silnocus 0 Posted June 1, 2016 Posted June 1, 2016 I've just upgraded all of our client PCs with the newest RA agent, and I have "Minimum verbosity for notifications" set to "Critical" but they are all sending "Error" level messages at a near constant rate. I had to redirect all of the emails to my personal inbox so as to not flood our helpdesk with unnecessary tickets. The error messages being sent by email are for "Failed to create rule" for the personal firewall module of endpoint security, which is undoubtedly being caused by our firewall policy's rules which have items whose path is either 64-bit or 32-bit dependent, and I have both versions in the same policy for simplicity's sake. Is there any fix for this? Either to make the agents heed the minimum verbosity policy, or if there is a way to simplify firewall rules while keeping everything in the same firewall policy, as creating a second policy would require entirely too much time given our mixed-architecture environment. Thank you.
ESET Staff MichalJ 434 Posted June 2, 2016 ESET Staff Posted June 2, 2016 Can you please provide a screenshot, of your policy settings. This has nothing to do with ERA agent. Basically, notifications are either sent by ERA server (server notifications), or you have configured Endpoint products, to send them directly. You have to adjust configuration in ESET Endpoint Security policy in order to limit the messages you are receiving.
silnocus 0 Posted June 2, 2016 Author Posted June 2, 2016 I've attached a screenshot of the relevant policy settings, obviously with obfuscated identifying information. As you can see, I have the minimum verbosity setting at "Critical." Yet I continue to get Error level messages from my endpoints. This policy is currently applied to the "All" group, and all of its other settings are demonstrably taking effect because I was able to change the recipient address and the interval and it updated all of our endpoints accordingly. I've even tried changing the minimum verbosity to a lower level then re-raising it to critical, but to no effect.
ESET Staff MartinK 384 Posted June 2, 2016 ESET Staff Posted June 2, 2016 Could please manually check configuration on client (or request configuration from ERA Webconsole) and verify whether this specific setting is properly applied?
silnocus 0 Posted June 2, 2016 Author Posted June 2, 2016 I've checked on a few computers that are physically nearby, that were also generating the emails in question, and yes, it looks like the policy is applied. Their settings under email notifications are greyed out and match the settings in the policy exactly.
ESET Staff MartinK 384 Posted June 2, 2016 ESET Staff Posted June 2, 2016 I've checked on a few computers that are physically nearby, that were also generating the emails in question, and yes, it looks like the policy is applied. Their settings under email notifications are greyed out and match the settings in the policy exactly. It does seem like problem in endpoint itself. What product type (EES/EAV) and version (+ version of configuration module) are you using?
silnocus 0 Posted June 3, 2016 Author Posted June 3, 2016 It's Endpoint Security 6.3.2016.0, and Configuration module is 1277.6 (20160413)
silnocus 0 Posted June 6, 2016 Author Posted June 6, 2016 Any updates? This is beginning to become a real problem because of the sheer volume of emails our clients are creating.
ESET Staff MichalJ 434 Posted June 7, 2016 ESET Staff Posted June 7, 2016 Hello, we have identified issues with the notification functionality. We will work on fixing them in the future releases of Endpoint, specifically Endpoint 6.5, which is currently planned for release in December 2016. I will try to get more information for you, concerning possible workarounds / intermediate fixes (if any).
silnocus 0 Posted June 7, 2016 Author Posted June 7, 2016 Thank you. Any kind of workaround/fix would be acceptable at the moment, since our mail server is bearing the brunt of this issue.
Recommended Posts