apatheia 9 Posted September 30, 2015 Share Posted September 30, 2015 Ok, so is anyone else bothered by the fact that their users are being notified that the operating system is not up to date? Where I work, IT manages all system updates and deploys them through separate managed software update deployment system (we use Munki since we're an all OS X operation). It's confusing and annoying for our users, since they can't do anything about it anyway. Also, the notification includes a link to the App Store application, which in our case, is useless. Again, we use Munki and it's accompanying Managed Software Update application to managed all software patches, updates, deployments, everything. I would imagine that Windows shops also have other patch and application deployment mechanisms in use apart from the blessed Microsoft offerings, so my situation can't really be way out in left field, can it? Now, as far as I can tell, there is no policy option to turn off this client-side notification. So my question is this: when is ESET going to provide more robust and complete policy management for OS X and Linux systems? Or are they already and I'm missing something? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 1, 2015 Administrators Share Posted October 1, 2015 According to the user guide hxxp://download.eset.com/manuals/eset_ees_mac_6_userguide_enu.pdf, notifications about missing OS updates can be disabled in the setup so the same settings should be available in the ERA policy editor. I don't have access to Mac nor ERA at the moment so I cannot verify it. . Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 317 Posted October 1, 2015 ESET Moderators Share Posted October 1, 2015 Hi apatheia, As Marcos said, the notifications can be disabled in the Setup. However, the setting is not yet linked to an ERA policy, the developers are aware of the issue and we'd like to add the feature in the next release. Link to comment Share on other sites More sharing options...
apatheia 9 Posted October 1, 2015 Author Share Posted October 1, 2015 Yeah, the sooner you all can flesh out the OS X and Linux policy support, the better. I've found it severely lacking. As for disabling it in the setup, I can't tell my users to "Go into the settings, click tab A and flip switch B to get result C". Ain't gonna happen. I don't mean to sound like an elitist IT guy, but some people just aren't capable of dealing with a settings window with out calling the help desk... Have to ask: you have a time frame for this (and any other new policy controls)? Any time you have a setting that defaults to notifying the user client-side, you must have policy to turn that stuff off. That's just management 101. Link to comment Share on other sites More sharing options...
apatheia 9 Posted October 4, 2015 Author Share Posted October 4, 2015 (edited) So, I may have solved my problem in the short term. I haven't found the exact setting my original question referred to, but this may be a start... Digging around, I found a binary called esets_set, which is of particular interest if you are managing Endpoint products with ERA 6. ERA 6 doesn't have complete policy management yet, so this binary might useful for managing some settings that policy doesn't quite yet. In the terminal, /Applications/*ESET\ APPLICATION\ HERE*/Contents/MacOS/esets_set --help OR /Applications/.esets/Contents/MacOS/esets_set --help yields: Usage: esets_set [OPTIONS..] [COMMAND] ESET Endpoint Antivirus Configuration modifier Commands: --set='NAME=VALUE' set NAME=VALUE for given SECTION (or USERSPEC), or unset it if only NAME is given --create create given SECTION (or USERSPEC) --delete delete given SECTION (or USERSPEC) --last make USERSPEC the last one --backup=FILE back up configuration to FILE --apply=FILE apply configuration from FILE If no command is given, --set is assumed. Options: --cfg=FILE configuration file --section=SECTION operate on SECTION instead of "global" --user=USERSPEC operate on USERSPEC in SECTION Common options: -h, --help show help and quit -v, --version show version information and quit (C) 2015 ESET, spol. s r. o. To report issues, please visit hxxp://www.eset.com/support This is a start, but it not terribly helpful: it doesn't provide any parameter listings! So, back in the terminal, type strings /Applications/.esets/Contents/MacOS/esets_set to output printable strings from inside the binary. Some of the strings are parameters that this binary will accept. When attempting to set a parameter for the first time, it outputs the following error: Cannot open file /Library/Application Support/ESET/esets/etc/esets.cfg: No such file or directory It seems to want to place any global parameters in /Library/Application\ Support/ESET/esets/etc/esets.cfg by default. The problem is that this file doesn't exist. Creating it and setting parameters in this file don't seem to do anything either. So instead, you can target a cfg file that does exist: /Users/*USERNAME*/.esets/gui.cfg Adding the following lines to this file, for example, will do something that the ERA 6 policies can't do yet: [gui] dock_icon_enabled=no You could also type the following command to achieve a similar, but broken result. sudo /Applications/.esets/Contents/MacOS/esets_set --set='dock_enabled=no' --section=gui --cfg=/Users/*USERNAME*/.esets/gui.cfg This command yields the following result in /Users/*USERNAME*/.esets/gui.cfg [gui] dock_icon_enabled = no The extra spaces around the = sign render the setting inert. Removing the extra spaces will enforce the setting. Anyway, reboot the system and the example above will disable the dock icon from showing at sign in for the targeted user. Nice, but not great. Still working a way to target global preferences... By the way, this is all undocumented for the Mac as far as I can tell and there may be a reason for that. It could be they haven't gotten around to documenting this feature, OR its not finished yet (as the space parsing issue seems to suggest?). Anyone else have any luck with this approach? Edited October 4, 2015 by apatheia Link to comment Share on other sites More sharing options...
Recommended Posts