kapi9913 0 Posted March 8, 2023 Posted March 8, 2023 Hello guys. I'm new into eset. Im trying to configure basic policies that for example block selected website. It seems that I configured that correctly, but nothing works. Im sure that there isnt doubled policies or policy is not aplied. I checked everything. I work on ESET PROTECT and ESET ENDPOINT. I did policy that block usb pendrive and it worked so I dont know where is the problem in other policies.
Administrators Marcos 5,733 Posted March 8, 2023 Administrators Posted March 8, 2023 Please provide logs collected with ESET Log Collector from an endpoint where the url block doesn't work.
kapi9913 0 Posted March 8, 2023 Author Posted March 8, 2023 I split the generated logs into two separate files because the file was too big ERA.zip
kapi9913 0 Posted March 8, 2023 Author Posted March 8, 2023 Here is the second part of generated logs. Windows.zip
Most Valued Members Nightowl 206 Posted March 8, 2023 Most Valued Members Posted March 8, 2023 Just a suggestion , since you blocked Polish language of Facebook , it might just re-direct to some other domain or english language Try blocking *.facebook.com
kapi9913 0 Posted March 8, 2023 Author Posted March 8, 2023 It doesnt work. I guess there is a problem with aplying policies. I made a bunch of them and only one work- blocking removable devices. Should I remove my computer from dynamic group. Maybe this blocks policy from static group where I apply every policy that I made.
Administrators Marcos 5,733 Posted March 8, 2023 Administrators Posted March 8, 2023 I didn't find any issues with your configuration and using the very same Web Control rule worked for me. What about blocking a different website for a test? And what about blocking an http site? As for the suggestion above by Nightownl, try blocking just facebook.com since wildcards are not supported in Web Control rules. Does blocking the website via Web access protection -> Url management work?
kapi9913 0 Posted March 8, 2023 Author Posted March 8, 2023 I added ip address of the website to the url management work and it doesnt work 😕
Administrators Marcos 5,733 Posted March 8, 2023 Administrators Posted March 8, 2023 Is eicar detected by Web access protection when you download it via https from https://secure.eicar.org/eicarcom2.zip? Does the problem persist even if you try to block the said hostname locally and not via a policy?
kapi9913 0 Posted March 8, 2023 Author Posted March 8, 2023 Eicar is detected by endpoint but webaccess doesnt say anything. I guess there is a problem with connection between endpoint and eset protect.
kapi9913 0 Posted March 8, 2023 Author Posted March 8, 2023 Maybe here is the problem. Should I remove computer from the dynamic group?
Administrators Marcos 5,733 Posted March 8, 2023 Administrators Posted March 8, 2023 To find out if the issue is policy related, please try what I suggested before: Does the problem persist even if you try to block the said hostname locally and not via a policy?
kapi9913 0 Posted March 8, 2023 Author Posted March 8, 2023 I cant set it locally because I do not have password to ESET ENDPOINT. There is password reqiurment if you want to set the rule.
Administrators Marcos 5,733 Posted March 8, 2023 Administrators Posted March 8, 2023 If you are an administrator with access to ESET PROTECT, it should be you who set the password to protect settings. At least you should be able to create a policy for a particular endpoint that will temporarily remove password protection.
kapi9913 0 Posted March 8, 2023 Author Posted March 8, 2023 Im one of the administrator. Can I check the password to the endpoint in the eset protect?
Administrators Marcos 5,733 Posted March 8, 2023 Administrators Posted March 8, 2023 You can't determine the password but you can create and enforce a policy that would either temporarily disable password protection set by another admin or enable override mode.
kapi9913 0 Posted March 8, 2023 Author Posted March 8, 2023 I added this policy and it still requier password. It can be problem between endpoint and protect. But I dont know what exactly is going on.
Administrators Marcos 5,733 Posted March 8, 2023 Administrators Posted March 8, 2023 I'm sorry, I was wrong with the override mode. Instead enforce a policy setting an empty password. After removing this policy, settings with be protected with the existing password again.
Solution kapi9913 0 Posted March 8, 2023 Author Solution Posted March 8, 2023 It worked after I deleted static group and kept only dynamic group. Question is how can i exclude my computer from dynamic group called windows pc
Recommended Posts