Automatically revert to default policy when removed from group that applied other pol

Discussion in 'ESET NOD32 Antivirus' started by cksenter, Jan 14, 2011.

Thread Status:
Not open for further replies.
  1. cksenter

    cksenter Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    6
    Hey All,

    This is probably something really simple that I'm missing. I set up a couple of parametric groups that apply a policy. What I would like for it to do is when a computer is dropped from that group (because the parameters no longer apply), I'd like to have it automatically set them back to the default policy.

    For example when a computer is put into a group because of a protection status alert or a threat or whatever, it applies a special policy to that computer. When I clear the threat or the protection status goes away or whatever, they automatically disappear from the group. That much I have working the way I want. But once they are no longer in the group I don't want that special policy applied anymore. How do I make it revert back to the default policy?

    Thanks.
     
  2. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello cksenter,

    As long as you have the clients being assigned to a parametric group before they get changed by an infection, they should revert back once they check back in after the items have been cleared. You may want to check the settings for your initial group that the clients should revert back to.
     
  3. cksenter

    cksenter Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    6
    I was hoping they would just default back to the Default Primary Clients Policy... How would I accomplish that without overriding other policies? Since it doesn't do it automatically, I was thinking I could create a parametric group that was client name = "*" but then would that override the other parametric groups I created?
     
  4. iptrust

    iptrust Registered Member

    Joined:
    Apr 13, 2010
    Posts:
    9
    Hey cksenter

    Is the client no longer at that group without you press Refresh manually? See this post please:

    https://www.wilderssecurity.com/showthread.php?t=290777
     
  5. cksenter

    cksenter Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    6
    Actually I don't have to refresh manually for them to leave the group. That seems to work fine on it's own, though it sometimes takes a while. The problem is that the policy that the group applied is remaining as the current policy instead of going back to the default policy. All I want is some way to make it go back to the defualt policy. The groups work fine.
     
  6. cksenter

    cksenter Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    6
    Well, I added a new policy rule in the policy manager to set all to the Default Primary Client Policy. I first tried moving it to the top because I thought it would apply them in order, but it made that rule take precedence over the others, so I moved it back to the bottom and that seemed to do what I wanted. I manually clicked the "Run Policy Rules Now" button rather than waiting to see if it would happen on it's own. So I'll need to verify that it does happen without manual intervention, I'll report back later.
     
  7. cksenter

    cksenter Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    6
    Yeah, it works but it takes a long time...
     
  8. iptrust

    iptrust Registered Member

    Joined:
    Apr 13, 2010
    Posts:
    9
    Good workarround man!

    I think the configuration between "Run Policy Now" internal task is configured under Advanced Settings -> ESET Remote Administrator -> ERA Server -> Setup -> Advanced -> Scheduling options for less frequent tasks.

    I hope it help.

    Cheers
     
  9. cksenter

    cksenter Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    6
    Interesting, thanks for the info! I see that the "more frequent tasks" are set to 11 minutes and the "less frequent" are set to 56 minutes. Do you know if there's a reason for those numbers? If they were rounded to 10 minute increments I wouldn't worry so much about changing them, but the fact that they are such odd numbers makes me wonder if there's some formula or something I need to go by when adjusting them or something. Like I know by default the clients report back to the server every 10 minutes, so are the less frequent tasks purposely set to one minute over that or something? Or are they just setting them like that so that they rarely occur at the same time. I calculate that at 11 and 56 they'll only fire at the same time every 616 minutes... Wonder how much it matters. I'm guessing not much on a server with as little load as ours, we only have around 150 client machines connecting to the server.
     
Thread Status:
Not open for further replies.