Hello There 0 Posted April 25, 2022 Share Posted April 25, 2022 (edited) Hello, recently we moved from Kaspersky to ESET and we miss many features in ESET... Maybe we missed something so can you help us with the questions below? 1. How can we stop running task? 2. How can we see an overview of a 3rd party software vulnerabilities? 3. How can I backup ESET within ESET PROTECT Management Console? 4. How can we prevent devices from automatically moving from custom groups back to default groups (Domain Computers, etc.)? 5. We need to block all browsers and torrent software on some computers... Is there any "Browsers" and "Torrents" categories? If not, how can we achieve this? It's impossible to specify every single .exe browser and torrent software files because they can be installed under user profiles in different paths or a new browser can be installed... 6. How to deactivate Web Control at specific times? For instance during break times... 7. Where can we configure signature database update settings? (In Kaspersky there was a task for this purpose and we were able to specify when they are installed on devices) 8. Where can we specify when and how often updates are downloaded from ESET servers in the internet to our local ESET server? 9. How can we see a list of 3rd party software that need to be updated? Thank you for your time. Edited April 25, 2022 by Hello There Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 25, 2022 Administrators Share Posted April 25, 2022 18 minutes ago, Hello There said: 1. How can we stop running task? If you mean a scheduled on-demand scan, it's not possible to stop running scans from the management console yet. 18 minutes ago, Hello There said: 2. How can we see an overview of a 3rd party software vulnerabilities? ESET does not offer a patch management solution but this may change in the future. 18 minutes ago, Hello There said: 3. How can I backup ESET within ESET PROTECT Management Console? Please refer to https://help.eset.com/protect_install/90/en-US/db_backup.html 18 minutes ago, Hello There said: 4. How can we prevent devices from automatically moving from custom groups back to default groups (Domain Computers, etc.)? Computers can be moved between static groups only by an administrator or when syncing with AD:https://help.eset.com/protect_admin/90/en-US/fs_using_ad_sync.html 18 minutes ago, Hello There said: 5. We need to block all browsers and torrent software on some computers... Is there any "Browsers" and "Torrents" categories? If not, how can we achieve this? It's impossible to specify every single .exe browser and torrent software files because they can be installed under user profiles in different paths or a new browser can be installed... ESET does not provide Application control. However, you can create HIPS rules to block applications at a specific path or ESET Inpect rules to detect and block files based on various information from version info, such as: SignerName CompanyName FileDescription ProductName FileVersion and many more. 18 minutes ago, Hello There said: 6. How to deactivate Web Control at specific times? For instance during break times... You can create time slots in a policy: and then use them in Web Control rules: 18 minutes ago, Hello There said: 7. Where can we configure signature database update settings? (In Kaspersky there was a task for this purpose and we were able to specify when they are installed on devices) You can edit update settings in the Update and Scheduler section of a policy: 18 minutes ago, Hello There said: 8. Where can we specify when and how often updates are downloaded from ESET servers in the internet to our local ESET server? We strongly recommend to update from ESET's servers via an http proxy and keep default settings. This will ensure that protection against the latest malware will be delivered every few minutes. You can also update from a local mirror, however, this will limit updates to 4-5 per day: https://help.eset.com/protect_install/90/en-US/mirror_tool_windows.html 18 minutes ago, Hello There said: 9. How can we see a list of 3rd party software that need to be updated? You can get a list of installed 3rd party software into reports by enabling it in a management agent policy, however, as already mentioned we don't currently provide a patch management solution. j-gray and Hello There 2 Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 26, 2022 Author Share Posted April 26, 2022 Thank you very much for your answers. They helped a lot. However, it's a little disappointment that ESET do not offer what Kaspersky for instance... 16 hours ago, Marcos said: If you mean a scheduled on-demand scan, it's not possible to stop running scans from the management console yet. I meant any task... Deploying the ESET applications, deploying a 3rd party application, on-demand scans... I can imagine a lot of situation I would use this feature. Anyway, when is it planned to be implemented? 16 hours ago, Marcos said: Please refer to https://help.eset.com/protect_install/90/en-US/db_backup.html So for now we cannot backup ESET PROTECT from the management console itself, correct? Is ESET working on this feature? 16 hours ago, Marcos said: Computers can be moved between static groups only by an administrator or when syncing with AD:https://help.eset.com/protect_admin/90/en-US/fs_using_ad_sync.html Thank you... But one thing is not clear for me. I can stop a static synchronization task so computers don't move around but when it comes to AD sync how to do it without computers moving around? Sorting and moving computers every single time I sync ESET with AD (several times a day) is just impossible. How do you deal with it in your AD environment? 16 hours ago, Marcos said: ESET does not provide Application control. However, you can create HIPS rules to block applications at a specific path or ESET Inpect rules to detect and block files based on various information from version info, such as: SignerName CompanyName FileDescription ProductName FileVersion and many more. Any suggestion how to deal with this particular problem (blocking all browsers and all torrent software)? Because this is critical for us. Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 26, 2022 Author Share Posted April 26, 2022 A few more questions... 10. How can I see on a target computer which policy is applied? When I often switch policies in a management console, how long does it take to propagate to clients? How can I verify that a policy is actually applied? 11. How to use Web Control to block all internet access except a few specific websites? 12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted April 26, 2022 Most Valued Members Share Posted April 26, 2022 1 hour ago, Hello There said: A few more questions... 10. How can I see on a target computer which policy is applied? When I often switch policies in a management console, how long does it take to propagate to clients? How can I verify that a policy is actually applied? 11. How to use Web Control to block all internet access except a few specific websites? 12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting. 10 - An eset staff could have a better answer than me 11 - Better to block from network/firewall level , rather than let ESET work hard on CPU to keep blocking everything , anyway it's easier to be done from a NGFW 12 - You can password protect the settings, and prevent local admins from knowing that password , or through a policy rule it would prevent changing through GUI even if you are admin if I am not mistaken. Hello There 1 Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 26, 2022 Author Share Posted April 26, 2022 20 minutes ago, Nightowl said: 10 - An eset staff could have a better answer than me Sure. Anybody else who can provide an answer? 20 minutes ago, Nightowl said: 11 - Better to block from network/firewall level , rather than let ESET work hard on CPU to keep blocking everything , anyway it's easier to be done from a NGFW I know but we need to do it this way in this situation. I am just asking how to use Web Control to block internet access. Any clue? 20 minutes ago, Nightowl said: 12 - You can password protect the settings, and prevent local admins from knowing that password , or through a policy rule it would prevent changing through GUI even if you are admin if I am not mistaken. This is exactly what we need. Where can I configure this password or where to find this setting in an ESET policy? Link to comment Share on other sites More sharing options...
Ufoto 14 Posted April 26, 2022 Share Posted April 26, 2022 10. How can I see on a target computer which policy is applied? When I often switch policies in a management console, how long does it take to propagate to clients? How can I verify that a policy is actually applied? You can check this by going into a system's details and then -> Configuration -> Applied Policies. Alternatively if you go to the policy catalog you can select a policy and go to its details. There you can see where it is assigned and which systems it is applied on. 11. How to use Web Control to block all internet access except a few specific websites? If you are referring to web pages, you can create a Web Control rule to block all let's say .com, .org, etc sites by using wildcards (https://help.eset.com/ees/7/en-US/idh_dialog_epfw_add_url_addr_mask.html) and then you can create exceptions. Not sure if this is the best approach, hopefully someone from ESET can provide a better idea. If you are referring to network access instead of web pages, you can use the firewall component and create the rule you desire. 12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting. There are two places where you should set up a password: In the Endpoint Security product (different for endpoints and servers - set it up in both policies) under User Interface -> Access Setup. In the Agent policy (this will protect the ESET product from uninstallation) - Under Settings -> Advanced Settings -> Setup -> Password protected setup. Hello There 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 26, 2022 Administrators Share Posted April 26, 2022 2 hours ago, Hello There said: 11. How to use Web Control to block all internet access except a few specific websites? Don't use Web Control but the URL management to block access to all sites with logging severity set to None: Then you can add the desired urls to the Allowed url list. Note that the content loaded from other than allowed websites will be blocked too. 2 hours ago, Hello There said: 12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting. You can enable password protection and override mode via a policy: j-gray and Hello There 2 Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 27, 2022 Author Share Posted April 27, 2022 Thank you all! 14 hours ago, Ufoto said: You can check this by going into a system's details and then -> Configuration -> Applied Policies. Alternatively if you go to the policy catalog you can select a policy and go to its details. There you can see where it is assigned and which systems it is applied on. I know that but how can I verify on a target computer that a policy is actually applied? Is there any way to push a policy? Because I change some settings and added a policy and these changes didn't applied so I need to verify on a target computer if correct policies are applied or aren't. 14 hours ago, Ufoto said: If you are referring to web pages, you can create a Web Control rule to block all let's say .com, .org, etc sites by using wildcards (https://help.eset.com/ees/7/en-US/idh_dialog_epfw_add_url_addr_mask.html) and then you can create exceptions. Not sure if this is the best approach, hopefully someone from ESET can provide a better idea. If you are referring to network access instead of web pages, you can use the firewall component and create the rule you desire. Thank you, it might be used in some cases but we will follow Marcos's suggestion and use URL Address Management 14 hours ago, Ufoto said: 12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting. There are two places where you should set up a password: In the Endpoint Security product (different for endpoints and servers - set it up in both policies) under User Interface -> Access Setup. In the Agent policy (this will protect the ESET product from uninstallation) - Under Settings -> Advanced Settings -> Setup -> Password protected setup. That works! Thanks. 15 hours ago, Marcos said: Don't use Web Control but the URL management to block access to all sites with logging severity set to None: Then you can add the desired urls to the Allowed url list. Note that the content loaded from other than allowed websites will be blocked too. Nice, this is exactly what we needed. Thanks! 15 hours ago, Marcos said: You can enable password protection and override mode via a policy: Thank you. Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 27, 2022 Author Share Posted April 27, 2022 Quote On 4/25/2022 at 3:30 PM, Marcos said: If you mean a scheduled on-demand scan, it's not possible to stop running scans from the management console yet. I meant any task... Deploying the ESET applications, deploying a 3rd party application, on-demand scans... I can imagine a lot of situation I would use this feature. Anyway, when is it planned to be implemented? Quote On 4/25/2022 at 3:30 PM, Marcos said: Please refer to https://help.eset.com/protect_install/90/en-US/db_backup.html So for now we cannot backup ESET PROTECT from the management console itself, correct? Is ESET working on this feature? Quote On 4/25/2022 at 3:30 PM, Marcos said: Computers can be moved between static groups only by an administrator or when syncing with AD:https://help.eset.com/protect_admin/90/en-US/fs_using_ad_sync.html Thank you... But one thing is not clear for me. I can stop a static synchronization task so computers don't move around but when it comes to AD sync how to do it without computers moving around? Sorting and moving computers every single time I sync ESET with AD (several times a day) is just impossible. How do you deal with it in your AD environment? Link to comment Share on other sites More sharing options...
Ufoto 14 Posted April 27, 2022 Share Posted April 27, 2022 2 hours ago, Hello There said: Thank you all! I know that but how can I verify on a target computer that a policy is actually applied? Is there any way to push a policy? Because I change some settings and added a policy and these changes didn't applied so I need to verify on a target computer if correct policies are applied or aren't. Thank you, it might be used in some cases but we will follow Marcos's suggestion and use URL Address Management That works! Thanks. Nice, this is exactly what we needed. Thanks! Thank you. The easiest way is to go to the same location - click on the system and go to Configuration -> Applied policies. If the policy Status is 'Actual' this means that the endpoint reported back that this policy was successfully applied. You will notice that if you change a policy this status will become 'Not Actual' until the system communicates with the server. Also, if you go to policy details for a policy in your catalog you will see that it has two sections - Assigned to, and Applied on. The former refers to where you assigned the policy, and the latter which systems actually report back that the policy is applied locally. I hope this helps. Hello There 1 Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 27, 2022 Author Share Posted April 27, 2022 Thank you very much, it helped. I made some tests and when the policy is not actual, it says "Older". However, the "Applied on" section in the policy details is not much relevant since it shows applied all the time the policy is applied, it doesn't reflect changes in the policy and pending changes. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 27, 2022 Administrators Share Posted April 27, 2022 On 4/25/2022 at 2:50 PM, Hello There said: 5. We need to block all browsers and torrent software on some computers... Is there any "Browsers" and "Torrents" categories? If not, how can we achieve this? It's impossible to specify every single .exe browser and torrent software files because they can be installed under user profiles in different paths or a new browser can be installed... Do you use ESET Inspect so that I could prepare an example of a rule to block those applications? As for not yet run tasks, you can delete them in the Tasks pane: Re. backup, there are currently no plans to make it possible to run backup from the web console. Re. task cancellation, there are plans for further improvements, including the cancellation of already running scheduled tasks. Hello There 1 Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 27, 2022 Author Share Posted April 27, 2022 Thank you Marcos. We don't have ESET Inspect. I got it, hopefully they'll implement a task cancellation soon. Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 28, 2022 Author Share Posted April 28, 2022 Marcos, any other idea how to block at least browsers? Is it possible to use wildcard characters while specifying the path to the executable file? And regarding other questions, may I ask for answers? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 28, 2022 Administrators Share Posted April 28, 2022 3 hours ago, Hello There said: Marcos, any other idea how to block at least browsers? Is it possible to use wildcard characters while specifying the path to the executable file? You could use the firewall to block the communication on port 80 and 443 for browsers. 3 hours ago, Hello There said: And regarding other questions, may I ask for answers? Which questions do you mean in particular? Are there still any unanswered ones? Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 28, 2022 Author Share Posted April 28, 2022 17 minutes ago, Marcos said: You could use the firewall to block the communication on port 80 and 443 for browsers. The thing is that there is one IM app that needs to communicate with the outside world so we cannot block these ports. 17 minutes ago, Marcos said: Which questions do you mean in particular? Are there still any unanswered ones? Maybe this one (question 4)... Quote On 4/25/2022 at 3:30 PM, Marcos said: Computers can be moved between static groups only by an administrator or when syncing with AD:https://help.eset.com/protect_admin/90/en-US/fs_using_ad_sync.html Thank you... But one thing is not clear for me. I can stop a static synchronization task so computers don't move around but when it comes to AD sync how to do it without computers moving around? Sorting and moving computers every single time I sync ESET with AD (several times a day) is just impossible. How do you deal with it in your AD environment? Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,074 Posted April 28, 2022 Administrators Solution Share Posted April 28, 2022 28 minutes ago, Hello There said: The thing is that there is one IM app that needs to communicate with the outside world so we cannot block these ports. Firewall rules allow for specifying an application so you could block the communication for all applications but the IM. 28 minutes ago, Hello There said: Maybe this one (question 4)... Thank you... But one thing is not clear for me. I can stop a static synchronization task so computers don't move around but when it comes to AD sync how to do it without computers moving around? Sorting and moving computers every single time I sync ESET with AD (several times a day) is just impossible. How do you deal with it in your AD environment? In the static group sync task you can specify how to handle conflicts and computer / group extinctions: j-gray and Hello There 2 Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 28, 2022 Author Share Posted April 28, 2022 Nice and nice. Thank you. I will test it and let you know Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 29, 2022 Author Share Posted April 29, 2022 So the computer handling while syncing the AD works. Thanks. However, I am not able to make the firewall rules work as I need. Can I ask for help and suggestions how to exactly configure it? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 29, 2022 Administrators Share Posted April 29, 2022 1 hour ago, Hello There said: However, I am not able to make the firewall rules work as I need. Can I ask for help and suggestions how to exactly configure it? Of course We're here to answer your queries or help you with issues that you may run into. It's better not to mix unrelated questions in a topic but create a separate topic for each. Link to comment Share on other sites More sharing options...
Hello There 0 Posted April 29, 2022 Author Share Posted April 29, 2022 Ok, I will start a new thread. How do I close this one? Can I mark multiple answers as solutions? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 29, 2022 Administrators Share Posted April 29, 2022 36 minutes ago, Hello There said: Ok, I will start a new thread. How do I close this one? Can I mark multiple answers as solutions? Answered topics don't get closed except marking a particular post as a solution which is, however, not mandatory to do. Link to comment Share on other sites More sharing options...
Recommended Posts