Jump to content

ERA v5 - Device control


bbahes
 Share

Recommended Posts

Hi!

 

I'm trying to block all LPT/COM devices but allow some to accessible to users.

I've created two rules. One to block all LPT/COM devices and second to allow specific Vendor and Model devices for use.

But still I'm getting Blocked in Device Control Log.

 

Is this possible to achieve in v5 or not?

 

Thanks for reply!

 

post-5358-0-95962300-1474461834_thumb.png

Edited by bbahes
Link to comment
Share on other sites

Hi!

 

I'm trying to block all LPT/COM devices but allow some to accessible to users.

I've created two rules. One to block all LPT/COM devices and second to allow specific Vendor and Model devices for use.

But still I'm getting Blocked in Device Control Log.

 

Is this possible to achieve in v5 or not?

 

Thanks for reply!

 

I've tested same thing on v6. Same result.

post-5358-0-04076000-1474535640_thumb.png

Link to comment
Share on other sites

  • ESET Staff

You can not see a device control "log". You can however create a report, that collects data from device control rules.

However, ERA V6 by default only collects the logs with severity "warning" / "error", so configure the device control rules, to be reported with this severity.

 

 

post-35-0-62911500-1474542969_thumb.png

post-35-0-48501200-1474543033_thumb.png

Link to comment
Share on other sites

Thanks! I was able to configure dashboard with this report.

 

Here are few suggestions for 6.5:

 

1. Create default Device Control table dashboard out-of-the box. That would be helpful for all modules.

2. Implement search in most forms. When I select + (Add Report) it would be nice to have search so I don't have to manually read almost all reports to find one I created. (Later I found out I can create my own category so searching was "faster")

3. Implement sorting, at least by name and/or category so I can (if search is not implemented) find my report quickly

 

 

Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

Link to comment
Share on other sites

  • Administrators
Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

 

If you use the Populate function to retrieve details of a device, the data should be retrieved correctly, including possible trailing spaces.

Link to comment
Share on other sites

 

Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

 

If you use the Populate function to retrieve details of a device, the data should be retrieved correctly, including possible trailing spaces.

 

 

Yes, but this Populate function is only available in v6 and we are still on v5 ;)

 

As a matter of fact support from Croatia instructed me to try and use Populate function, but we didn't know space would be problem :)

Link to comment
Share on other sites

  • ESET Staff

Thanks! I was able to configure dashboard with this report.

 

Here are few suggestions for 6.5:

 

1. Create default Device Control table dashboard out-of-the box. That would be helpful for all modules.

2. Implement search in most forms. When I select + (Add Report) it would be nice to have search so I don't have to manually read almost all reports to find one I created. (Later I found out I can create my own category so searching was "faster")

3. Implement sorting, at least by name and/or category so I can (if search is not implemented) find my report quickly

 

 

Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

Hello, thanks for the feedback.

1, Device control report template / dashboard is not implemented currently for multiple reasons. First of all, the usage of this functionality among ERA 5 users was very low, secondly, device control could generate excessive loads of data, so when customers wants to use this functionality, he should spent the time creating such report template. We are evaluating an option, that would allow us to trigger "collecting data" for reports, meaning you will be able to disable / enable collection of data for each of the reports. But this would still have to undergo feasibility.

2, You can use browser "ctrl+f" as a workaround, to search for a particular report template

3, We will track improvement for that.

Link to comment
Share on other sites

 

Thanks! I was able to configure dashboard with this report.

 

Here are few suggestions for 6.5:

 

1. Create default Device Control table dashboard out-of-the box. That would be helpful for all modules.

2. Implement search in most forms. When I select + (Add Report) it would be nice to have search so I don't have to manually read almost all reports to find one I created. (Later I found out I can create my own category so searching was "faster")

3. Implement sorting, at least by name and/or category so I can (if search is not implemented) find my report quickly

 

 

Regarding problem with LPT/COM rules in first post, the problem was solved after I examined string in Vendor field.

Solution was to add space at the end of Vendor string. Then It recognized device correctly. It was vendor that added space at the end of string.

Hello, thanks for the feedback.

1, Device control report template / dashboard is not implemented currently for multiple reasons. First of all, the usage of this functionality among ERA 5 users was very low, secondly, device control could generate excessive loads of data, so when customers wants to use this functionality, he should spent the time creating such report template. We are evaluating an option, that would allow us to trigger "collecting data" for reports, meaning you will be able to disable / enable collection of data for each of the reports. But this would still have to undergo feasibility.

2, You can use browser "ctrl+f" as a workaround, to search for a particular report template

3, We will track improvement for that.

 

 

1. I wonder how you get this usage report :)  We are pushing it into production with v5 and will continue once on v6. I hope you continue to develop this part of Endpoint Security.

 

2. I did, but it's not elegant as search :)

 

3. Thanks.

 

 

Regards!

Link to comment
Share on other sites

  • ESET Staff

1, ERA 5 reports anonymous statistics during the process of updating itself. This helps us to understand the general usage patterns. In case of device control logs, it basically reports us, if instance of ERA has at least one device control log entry stored in the database.

2, I agree.

3, You are welcome

Link to comment
Share on other sites

You can not see a device control "log". You can however create a report, that collects data from device control rules.

However, ERA V6 by default only collects the logs with severity "warning" / "error", so configure the device control rules, to be reported with this severity.

How would a report for device control be created using ERA 5? 

Link to comment
Share on other sites

  • 2 weeks later...

Would you consider adding custom columns in device control? I have problem with one Samsung Galaxy Note 3. The device control does not detect Serial number and I am unable based on Vendor and Model name to make exception for device.

 

Also, what properties from device you use for Vendor, Model, Serial Number?

Edited by bbahes
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...