Policy doesnt work

[kapi9913 0]

Hello guys. I'm new into eset. Im trying to configure basic policies that for example block selected website. It seems that I configured that correctly, but nothing works. Im sure that there isnt doubled policies or policy is not aplied. I checked everything. I work on ESET PROTECT and ESET ENDPOINT. I did policy that block usb pendrive and it worked so I dont know where is the problem in other policies.

[Marcos 5,074]

Please provide logs collected with ESET Log Collector from an endpoint where the url block doesn't work.

[kapi9913 0]

I split the generated logs into two separate files because the file was too big

ERA.zip

[kapi9913 0]

Here is the second part of generated logs.

Windows.zip

[Nightowl 202]

Just a suggestion , since you blocked Polish language of Facebook , it might just re-direct to some other domain or english language

Try blocking *.facebook.com

[kapi9913 0]

It doesnt work. I guess there is a problem with aplying policies. I  made a bunch of them and only one work- blocking removable devices. Should I remove my computer from dynamic group. Maybe this blocks policy from static group where I apply every policy that I made.

[Marcos 5,074]

I didn't find any issues with your configuration and using the very same Web Control rule worked for me. What about blocking a different website for a test? And what about blocking an http site? As for the suggestion above by Nightownl, try blocking just facebook.com since wildcards are not supported in Web Control rules.

Does blocking the website via Web access protection -> Url management work?

[kapi9913 0]

I added ip address of the website to the url management work and it doesnt work 😕 

[Marcos 5,074]

Is eicar detected by Web access protection when you download it via https from https://secure.eicar.org/eicarcom2.zip?

Does the problem persist even if you try to block the said hostname locally and not via a policy?

[kapi9913 0]

Eicar is detected by endpoint but webaccess doesnt say anything. I guess there is a problem with connection between endpoint and eset protect.

[kapi9913 0]

Maybe here is the problem. Should I remove computer from the dynamic group?

[Marcos 5,074]

To find out if the issue is policy related, please try what I suggested before:

Does the problem persist even if you try to block the said hostname locally and not via a policy?

[kapi9913 0]

I cant set it locally because I do not have password to ESET ENDPOINT. There is password reqiurment if you want to set the rule.

[Marcos 5,074]

If you are an administrator with access to ESET PROTECT, it should be you who set the password to protect settings.

At least you should be able to create a policy for a particular endpoint that will temporarily remove password protection.

[kapi9913 0]

Im one of the administrator. Can I check the password to the endpoint in the eset protect?

[Marcos 5,074]

You can't determine the password but you can create and enforce a policy that would either temporarily disable password protection set by another admin or enable override mode.

[kapi9913 0]

I added this policy and it still requier password. It can be problem between endpoint and protect. But I dont know what exactly is going on.

[Marcos 5,074]

I'm sorry, I was wrong with the override mode. Instead enforce a policy setting an empty password. After removing this policy, settings with be protected with the existing password again.

[kapi9913 0]

It worked after I deleted static group and kept only dynamic group. Question is how can i exclude my computer from dynamic group called windows pc