Jump to content

EndPoint v6 / few questions


jdaniel

Recommended Posts

Hello,

 

We started the testing phase for EndPoint version 6. I have q few questions regarding the new interface, where do I find stuff, updates etc. I apologize if they are stupid questions or if they have been answered before.

 

1. in ERA -> Computers : (example) I see that one device has X active/potential threats. How do I actually see them ? Can't click on anything. If I go with the menu shown I can go details -> threats and I see them but (!) there is nowhere shown the actual file(s) locations. I see I have X active/potential threats but cannot see where they are. Really not friendly or productive, see attached image 1 to see what I mean.

 

I see now that my server and my devices (clients) have outdated software versions. I can only see this if I go : ERA -> Computers -> click on one device -> details -> installed applications.

 

2. is there any way I can see in a simple list the installed versions of the client AND the agent for all devices ? Something like in the 2nd image attached but for all devices ? You don't really expect we check each device or do I make some kind of report every time I want to check the version ?

 

3. do the software (agent, client, server, rogue etc) update automatically or do they have to be updated manually ? if we have to update manually I'm going back to the previous question. How do I see a list with all the ESET modules from all the devices ? Is there an update process task ? Could not find any.

 

Thank you.

post-7469-0-17678800-1432631346_thumb.png

post-7469-0-73081100-1432631349_thumb.png

Link to comment
Share on other sites

Hi

 

To answer briefly....

 

1 - no, and it's a complete pain. You have to run a report, that gives you the path to the files.

 

2 - no, but what I do is create a dynamic group template where software=agent and version <> 6.1.444, and similar for the AV version. I then create a group for each. So I now have groups "Clients with outdated agent", "Clients with current agent", "Clients with outdated AV", and "Clients with current AV",

 

3 - no. But using the groups created in 2) I have a simple task attached to the dynamic group, so that whenever a client pops until on of the "outdated" groups, a task runs to update it.

 

Unfortunately the solution described above only partially works. If a package fails to install, it never retries. if a computer has an outdated agent BUT also needs a reboot, the agent never installs (the agent insatll is blocked if a rebot is pending). But it works most of the time.

 

 

Jim

Link to comment
Share on other sites

Hi

 

To answer briefly....

 

1 - no, and it's a complete pain. You have to run a report, that gives you the path to the files.

 

2 - no, but what I do is create a dynamic group template where software=agent and version <> 6.1.444, and similar for the AV version. I then create a group for each. So I now have groups "Clients with outdated agent", "Clients with current agent", "Clients with outdated AV", and "Clients with current AV",

 

3 - no. But using the groups created in 2) I have a simple task attached to the dynamic group, so that whenever a client pops until on of the "outdated" groups, a task runs to update it.

 

Unfortunately the solution described above only partially works. If a package fails to install, it never retries. if a computer has an outdated agent BUT also needs a reboot, the agent never installs (the agent insatll is blocked if a rebot is pending). But it works most of the time.

 

 

Jim

 

 

Thank you very much for the answer & solutions. I will try with your idea with the dynamic groups for the outdated/updated clients.

 

@ESET team - not being able to see what actually files are infected/suspicious is just stupid. See question 1.

 

Thanks again.

Link to comment
Share on other sites

I will continue here and not make a new thread as the questions are in the same category...

 

I updated the server components with the task "Remote Administrator Components Upgrade". This updated the server and the agent.

It did not updated the rest of the components like Tomcat, Web Console, Rogue Detection Sensor, Mobile Connector and Proxy.

 

Is this intended ? Do we update these manually ? What is the recommended procedure ? Use the all-in-one installer from the website ? Manually update each component ?

Can we see somewhere the installed versions and the website/current versions ?

 

Thanks.

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

Dear ESET,

 

This is your official support forum. Does anyone read the business/enterprise section ? Do you really expect your clients to stay on this new "improved" version with no support ?

Link to comment
Share on other sites

  • Administrators

1, Active threats can be seen in a dashboard. In the Threats window, you can resolve threats manually by selecting Mute (will be renamed to Resolved in future versions) or delete them completely. File location can be seen in reports, however, based on users' feedback we'll be adding this information at other places too.

 

2, I've suggested this as an improvement. Within this year, we're planning to release 2 service build of ERA v6, each bringing new improvements based on users' feedback.

 

3, Normally there's no need to upgrade agent on clients. You can push a Remote Administrator Components upgrade task to all or just some clients manually and the latest version will be downloaded and installed, if applicable.

Not sure what you mean by ESET modules, whether modules like Advanced heuristics module, Internet protection module, etc. If that's what you mean, this information is nowhere to be seen in ERA to my best knowledge. I've inquired developers about this.

Link to comment
Share on other sites

Thank you for the answer, those questions were already answered by a forum member user. Good to know you are adding the file locations to more places.

My questions still remain from the post #4, copy/paste :

 

I will continue here and not make a new thread as the questions are in the same category...

 

I updated the server components with the task "Remote Administrator Components Upgrade". This updated the server and the agent.

It did not updated the rest of the components like Tomcat, Web Console, Rogue Detection Sensor, Mobile Connector and Proxy.

 

Is this intended ? Do we update these manually ? What is the recommended procedure ? Use the all-in-one installer from the website ? Manually update each component ?

Can we see somewhere the installed versions and the website/current versions ?

 

Thanks.

 

edit - from the 29th of May when the questions from above were asked, we installed the v6 on a few test workstations. We were getting constant Windows freezes/crashes after the PCs/notebooks were not used for several hours, especially during the night. So in the morning the PC was "dead". Nothing was logged in Event Viewer, no event. I was getting the same thing on my home PC with the beta v9 client, that one also managed to crash Windows random, after the client updated the virus database. The notification window appeared and... dead. Freezes/crashes from all devices stopped when we uninstalled EP v6 or EAV v9 beta.

 

Thank you.

Edited by jdaniel
Link to comment
Share on other sites

  • Administrators

1, Tomcat, Web Console, Rogue Detection Sensor, Mobile Connector and Proxy need to be updated manually. However, you shouldn't need to update these as often as other components that can be updated automatically.

 

2, As for the issue with systems freezes, please refer to the KB article hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2567 and make sure the required Microsoft KB hotfix is installed.

Link to comment
Share on other sites

Does this work also for Windows 10 ? I was testing EAV v9 beta on W10 insider 10130 and had the same crashes during the night when the PC was in idle mode.

About EP6, I will test this on a W7 PC.

 

Thanks.

Link to comment
Share on other sites

  • Administrators

Does this work also for Windows 10 ? I was testing EAV v9 beta on W10 insider 10130 and had the same crashes during the night when the PC was in idle mode.

About EP6, I will test this on a W7 PC.

 

The latest supported build of Windows 10 is 10130. Windows 10 is not a finished product and still suffers from bugs that were admitted by Microsoft. That said, no sw vendor can guarantee 100% compatibility yet.

Support for newer builds will be added as soon as Microsoft provides the necessary files for developers.

 

As for problems with system freezes, we'd need a manually generated complete memory dump from such moment.

Link to comment
Share on other sites

  • Administrators

2. is there any way I can see in a simple list the installed versions of the client AND the agent for all devices ? Something like in the 2nd image attached but for all devices ? You don't really expect we check each device or do I make some kind of report every time I want to check the version ?

 

This can be currently accomplished by creating a custom report and adding it to dashboard; you can also set time interval for automatic refresh. It would look like this:

 

 

post-10-0-90267900-1436348879_thumb.png

Link to comment
Share on other sites

Thanks for the answers.

 

- in my previous response I forgot one essential word : "Both hotfixes said they are NOT applicable for my W7. This usually mean they are already installed."

- about the software versions, I already did something similar but there should be a way to check this easier, prebuilt or something. Having software up2date is important these days.

- about the memory dumps, give me details what you want, what settings, where etc. After we finish testing the current AV, I will install back ERA6.

 

One more question :

 

- does ESET have in mind to implement some kind of a "software update checker" ? I mean installed software on the client PC/notebook. I'm talking here about Java, Adobe Reader etc.

 

Thank you.

Link to comment
Share on other sites

  • Administrators

If you continually encounter issues with system freezes, please configure the OS to enable manual generation of complete memory dumps as per the instructions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN380, section "Generate a memory dump manually". When the system freezes, press Ctrl+Scroll Lock twice to trigger BSOD so that a dump is generated.

 

Does ESET have in mind to implement some kind of a "software update checker" ? I mean installed software on the client PC/notebook. I'm talking here about Java, Adobe Reader etc.

 

I can't comment on plans but as a security company, I'm sure it's has already been or will be considered. Currently users are already protected against exploits exploiting vulnerabilities in popular applications by Exploit Blocker.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...