Jump to content

ESET PROTECT Missing Features!


Go to solution Solved by Marcos,

Recommended Posts

Hello,

recently we moved from Kaspersky to ESET and we miss many features in ESET... Maybe we missed something so can you help us with the questions below?

1. How can we stop running task?

2. How can we see an overview of a 3rd party software vulnerabilities?

3. How can I backup ESET within ESET PROTECT Management Console?

4. How can we prevent devices from automatically moving from custom groups back to default groups (Domain Computers, etc.)?

5. We need to block all browsers and torrent software on some computers... Is there any "Browsers" and "Torrents" categories? If not, how can we achieve this? It's impossible to specify every single .exe browser and torrent software files because they can be installed under user profiles in different paths or a new browser can be installed...

6. How to deactivate Web Control at specific times? For instance during break times...

7. Where can we configure signature database update settings? (In Kaspersky there was a task for this purpose and we were able to specify when they are installed on devices)

8. Where can we specify when and how often updates are downloaded from ESET servers in the internet to our local ESET server?

9. How can we see a list of 3rd party software that need to be updated?

Thank you for your time.

 

 

 

 

 

 

Edited by Hello There
Link to comment
Share on other sites

  • Hello There changed the title to ESET PROTECT Missing Features!
  • Administrators
18 minutes ago, Hello There said:

1. How can we stop running task?

If you mean a scheduled on-demand scan, it's not possible to stop running scans from the management console yet.

18 minutes ago, Hello There said:

2. How can we see an overview of a 3rd party software vulnerabilities?

ESET does not offer a patch management solution but this may change in the future.

18 minutes ago, Hello There said:

3. How can I backup ESET within ESET PROTECT Management Console?

Please refer to https://help.eset.com/protect_install/90/en-US/db_backup.html

18 minutes ago, Hello There said:

4. How can we prevent devices from automatically moving from custom groups back to default groups (Domain Computers, etc.)?

Computers can be moved between static groups only by an administrator or when syncing with AD:
https://help.eset.com/protect_admin/90/en-US/fs_using_ad_sync.html

18 minutes ago, Hello There said:

5. We need to block all browsers and torrent software on some computers... Is there any "Browsers" and "Torrents" categories? If not, how can we achieve this? It's impossible to specify every single .exe browser and torrent software files because they can be installed under user profiles in different paths or a new browser can be installed...

ESET does not provide Application control. However, you can create HIPS rules to block applications at a specific path or ESET Inpect rules to detect and block files based on various information from version info, such as:

SignerName
CompanyName
FileDescription
ProductName
FileVersion
and many more.

18 minutes ago, Hello There said:

6. How to deactivate Web Control at specific times? For instance during break times...

You can create time slots in a policy:

image.png

image.png

and then use them in Web Control rules:

image.png

 

18 minutes ago, Hello There said:

7. Where can we configure signature database update settings? (In Kaspersky there was a task for this purpose and we were able to specify when they are installed on devices)

You can edit update settings in the Update and Scheduler section of a policy:

image.png

18 minutes ago, Hello There said:

8. Where can we specify when and how often updates are downloaded from ESET servers in the internet to our local ESET server?

We strongly recommend to update from ESET's servers via an http proxy and keep default settings. This will ensure that protection against the latest malware will be delivered every few minutes. You can also update from a local mirror, however, this will limit updates to 4-5 per day:

https://help.eset.com/protect_install/90/en-US/mirror_tool_windows.html

 

18 minutes ago, Hello There said:

9. How can we see a list of 3rd party software that need to be updated?

You can get a list of installed 3rd party software into reports by enabling it in a management agent policy, however, as already mentioned we don't currently provide a patch management solution.

Link to comment
Share on other sites

Thank you very much for your answers. They helped a lot. However, it's a little disappointment that ESET do not offer what Kaspersky for instance... 

16 hours ago, Marcos said:

If you mean a scheduled on-demand scan, it's not possible to stop running scans from the management console yet.

I meant any task... Deploying the ESET applications, deploying a 3rd party application, on-demand scans... I can imagine a lot of situation I would use this feature. Anyway, when is it planned to be implemented?

16 hours ago, Marcos said:

So for now we cannot backup ESET PROTECT from the management console itself, correct? Is ESET working on this feature?

16 hours ago, Marcos said:

Computers can be moved between static groups only by an administrator or when syncing with AD:
https://help.eset.com/protect_admin/90/en-US/fs_using_ad_sync.html

Thank you... But one thing is not clear for me. I can stop a static synchronization task so computers don't move around but when it comes to AD sync how to do it without computers moving around? Sorting and moving computers every single time I sync ESET with AD (several times a day) is just impossible. How do you deal with it in your AD environment?

16 hours ago, Marcos said:

ESET does not provide Application control. However, you can create HIPS rules to block applications at a specific path or ESET Inpect rules to detect and block files based on various information from version info, such as:

SignerName
CompanyName
FileDescription
ProductName
FileVersion
and many more.

Any suggestion how to deal with this particular problem (blocking all browsers and all torrent software)? Because this is critical for us.

Link to comment
Share on other sites

A few more questions...

10. How can I see on a target computer which policy is applied? When I often switch policies in a management console, how long does it take to propagate to clients? How can I verify that a policy is actually applied?

11. How to use Web Control to block all internet access except a few specific websites?

12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting.

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, Hello There said:

A few more questions...

10. How can I see on a target computer which policy is applied? When I often switch policies in a management console, how long does it take to propagate to clients? How can I verify that a policy is actually applied?

11. How to use Web Control to block all internet access except a few specific websites?

12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting.

10 - An eset staff could have a better answer than me

11 - Better to block from network/firewall level , rather than let ESET work hard on CPU to keep blocking everything , anyway it's easier to be done from a NGFW

12 - You can password protect the settings, and prevent local admins from knowing that password , or through a policy rule it would prevent changing through GUI even if you are admin if I am not mistaken.

Link to comment
Share on other sites

20 minutes ago, Nightowl said:

10 - An eset staff could have a better answer than me

Sure. Anybody else who can provide an answer?

20 minutes ago, Nightowl said:

11 - Better to block from network/firewall level , rather than let ESET work hard on CPU to keep blocking everything , anyway it's easier to be done from a NGFW

I know but we need to do it this way in this situation. I am just asking how to use Web Control to block internet access. Any clue?

20 minutes ago, Nightowl said:

12 - You can password protect the settings, and prevent local admins from knowing that password , or through a policy rule it would prevent changing through GUI even if you are admin if I am not mistaken.

This is exactly what we need. Where can I configure this password or where to find this setting in an ESET policy?

Link to comment
Share on other sites

10. How can I see on a target computer which policy is applied? When I often switch policies in a management console, how long does it take to propagate to clients? How can I verify that a policy is actually applied?

You can check this by going into a system's details and then -> Configuration -> Applied Policies. Alternatively if you go to the policy catalog you can select a policy and go to its details. There you can see where it is assigned and which systems it is applied on.

11. How to use Web Control to block all internet access except a few specific websites?

If you are referring to web pages, you can create a Web Control rule to block all let's say .com, .org, etc sites by using wildcards (https://help.eset.com/ees/7/en-US/idh_dialog_epfw_add_url_addr_mask.html) and then you can create exceptions. Not sure if this is the best approach, hopefully someone from ESET can provide a better idea. If you are referring to network access instead of web pages, you can use the firewall component and create the rule you desire.

12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting. 

There are two places where you should set up a password:

  • In the Endpoint Security product (different for endpoints and servers - set it up in both policies) under User Interface -> Access Setup.
  • In the Agent policy (this will protect the ESET product from uninstallation) - Under Settings -> Advanced Settings -> Setup -> Password protected setup.
Link to comment
Share on other sites

  • Administrators
2 hours ago, Hello There said:

11. How to use Web Control to block all internet access except a few specific websites?

Don't use Web Control but the URL management to block access to all sites with logging severity set to None:

image.png

Then you can add the desired urls to the Allowed url list.
Note that the content loaded from other than allowed websites will be blocked too.

2 hours ago, Hello There said:

12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting.

You can enable password protection and override mode via a policy:

image.png

 

 

Link to comment
Share on other sites

Thank you all!

14 hours ago, Ufoto said:

You can check this by going into a system's details and then -> Configuration -> Applied Policies. Alternatively if you go to the policy catalog you can select a policy and go to its details. There you can see where it is assigned and which systems it is applied on.

I know that but how can I verify on a target computer that a policy is actually applied? Is there any way to push a policy? Because I change some settings and added a policy and these changes didn't applied so I need to verify on a target computer if correct policies are applied or aren't.

14 hours ago, Ufoto said:

If you are referring to web pages, you can create a Web Control rule to block all let's say .com, .org, etc sites by using wildcards (https://help.eset.com/ees/7/en-US/idh_dialog_epfw_add_url_addr_mask.html) and then you can create exceptions. Not sure if this is the best approach, hopefully someone from ESET can provide a better idea. If you are referring to network access instead of web pages, you can use the firewall component and create the rule you desire.

Thank you, it might be used in some cases but we will follow Marcos's suggestion and use URL Address Management

14 hours ago, Ufoto said:

12. Since some users are local admins, how to prevent local administrators on target devices from changing ESET settings? We need that only domain admin or ESET management console users can change setting. 

There are two places where you should set up a password:

  • In the Endpoint Security product (different for endpoints and servers - set it up in both policies) under User Interface -> Access Setup.
  • In the Agent policy (this will protect the ESET product from uninstallation) - Under Settings -> Advanced Settings -> Setup -> Password protected setup.

That works! Thanks.

 

15 hours ago, Marcos said:

Don't use Web Control but the URL management to block access to all sites with logging severity set to None:

image.png

Then you can add the desired urls to the Allowed url list.
Note that the content loaded from other than allowed websites will be blocked too.

Nice, this is exactly what we needed. Thanks!

15 hours ago, Marcos said:

You can enable password protection and override mode via a policy:

image.png

 

 

Thank you.

Link to comment
Share on other sites

Quote

On 4/25/2022 at 3:30 PM, Marcos said:
If you mean a scheduled on-demand scan, it's not possible to stop running scans from the management console yet.

I meant any task... Deploying the ESET applications, deploying a 3rd party application, on-demand scans... I can imagine a lot of situation I would use this feature. Anyway, when is it planned to be implemented?

Quote

On 4/25/2022 at 3:30 PM, Marcos said:
Please refer to https://help.eset.com/protect_install/90/en-US/db_backup.html

So for now we cannot backup ESET PROTECT from the management console itself, correct? Is ESET working on this feature?

Quote

On 4/25/2022 at 3:30 PM, Marcos said:
Computers can be moved between static groups only by an administrator or when syncing with AD:
https://help.eset.com/protect_admin/90/en-US/fs_using_ad_sync.html

Thank you... But one thing is not clear for me. I can stop a static synchronization task so computers don't move around but when it comes to AD sync how to do it without computers moving around? Sorting and moving computers every single time I sync ESET with AD (several times a day) is just impossible. How do you deal with it in your AD environment?

Link to comment
Share on other sites

2 hours ago, Hello There said:

Thank you all!

I know that but how can I verify on a target computer that a policy is actually applied? Is there any way to push a policy? Because I change some settings and added a policy and these changes didn't applied so I need to verify on a target computer if correct policies are applied or aren't.

Thank you, it might be used in some cases but we will follow Marcos's suggestion and use URL Address Management

That works! Thanks.

 

Nice, this is exactly what we needed. Thanks!

Thank you.

The easiest way is to go to the same location - click on the system and go to Configuration -> Applied policies. If the policy Status is 'Actual' this means that the endpoint reported back that this policy was successfully applied. You will notice that if you change a policy this status will become 'Not Actual' until the system communicates with the server. 

Also, if you go to policy details for a policy in your catalog you will see that it has two sections - Assigned to, and Applied on. The former refers to where you assigned the policy, and the latter which systems actually report back that the policy is applied locally.

I hope this helps.

Link to comment
Share on other sites

Thank you very much, it helped. I made some tests and when the policy is not actual, it says "Older". However, the "Applied on" section in the policy details is not much relevant since it shows applied all the time the policy is applied, it doesn't reflect changes in the policy and pending changes.

Link to comment
Share on other sites

  • Administrators
On 4/25/2022 at 2:50 PM, Hello There said:

5. We need to block all browsers and torrent software on some computers... Is there any "Browsers" and "Torrents" categories? If not, how can we achieve this? It's impossible to specify every single .exe browser and torrent software files because they can be installed under user profiles in different paths or a new browser can be installed...

Do you use ESET Inspect so that I could prepare an example of a rule to block those applications?
As for not yet run tasks, you can delete them in the Tasks pane:

image.png

Re. backup, there are currently no plans to make it possible to run backup from the web console.

Re. task cancellation, there are plans for further improvements, including the cancellation of already running scheduled tasks.

Link to comment
Share on other sites

Marcos, any other idea how to block at least browsers? Is it possible to use wildcard characters while specifying the path to the executable file?

And regarding other questions, may I ask for answers?

Link to comment
Share on other sites

  • Administrators
3 hours ago, Hello There said:

Marcos, any other idea how to block at least browsers? Is it possible to use wildcard characters while specifying the path to the executable file?

You could use the firewall to block the communication on port 80 and 443 for browsers.

3 hours ago, Hello There said:

And regarding other questions, may I ask for answers?

Which questions do you mean in particular? Are there still any unanswered ones?

Link to comment
Share on other sites

17 minutes ago, Marcos said:

You could use the firewall to block the communication on port 80 and 443 for browsers.

The thing is that there is one IM app that needs to communicate with the outside world so we cannot block these ports. 

 
17 minutes ago, Marcos said:

Which questions do you mean in particular? Are there still any unanswered ones?

Maybe this one (question 4)...

Quote

 

On 4/25/2022 at 3:30 PM, Marcos said:

Computers can be moved between static groups only by an administrator or when syncing with AD:
https://help.eset.com/protect_admin/90/en-US/fs_using_ad_sync.html

 

Thank you... But one thing is not clear for me. I can stop a static synchronization task so computers don't move around but when it comes to AD sync how to do it without computers moving around? Sorting and moving computers every single time I sync ESET with AD (several times a day) is just impossible. How do you deal with it in your AD environment?

Link to comment
Share on other sites

  • Administrators
  • Solution
28 minutes ago, Hello There said:

The thing is that there is one IM app that needs to communicate with the outside world so we cannot block these ports. 

Firewall rules allow for specifying an application so you could block the communication for all applications but the IM.

28 minutes ago, Hello There said:
 

Maybe this one (question 4)...

Thank you... But one thing is not clear for me. I can stop a static synchronization task so computers don't move around but when it comes to AD sync how to do it without computers moving around? Sorting and moving computers every single time I sync ESET with AD (several times a day) is just impossible. How do you deal with it in your AD environment?

In the static group sync task you can specify how to handle conflicts and computer / group extinctions:

image.png

Link to comment
Share on other sites

So the computer handling while syncing the AD works. Thanks.

However, I am not able to make the firewall rules work as I need. Can I ask for help and suggestions how to exactly configure it? 

Link to comment
Share on other sites

  • Administrators
1 hour ago, Hello There said:

However, I am not able to make the firewall rules work as I need. Can I ask for help and suggestions how to exactly configure it? 

Of course :) We're here to answer your queries or help you with issues that you may run into. It's better not to mix unrelated questions in a topic but create a separate topic for each.

Link to comment
Share on other sites

  • Administrators
36 minutes ago, Hello There said:

Ok, I will start a new thread. How do I close this one? Can I mark multiple answers as solutions?

Answered topics don't get closed  except marking a particular post as a solution which is, however, not mandatory to do.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...