EAV 4.2 BE: cannot disable real-time protection using client menu

Hi,

As an ESET newbie, I must be doing something incorrectly, as I cannot seem to "disable real-time file system protection" using the ESET icon in system tray (XP Prof, SP3). It prompts me for the password (I did configure one in ERAC), and it accepts my password. But there is no sign that it is getting disabled (e.g. right-click and choose Open Window, and Protection Status still shows check marks next to Antivirus and Antispyware protection). Likewise, if I click on the Setup page (left pane), it also has a green checkmark next to "Real-time file system protection".

Update: I think I know what the issue might be. I am able to disable real-time file protection *only* on machines where the current logged in user has local admin rights. Any machine (XP is all I have tested so far) where the current user does not have local admin rights, does not seem to allow me to disable realtime protection... No error or warning message, it simply does not disable protection...

This is potentially a huge issue for me, as there are times a user will need to disable protection...

Any ideas?

Thanks,
-Mike

 

I was talking with an ESET tech yesterday about a whole bunch of newbie questions, and brought up this issue. He said he thinks it was designed this way - that you have to be an administrator of that computer in order to be able to disable real-time file protection.

I doubt the developers designed it this way, as these days it is pretty standard policy to lock down users so they do NOT have local admin rights (or risk extensive damage from malware). Plus, if the software was really designed this way, why does the ESET NOD32 GUI bother to display the 2 menu options for disabling real-time and AVAS protection? I mean, they obviously can tell if the current user has local admin rights or not, so if it was their intent, why not dim out these menu options for non-admin users? Instead, the software currently asks if you really want to disable it, then asks for the EAV password (assuming you've defined one). Then it does nothing - no warning, no error message and it fails to disable the protection...

My point? I think this is a bug. Though it was hard to convince the ESET tech yesterday...

 

How is UAC configured on that machine?

edit: my bad, win xp. There's a checkbox somewhere for this I think, can't remember the name though

 

This is happening on XP Prof. SP3 machines, so UAC is not involved...

 

Open the main setup (F5) and navigate to User interface -> Access setup. Do you have the option for elevating rights enabled?

 

Hi Marcos - in ERAC the policy had the User rights configured as follows:
[x] Require full administrator rights for limited administrator accounts
[ ] Require administrator rights (system without UAC support)

I checked the 2nd checkbox and retested, now it works. It first asks for the configured password, then displays a Run As dialog (simulating UAC), then disabled the protection modules...

I'd suggest the wording on that 2nd setting could be improved. I thought it should be UNchecked because I wanted non-admin accounts to be able to disable protection modules such as Real-time file protection. In other words, I thought that checking "Require administrator rights..." would limit the ability to disable protection modules to just accounts with admin rights.

A better wording might be: "Allow non admin accounts to elevate rights using a Run As... dialog (system without UAC support)"

It would also help tremendously to define what settings like this mean in the ERAC ESET Config Editor. There's plenty of blank space below the [Console] button, but for some reason only a handful of policy settings are ever described in that space

I also noticed that if I choose to "disable real-time file system protection" from the menu (and enter password and elevate permissions), the two menu options change to: "Enable...". Why does it behave like that? I assumed "Disable real-time file system protection" and "Disable Antivirus and antispyware protection" disable different protection modules (otherwise why have 2 separate menu options?). So I expected to see just the one menu option change (from "Disable realtime..." to "Enable real-time...").

 

Hmmm, no feedback from moderators. Should I post suggestions elsewhere?

 

bump...

 

1. we'll consider changing the wording for future versions
2. actually there's only one option for disabling all protection modules in v5. Personally I miss a lot the option for disabling real-time protection only.

 

So can you explain why these 2 options exist in EAV BE 4.2? Are they the same?

 

They are not same. "Disable/Enable real-time protection" disables/enables real-time protection only while the other option disables/enables all protection modules, including real-time protection.

 

Hmmm, it's not working as you described for me. Again, if I rgt-click and choose "Disable real-time file system protection", the icon in system tray changes to red (letting me know it's disabled). If I then rgt-click on it the menu options are enable real-time file system protection and enable antivirus and antispyware protection.

The fact that it says "enable.." for each option implies that each one is currently disabled. And that is not working as you described it.

 

"Enable antivirus and antispyware protection" means that at least one of the protection modules is disabled. As I wrote, there's just one option for enabling/disabling protection modules in v5.

 

A bit confusing to newbies, but now I understand. Tks