Jump to content

"Operating System is not up to date" notification for Mac OS X

Recommended Posts

Ok, so is anyone else bothered by the fact that their users are being notified that the operating system is not up to date? Where I work, IT manages all system updates and deploys them through separate managed software update deployment system (we use Munki since we're an all OS X operation). It's confusing and annoying for our users, since they can't do anything about it anyway.


Also, the notification includes a link to the App Store application, which in our case, is useless. Again, we use Munki and it's accompanying Managed Software Update application to managed all software patches, updates, deployments, everything. I would imagine that Windows shops also have other patch and application deployment mechanisms in use apart from the blessed Microsoft offerings, so my situation can't really be way out in left field, can it?



Now, as far as I can tell, there is no policy option to turn off this client-side notification. So my question is this: when is ESET going to provide more robust and complete policy management for OS X and Linux systems? Or are they already and I'm missing something?

Link to comment
Share on other sites

  • Administrators

According to the user guide hxxp://download.eset.com/manuals/eset_ees_mac_6_userguide_enu.pdf, notifications about missing OS updates can be disabled in the setup so the same settings should be available in the ERA policy editor. I don't have access to Mac nor ERA at the moment so I cannot verify it.


Link to comment
Share on other sites

  • ESET Moderators

Hi apatheia,

As Marcos said, the notifications can be disabled in the Setup.

However, the setting is not yet linked to an ERA policy, the developers are aware of the issue and we'd like to add the feature in the next release.

Link to comment
Share on other sites

Yeah, the  sooner you all can flesh out the OS X and Linux policy support, the better. I've found it severely lacking. 


As for disabling it in the setup, I can't tell my users to "Go into the settings, click tab A and flip switch B to get result C". Ain't gonna happen. I don't mean to sound like an elitist IT guy, but some people just aren't capable of dealing with a settings window with out calling the help desk...


Have to ask: you have a time frame for this (and any other new policy controls)? Any time you have a setting that defaults to notifying the user client-side, you must have policy to turn that stuff off. That's just management 101.

Link to comment
Share on other sites

So, I may have solved my problem in the short term. I haven't found the exact setting my original question referred to, but this may be a start...


Digging around, I found a binary called esets_set, which is of particular interest if you are managing Endpoint products with ERA 6. ERA 6 doesn't have complete policy management yet, so this binary might useful for managing some settings that policy doesn't quite yet. 


In the terminal, 

​/Applications/*ESET\ APPLICATION\ HERE*/Contents/MacOS/esets_set --help


/Applications/.esets/Contents/MacOS/esets_set --help


Usage: esets_set [OPTIONS..] [COMMAND]
ESET Endpoint Antivirus Configuration modifier

      --set='NAME=VALUE'  set NAME=VALUE for given SECTION (or USERSPEC), or 
                            unset it if only NAME is given
      --create            create given SECTION (or USERSPEC)
      --delete            delete given SECTION (or USERSPEC)
      --last              make USERSPEC the last one
      --backup=FILE       back up configuration to FILE
      --apply=FILE        apply configuration from FILE
  If no command is given, --set is assumed.
      --cfg=FILE          configuration file
      --section=SECTION   operate on SECTION instead of "global"
      --user=USERSPEC     operate on USERSPEC in SECTION
Common options:
  -h, --help              show help and quit
  -v, --version           show version information and quit

(C) 2015 ESET, spol. s r. o.
To report issues, please visit hxxp://www.eset.com/support

This is a start, but it not terribly helpful: it doesn't provide any parameter listings!


So, back in the terminal, type

strings /Applications/.esets/Contents/MacOS/esets_set

to output printable strings from inside the binary. Some of the strings are parameters that this binary will accept. 


When attempting to set a parameter for the first time, it outputs the following error:

Cannot open file /Library/Application Support/ESET/esets/etc/esets.cfg: No such file or directory

It seems to want to place any global parameters in /Library/Application\ Support/ESET/esets/etc/esets.cfg by default. The problem is that this file doesn't exist. Creating it and setting parameters in this file don't seem to do anything either.


So instead, you can target a cfg file that does exist: /Users/*USERNAME*/.esets/gui.cfg


Adding the following lines to this file, for example, will do something that the ERA 6 policies can't do yet:


You could also type the following command to achieve a similar, but broken result.

sudo /Applications/.esets/Contents/MacOS/esets_set --set='dock_enabled=no' --section=gui --cfg=/Users/*USERNAME*/.esets/gui.cfg

This command yields the following result in /Users/*USERNAME*/.esets/gui.cfg

dock_icon_enabled = no

The extra spaces around the  =  sign render the setting inert. Removing the extra spaces will enforce the setting.


Anyway, reboot the system and the example above will disable the dock icon from showing at sign in for the targeted user. Nice, but not great. 


Still working a way to target global preferences...


By the way, this is all undocumented for the Mac as far as I can tell and there may be a reason for that. It could be they haven't gotten around to documenting this feature, OR its not finished yet (as the space parsing issue seems to suggest?). 


Anyone else have any luck with this approach?


Edited by apatheia
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...