j-gray 37 Posted 4 hours ago Share Posted 4 hours ago Just discovered after the recent cloud upgrade. My dynamic groups are only updating if/when systems are online. With the recent release of a new agent, I've updated dynamic templates and dynamic groups as I've always done to stage the upgrades. I have an Agent Upgrade group (agent not equal 11.4.1107.0) and a Latest Agent group (agent = 11.4.1107.0) for both Windows and macOS. In the past when I've updated these, the Latest Agent dynamic group immediately empties entirely as nothing meets the criteria yet. Now, the dynamic group slowly empties as clients check in. If they're offline, they do not get removed from the group even though they don't meet the criteria. Same case for the Agent Upgrade group; clients are slowly moving into that group as they check in, but if offline they are not landing in the correct dynamic group. This is the case for both Windows and macOS clients. In short, dynamic groups are not affecting offline clients. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted 4 hours ago Administrators Share Posted 4 hours ago The membership in DG has always been evaluated by the agent on clients and nothing has changed in this regard. It's worked as follows: 1. A client connects to the ESET PROTECT server and receives a list of DG 2. The client evaluates the membership in DG 3. The client connects to the EP server and sends a list of DG that it's a member of. Quote Link to comment Share on other sites More sharing options...
j-gray 37 Posted 4 hours ago Author Share Posted 4 hours ago @Marcos It is working differently than it has in the past. Groups used to update immediately based on the criteria provided regardless if systems were online or offline. As it is now, for example, I updated the Latest Agent dynamic group using criteria of "agent = 11.4.1107.0". Currently there are only offline systems (141 in total), in this dynamic group, none of which have the 11.4.1107.0 agent installed. The dynamic group should be entirely empty, as we have no 11.4.1107.0 agents installed yet. Quote Link to comment Share on other sites More sharing options...
j-gray 37 Posted 4 hours ago Author Share Posted 4 hours ago I should clarify that in the past, dynamic groups would update if/when criteria are not met. Quote Link to comment Share on other sites More sharing options...
Clement BONNIN 1 Posted 1 hour ago Share Posted 1 hour ago Hello, I totally agree with @j-gray. It's not working like before. Before the new UI from July-August, when there was a change on a dynamic group template, the dynamic group associated to the template was reset and there was no assets in the dynamic group to let ESET check the new criterias. Now, when you do this, all the old assets with the old dynamic group template criterias stay except if they're online. Anyway, they are analysed and removed if they are not matching the template but online if they're online at the same moment. This is making a lot of mistake with tasks associated to dynamic groups. At least this is the case for ESET Protect Cloud maybe it still working for the On Prem version. @Marcos : I hope it will be not like the issue with ESET Cloud Active Directory Scanner. It's been one year or more I told the support there is an issue with the config.json file and the SID mapping. To make it work, it's "Id":"objectSID" not "Id":"objectGUID" on line 31... Common guys. j-gray 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.