the web & email protection system extension. The Internet is a common source of threats so we don't expect users would take a big risk to browse the Internet unprotected.  Perhaps it would make sense on completely offline computers but that's not common and computers connect to the Internet at least intermittently.

[j-gray 33]

Thanks for the reply.

We use web mail, which already has malware, phishing, spam, etc. protection. My understanding is that ESET mail protection is specific to IMAP and/or POP, which we do not use nor allow. We have dedicated appliances that handle web filtering and malware.

Regardless, the proxy piece causes pop-ups for the end users that require interaction, causing confusion and support calls. Even with JAMF we haven't been able to allow and/or suppress these. It's quite an annoyance for a feature that we don't need or want.

[karlmikaeloskar 6]

11 hours ago, Marcos said:

As far as I know there's no option to not install the web & email protection system extension. The Internet is a common source of threats so we don't expect users would take a big risk to browse the Internet unprotected.  Perhaps it would make sense on completely offline computers but that's not common and computers connect to the Internet at least intermittently.

Please just try for a second and understand the problem we are having with Eset on Big Sur since November 2020.

When installing it prompts the user to approve a network proxy. If they approve, and web and email protection is turned off: We loose network connectivity. If they approve and web and email is on: Our VPN etc breaks. If they don't approve they get a warning that their machine is not protected. But at least things keep working.

There is a button to enable or disable web and email protection and it doesn't work. Wether that is a risk to take or not is not the point. Your answer is not very helpful when you are arguing against what your customer wants to do.

Also, keep in mind that this is on a platform where most people do not run an antivirus at all. We are looking at this from completely different sides. And a lot of my peers are looking for other AV products.

[Marcos 4,919]

Manual installation allows for not installing the Web and email protection system extension.

[karlmikaeloskar 6]

1 hour ago, Marcos said:

Manual installation allows for not installing the Web and email protection system extension.

Well thank you, please elaborate!

If I could create a pkg file that would allow for me to install the software without the web and email protection and then activating our serial that would be great! Would it still prompt me for the network proxy?

[j-gray 33]

3 hours ago, Marcos said:

Manual installation allows for not installing the Web and email protection system extension.

Unfortunately this isn't a viable option for us given we have 600+ OS X endpoints.

As @karlmikaeloskar indicated, it would be awesome to have the ability to build and deploy packages without specific components.

[Wozz 1]

On a Mac/Big Sur  ( using Eset C/S Pro ) An issue with WEB/MAIL not activating I found that ESET Network Protection Proxy , required me to tick the connect on demand box 'every time' the computer was started. ( its found in the apple icon "system preferences/network"  )

I was running Surfshark VPN on WireGuard so I changed the Surfshark setting back to Automatic IKEv2 , this solved the problem of the WEB/EMAIL protection failing to start after a reboot. (I no longer need to tick the sys pref/network)

I tried it again with WireGuard on and the issue returned so theres definitely a conflict between the VPN and ESET there may be other conflicts however this fixed my issue.

[j-gray 33]

Yes, it's very problematic. On our clients, once the proxy piece is installed on any Big Sur system, it breaks the internet connection. Even though it's supposed to be disabled.

If a client chooses not to allow it, the internet connection works, but the ESET icon shows an error state. Even though it's supposed to be disabled.

If a client allows it, the internet connection does not work. The service has to be set to inactive in order for everything to work.

This is an issue that really needs some attention and thought. For those of us with a large client base, manual interaction and intervention on a regular basis is not feasible.

[Peter Randziak 1,081]

Hello @j-gray @karlmikaeloskar

what tools do you use to deploy the ESET product?

 

In case of any issues like

On 7/2/2021 at 9:54 AM, karlmikaeloskar said:

When installing it prompts the user to approve a network proxy. If they approve, and web and email protection is turned off: We loose network connectivity. If they approve and web and email is on: Our VPN etc breaks. If they don't approve they get a warning that their machine is not protected. But at least things keep working.

 

or

19 hours ago, j-gray said:

Yes, it's very problematic. On our clients, once the proxy piece is installed on any Big Sur system, it breaks the internet connection. Even though it's supposed to be disabled.

If a client chooses not to allow it, the internet connection works, but the ESET icon shows an error state. Even though it's supposed to be disabled.

If a client allows it, the internet connection does not work. The service has to be set to inactive in order for everything to work.

I would recommend to collect a set of logs and open a ticket with your local ESET support to have it checked...

Peter

[karlmikaeloskar 6]

2 hours ago, Peter Randziak said:

Hello @j-gray @karlmikaeloskar

what tools do you use to deploy the ESET product?

 

In case of any issues like

or

I would recommend to collect a set of logs and open a ticket with your local ESET support to have it checked...

Peter

Hi! We use JAMF. Followed the guide you posted.

I already have a case open and sent logs. 
I don’t understand why as this is very easy to reproduce. 

[Marcos 4,919]

We are currently testing a deployment procedure via JAMF which will avoid the dialogs related to extension installation. We should have it ready for publishing soon.

[j-gray 33]

4 hours ago, Peter Randziak said:

Hello @j-gray @karlmikaeloskar

what tools do you use to deploy the ESET product?

We use JAMF to deploy the agent, then ESMC installs the client automatically once the agent is installed.

[Marcos 4,919]

Component-based remote installation via Apple Remote Desktop is described here:

https://help.eset.com/ees_mac/6.10/en-US/remote_installation_package.html

1, Create an installation package using the Remote installation mode in which you can select the components to install.

2.Copy the following files using Copy filer or folder in Apple Remote Desktop to the /tmp folder on the target computer:
 
If you are installing all components, copy:
       - esets_setup.dat
 
If you are not installing all product components, copy:
       - esets_setup.dat
       - product_components.dat

[j-gray 33]

On 7/13/2021 at 1:40 AM, Marcos said:

Component-based remote installation via Apple Remote Desktop is described here:

ARD might be a suitable workaround for smaller organizations. Unfortunately, it requires too much manual intervention and constant babysitting to be viable in a larger environment.

We need a solution that is both reliable and can be automated.

Edited July 16, 2021 by j-gray

[j-gray 33]

Out of curiosity, the EP Antivirus and EP Security feature matrix shows that EP Security has "Component-based installation".

Does this mean that we can choose to not install components that are not needed as we're discussing here?

[jwit 0]

We have the same issue. If the proxy is left on users are unable to connect to the internet. 

We manually install the agent but then all policies and updates are picked up from ESMC.

[j-gray 33]

On 7/8/2021 at 7:36 AM, Marcos said:

We are currently testing a deployment procedure via JAMF which will avoid the dialogs related to extension installation. We should have it ready for publishing soon.

@Marcos Any updates on this, or a possible timeline?

Our hardware orders are all coming in now, and of course new hardware is coming with Big Sur installed, so our problems are increasing rapidly.

Thank you.

[karlmikaeloskar 6]

@Marcos @Peter Randziak Any news?

[Marcos 4,919]

A KB is being worked on and should be available soon.

[j-gray 33]

On 7/8/2021 at 7:36 AM, Marcos said:

We are currently testing a deployment procedure via JAMF which will avoid the dialogs related to extension installation. We should have it ready for publishing soon.

@Marcos The other issue is the proxy/VPN component. We're also finding that even when the service is inactive, it gets reactivated after an OS update and causes issues again.

[Marcos 4,919]

Please find updated deployment instructions at https://help.eset.com/ees_mac/6.10/en-US/install_remote.html

If you need to remove a particular component as a workaround to certain issues, instructions how to do it can be found at https://help.eset.com/ees_mac/6.10/en-US/remote_installation_package.html.

However, we don't recommend removing components as a permanent solution but rather as an interim workaround. We recommend that you contact customer care and report the issues you are having with a particular component. We will do our best to fix the issue(s) if there are no technical obstacles.

 

[karlmikaeloskar 6]

19 minutes ago, Marcos said:

Please find updated deployment instructions at https://help.eset.com/ees_mac/6.10/en-US/install_remote.html

If you need to remove a particular component as a workaround to certain issues, instructions how to do it can be found at https://help.eset.com/ees_mac/6.10/en-US/remote_installation_package.html.

However, we don't recommend removing components as a permanent solution but rather as an interim workaround. We recommend that you contact customer care and report the issues you are having with a particular component. We will do our best to fix the issue(s) if there are no technical obstacles.

 

Thank you @Marcos! I've tried creating a profile for the "Web access protection" and it does add the network interface without prompt. 

If I change "Enable VPN on demand" to false (Uncheck the box in JAMF) it does not try to connect (so far) I've haven't tested so much. So far so good! I'll check if I can create a pkg without the web component next so I don't have to see the "Web and email protection is non-functional"-alert in the menu bar.

[karlmikaeloskar 6]

@Marcos OK, I've tried creating a pkg without the web and email components but it still alerts me "Web and email protection is non-functional" even though the alert is disabled from our ESET Protect server and the components are not installed. How do we get rid of the alert?

[j-gray 33]

On 7/8/2021 at 7:36 AM, Marcos said:

We are currently testing a deployment procedure via JAMF which will avoid the dialogs related to extension installation. We should have it ready for publishing soon.

Any updates for JAMF?

Thank you.