Automatic Configuration By Group

Discussion in 'ESET NOD32 Antivirus' started by CyBorge, Jul 1, 2008.

Thread Status:
Not open for further replies.
  1. CyBorge

    CyBorge Registered Member

    Joined:
    Jul 1, 2008
    Posts:
    2
    We are in the process of evaluating NOD32 Anti-Virus (Business Edition) as a replacement candidate for our existing anti-virus software. One feature we're hoping to find is the ability to divide computers into multiple groups, and assign unique configurations to each group.

    It appears that we can push out configurations on demand, which is all fine and well for computers that are on and network-connected at that particular point in time, but what we want is for the computers to automatically update themselves according to the latest settings of whichever group they're in. Simply changing the configuration for a group would automatically update every single computer in that group before too long, and any new computers moved into the group would automatically inherit the settings of the group.

    Is this possible? If so, can someone point me at the feature? Thank you!
     
  2. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Is this possible? No.

    One of my desires as well. We did this in CA eTrust.

    Nod works differently. The eSet RA policy's overlay the user settings. I have a user which has added his own exclusions. When I push my policy to him, it doesn't replace his exclusions, for example, it overlays on top of them. He keeps his exclusions. In CA it would completely replace the settings each time the PC connected to the admin server. PC's that had settings that didn't match their defined settings would generate alerts.

    In Nod32 RA you can create a the groups and assign PC's into the groups. And you can create XML config files for these groups. And you can schedule tasks that will stay in your task list forever to push the config to these PC's. Every so often you re-push these tasks to these groups. (Delete the old task, recreate it with your defined group/xml file.) The tasks will easily stay out there for a year waiting for all PC's to connect.

    It's less than ideal, but it actually works ok. In CA I had to have 30 different groups so I could define custom settings & exclusions because CA eTrust was so !@#$ slow. In eSet I have basically 3 configs. One for PC's, one for Servers, and one for Laptops. There are some others used for testing, but they don't really count. I exclude WSUS database, one aerospace application that conflicts with Nod32, and our e-mail stores which are scanned by McAfee. Servers have the special settings as mentioned in the KB. That's it. Just works.

    a.png
     
  3. CyBorge

    CyBorge Registered Member

    Joined:
    Jul 1, 2008
    Posts:
    2
    So you're saying a task to push a new config out to a given group of computers will eventually do so, even if some are offline or otherwise unavailable when the task is initially triggered? Like you said, not ideal, but that should be workable. We'd just have to remember to trigger the push whenever a change is needed.

    I wonder if it's possible for an external script (say, a login or startup script) to determine whether or not a given PC is running the latest configuration and send a message to the system administrators if it finds a discrepancy. Kind of a failsafe against human forgetfulness, not that I'd ever forget anything! :shifty: Really a separate issue, and probably only useful during the initial transition stages.

    The other side of this is the remote administration. If I understand the help files correctly, any groups you create on one console won't show up on another. This poses a potential problem when trying to administer the server from two or more locations. We're probably small enough to work around that, especially with the ability to use remote desktop, but it sure would be convenient if that information was stored on the main server instead of the individual remote admin consoles.
     
Thread Status:
Not open for further replies.