Issues with MacOS v7

[j-gray 35]

Just started testing and am finding issues with:

1. End users are prompted to Allow/Don't Allow proxy configuration
2. ESET icon is displayed in the dock even though policy is configured to not display in dock
3. Icon shows red/warning status due to 'Web and email protection is not configured'.

However, web and email protection is disabled by policy and the policy is also configured to ignore web and email status on the client and not report web and email status to the server.

How can we get rid of the Security Alert for web and email protection?

[Marcos 5,092]

If the issue persist after a system restart, please collect logs as per https://support.eset.com/en/kb3404 and open a support ticket.

[j-gray 35]

24 minutes ago, Marcos said:

If the issue persist after a system restart, please collect logs as per https://support.eset.com/en/kb3404 and open a support ticket.

Issues persist after several reboots.

[Marcos 5,092]

Do you know by chance if this started after an OS update? An issue like this has been recently fixed (as of v 7.0.7241.0).

P_EECSM-2905

[j-gray 35]

No, this was my system used for testing, running Big Sur (11.6.4). I just upgraded today from 6.11.202.0 to the latest release available in the EP Console: 7.0.7300.0. No OS updates have occurred.

 

[MichalJ 434]

Hello @j-gray just one idea. As the EEA V7 is a brand new product, the policy settings from older versions (V6) will not apply. Maybe, that is the reason, why they are not reflecting, as you have upgraded. 

 

[Matus 21]

Hi J-gray,

thank you for contacting us. Please find root causes for understanding and some solutions/workarounds for your issues. 

1, Users are prompt because integration to the system is happening during installation. If you're using JAMF and have configuration from v6, then this has to be changed, please see here: https://help.eset.com/eea_mac/7/en-US/installation.html?install_remote_pre-installation.html . It seems that you don't want WAP at all. Unfortunately, right now it's not possible to install the product without WAP component, therefore it always tries to integrate into the system. We're planning to have possibility to "exclude" components for installation later this year.

2, New generation of product requires new configuration. As Michalj mentioned, you'll need to apply new policy tree. Now it works differently than in v6, which makes more sense. If GUI is opened, then icon in dock is present. If GUI is closed, an icon in dock disappears. You can set to disallow opening GUI to users or to disable showing a menubar icon as well. 

3, Within the policy > User Interface > Application statuses please disable : Network content filtering integration warnings. That you "solve" the problem.

Regarding "Disable by policy"... In ESET, Disable means something like "don't use it/pause using it", not "don't integrate into the system". When you disable it still stays integrated so when you enables it back, it just works. That's why even though you've disabled it, it's screaming that it's not configured, because it's not integrated into the system (user probably clicked Deny or manually erased integrated component (ESET Web&Email) in Network Preferences of macOS. 

However, if you're not using JAMF it's recommended that this component will be allowed and if you're using it, then please allow it via JAMF (see guide above) and then feel free to disable it via policy. I'm also afraid that possibly you'll need to reinstall application.

Edited March 31, 2022 by Matus

[j-gray 35]

@MichalJ @Matus Thanks for your replies and detailed information.

Yes, I missed the new V7 policies. I've configured those to mirror our existing V6 policies. The red warning dot no longer appears on the ESET icon.

However, when opening the GUI, the Protection Status is red with a Security Alert that "Web and email protection is not configured." This was not the behavior in V6.

In addition, though policy is configured to not report web and email status to server, EP Console flags the device with a critical error due to web and email not configured.

Finally, it may be coincidence, but EEI agent on this system now shows as 'Malfunction'. "Installed but not running"

Thanks again -I appreciate the info and assistance.

[Matus 21]

Hi J,

thanks for the reply. 

This "Security Alert that "Web and email protection is not configured."" in GUI should be fixable by by adjusting v7 policy:  User Interface > Application statuses please disable : Network content filtering integration warnings. (left checkbox)

Please can you confirm it works?

"not report web and email status to server," - is the right checkbox unchecked from picture above?

Enterprise Inspector supports ESET Endpoint AV for macOS 7+ from version 1.7, released a week ago. I think that you still have installed version 1.6, which has no support for Endpoint for macOS v7+. In such case, such message is present. Please can you confirm?

Thank you

 

 

[j-gray 35]

@Matus Thanks again. Sorry for the delayed reply. Had to upgrade the EEI server so I could push the new EEI agent in order to test again.

I'll push out a few new AV clients and report back shortly.

[j-gray 35]

On 4/1/2022 at 1:10 AM, Matus said:

Hi J,

thanks for the reply. 

This "Security Alert that "Web and email protection is not configured."" in GUI should be fixable by by adjusting v7 policy:  User Interface > Application statuses please disable : Network content filtering integration warnings. (left checkbox)

Please can you confirm it works?

"not report web and email status to server," - is the right checkbox unchecked from picture above?

Enterprise Inspector supports ESET Endpoint AV for macOS 7+ from version 1.7, released a week ago. I think that you still have installed version 1.6, which has no support for Endpoint for macOS v7+. In such case, such message is present. Please can you confirm?

Thank you

@Matus I upgraded EEI server and connector and the connector no longer breaks when installing v7. I wasn't aware that this would be an issue.

Also, I cleared the boxes for Network Content Filtering warnings. It now clears the warning condition from the EP console, but client GUI still show red. Any way to resolve this?

[Matus 21]

Hi J-Gray,

I'm very sorry, it's a bug. We're tracking it and plan to fix in version 7.1 (available most likely in May)

Until that time you've 2 options which comes to my mind:

- reboot computer so system popup will appear (or "sudo launchctl stop com.eset.protection" and then "sudo launchctl start com.eset.protection") and Allow Proxy configuration and you can keep it disabled.

- or you'll have to approve it via MDM (Jamf): https://help.eset.com/eea_mac/7/en-US/installation.html?install_remote_pre-installation.html > part: Web access protection and keep it disabled in settings.

Please accept my apology for inconvenience

[j-gray 35]

@Matus No worries. Thanks for confirming it as a known issue.