Jump to content

ERA v5 - Device control

bbahes
 Share

Recommended Posts

bbahes

bbahes 29

Posted
Posted (edited)

Hi!

 

I'm trying to block all LPT/COM devices but allow some to accessible to users.

I've created two rules. One to block all LPT/COM devices and second to allow specific Vendor and Model devices for use.

But still I'm getting Blocked in Device Control Log.

 

Is this possible to achieve in v5 or not?

 

Thanks for reply!

 

post-5358-0-95962300-1474461834_thumb.png

Edited by bbahes
Link to comment
Share on other sites
bbahes

bbahes 29

Posted
  • Author
Posted

Hi!

 

I'm trying to block all LPT/COM devices but allow some to accessible to users.

I've created two rules. One to block all LPT/COM devices and second to allow specific Vendor and Model devices for use.

But still I'm getting Blocked in Device Control Log.

 

Is this possible to achieve in v5 or not?

 

Thanks for reply!

 

I've tested same thing on v6. Same result.

post-5358-0-04076000-1474535640_thumb.png

Link to comment
Share on other sites
  • ESET Staff
MichalJ

MichalJ 434

Posted
  • ESET Staff
Posted

You can not see a device control "log". You can however create a report, that collects data from device control rules.

However, ERA V6 by default only collects the logs with severity "warning" / "error", so configure the device control rules, to be reported with this severity.

 

 

post-35-0-62911500-1474542969_thumb.png

post-35-0-48501200-1474543033_thumb.png

Link to comment
Share on other sites
bbahes

bbahes 29

Posted
  • Author
Posted

Thanks! I was able to configure dashboard with this report.

 

Here are few suggestions for 6.5:

 

1. Create default Device Control table dashboard out-of-the box. That would be helpful for all modules.

2. Implement search in most forms. When I select + (Add Report) it would be nice to have search so I don't have to manually read almost all reports to find one I created. (Later I found out I can create my own category so searching was "faster")

3. Implement sorting, at least by name and/or category so I can (if search is not implemented) find my report quickly

 

 

Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted
Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

 

If you use the Populate function to retrieve details of a device, the data should be retrieved correctly, including possible trailing spaces.

Link to comment
Share on other sites
bbahes

bbahes 29

Posted
  • Author
Posted

 

Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

 

If you use the Populate function to retrieve details of a device, the data should be retrieved correctly, including possible trailing spaces.

 

 

Yes, but this Populate function is only available in v6 and we are still on v5 ;)

 

As a matter of fact support from Croatia instructed me to try and use Populate function, but we didn't know space would be problem :)

Link to comment
Share on other sites
  • ESET Staff
MichalJ

MichalJ 434

Posted
  • ESET Staff
Posted

Thanks! I was able to configure dashboard with this report.

 

Here are few suggestions for 6.5:

 

1. Create default Device Control table dashboard out-of-the box. That would be helpful for all modules.

2. Implement search in most forms. When I select + (Add Report) it would be nice to have search so I don't have to manually read almost all reports to find one I created. (Later I found out I can create my own category so searching was "faster")

3. Implement sorting, at least by name and/or category so I can (if search is not implemented) find my report quickly

 

 

Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

Hello, thanks for the feedback.

1, Device control report template / dashboard is not implemented currently for multiple reasons. First of all, the usage of this functionality among ERA 5 users was very low, secondly, device control could generate excessive loads of data, so when customers wants to use this functionality, he should spent the time creating such report template. We are evaluating an option, that would allow us to trigger "collecting data" for reports, meaning you will be able to disable / enable collection of data for each of the reports. But this would still have to undergo feasibility.

2, You can use browser "ctrl+f" as a workaround, to search for a particular report template

3, We will track improvement for that.

Link to comment
Share on other sites
bbahes

bbahes 29

Posted
  • Author
Posted

 

Thanks! I was able to configure dashboard with this report.

 

Here are few suggestions for 6.5:

 

1. Create default Device Control table dashboard out-of-the box. That would be helpful for all modules.

2. Implement search in most forms. When I select + (Add Report) it would be nice to have search so I don't have to manually read almost all reports to find one I created. (Later I found out I can create my own category so searching was "faster")

3. Implement sorting, at least by name and/or category so I can (if search is not implemented) find my report quickly

 

 

Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

Hello, thanks for the feedback.

1, Device control report template / dashboard is not implemented currently for multiple reasons. First of all, the usage of this functionality among ERA 5 users was very low, secondly, device control could generate excessive loads of data, so when customers wants to use this functionality, he should spent the time creating such report template. We are evaluating an option, that would allow us to trigger "collecting data" for reports, meaning you will be able to disable / enable collection of data for each of the reports. But this would still have to undergo feasibility.

2, You can use browser "ctrl+f" as a workaround, to search for a particular report template

3, We will track improvement for that.

 

 

1. I wonder how you get this usage report :)  We are pushing it into production with v5 and will continue once on v6. I hope you continue to develop this part of Endpoint Security.

 

2. I did, but it's not elegant as search :)

 

3. Thanks.

 

 

Regards!

Link to comment
Share on other sites
  • ESET Staff
MichalJ

MichalJ 434

Posted
  • ESET Staff
Posted

1, ERA 5 reports anonymous statistics during the process of updating itself. This helps us to understand the general usage patterns. In case of device control logs, it basically reports us, if instance of ERA has at least one device control log entry stored in the database.

2, I agree.

3, You are welcome

Link to comment
Share on other sites
tmuster2k

tmuster2k 22

Posted
Posted

You can not see a device control "log". You can however create a report, that collects data from device control rules.

However, ERA V6 by default only collects the logs with severity "warning" / "error", so configure the device control rules, to be reported with this severity.

How would a report for device control be created using ERA 5? 

Link to comment
Share on other sites
  • 2 weeks later...
bbahes

bbahes 29

Posted
  • Author
Posted (edited)

Would you consider adding custom columns in device control? I have problem with one Samsung Galaxy Note 3. The device control does not detect Serial number and I am unable based on Vendor and Model name to make exception for device.

 

Also, what properties from device you use for Vendor, Model, Serial Number?

Edited by bbahes
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...