ESET Policy Documentation

Discussion in 'ESET Server & Remote Administrator' started by splansing, Jul 7, 2012.

Thread Status:
Not open for further replies.
  1. splansing

    splansing Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    13
    Location:
    USA
    I was reading an old thread that I couldn't reply to, from December '11. It appeared to me that the ESET folks were saying that there are too many settings in the policies for them to be all documented. (!)

    I notice that a very few of them have a very brief blurb on the right there that explains what they do. However, here's a fun one for you: disable the GUI. Doesn't do anything. You have to set other settings for that to work. And I'm still not exactly sure which ones, because there isn't anything explaining how they work.

    I'm married to ESET because the decision to go with it pre-dates me joining this organization. But until someone can point me to a document that fully describes all of the parameters in those policies, I'll leave it at this: use Sophos Endpoint instead if you have any choice in the matter. The documentation and the support are shockingly good, especially the support. So far dealing with ESET has been about an average experience, at best. Catching attitude from people who appear to think I should just KNOW how this stuff works is IRRITATING.

    First of all, the very idea of having hundreds of policy settings is, in itself, a design flaw. How do I find the one I want? And of course they'll be tough to document. So how do I find the one I want among hundreds (thousands?) if there isn't any documentation? So far, if I had to offer an opinion, I'd say that whatever the merits of the antivirus engine, as an enterprise solution this is rubbish. Another thing I'm missing now that I have to roll out ESET is the fact that Sophos would uninstall any existing antivirus it found when you deployed it. I, on the other hand, have to create a separate uninstall process and roll it out through GPO to strip off the previous stuff (specific process for each legacy package, which I have to ascertain for every machine in the script), and then push out the ESET package through the clunky remote console.

    I am growing more comfortable with it, but the attitude from the support folks and the fact that I was so spoiled by years with Sophos Endpoint have left me really disliking this poduct. Barring a significant cost difference, I wouldn't recommend this product to anyone as long as Sophos is still around.

    If anyone knows where I can find a comrehensive list of all of the policy settings in ESET and what each one does and how they interact with each other, that'd be great. If you're going to tell me that's impossible, I'll ask again: why in the @!#$* was it designed with so many parameters in the first place? Rubbish design. "Good enough" execution. Good thing the engine works.
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Sent PM yesterday.
     
  3. splansing

    splansing Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    13
    Location:
    USA
    Grinding and grinding. I have spoken with ESET tech support several times, with no results.

    I am trying to grab clients that already have the software installed, some 4.2 and some 5.0. I had a server that was in bad shape in a lot of ways, so I'm rolling out a new one with a fresh install on it, MS SQL DB and IIS for updates, for a lot of clients, hopefully.

    First AD won't sync unless, for some reason, I sync the entire directory. As soon as I configure it to sync only with the OU's I need, the sync fails. So I sync the whole thing and select only ERA groups, and it goes through. Not encouraging, since it behaves totally different on yet another server. But I'll live.

    Tech support assures me that if I roll out a fresh push install to any client, and include the settings that will direct it to check in with this new server, it will work, they will check in with this new console and I'll be all set. So I do a push install, which is a troublesome process that often requires I restart the remote console service when my jobs get stuck "waiting". But I can get it to sail through with flying colors sometimes, and it tells me the install went flawlessly. Only the computers never check in, and if I look at their settings I find that nothing has changed at all. I've tried a bunch of different combinations of passwords in all of the seemingly dozens of places I get asked for a password by this software, even though I'm logged into the server with a domain admin account...which reasonably ought to be more than enough, and the software itself ought to know to run using the credentials I provide for the service...

    I'm getting very, very frustrated guessing what I have to do to make this software work, finally getting it to work, and then having it not work again, and guessing something else, and having something totally different work a different time.

    I'm utterly baffled that something so incredibly inscrutable could be selling. Is it possible that it's true, that you get what you pay for...? Do I have to run the uninstaller on every client before I can run the new push installation? And if so, WHY ISN'T THERE ANYTHING ANYWHERE THAT DOCUMENTS THIS, OR ANY SORT OF BEST PRACTICES, OR COMMON EXAMPLES OF SETTINGS FOR VARIOUS PURPOSES, OR ANYTHING AT ALL AVAILABLE?

    I've got tomorrow left in me after a solid week of banging my head against this software. And then I'm going to make a recommendation that we do NOT roll it out beyond our existing 400-seat license to the additional 2000-seat license we need. One more day dealing with long wait times and poorly trained support people and inexplicable problems and I've had it.
     
  4. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Hey splansing, you probably read one of my earlier threads complaining about this very same issue. ESET has told me rarely does anybody ask for this sort of documentation. Obviously that is not true. And even if it were, that's no excuse to not document the product THOROUGHLY. In fact, documentation should be written LONG BEFORE the product gets officially released. Companies should not wait to see if users ask for documentation before writing docs - that is ABSURD!

    Maybe if enough of us keep bringing this to their attention, ESET will finally "get it".
     
  5. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Thank you for the feedback regarding the configuration descriptions. splansing, you should either have gotten a call at this point or should be receiving one very shortly.

    In the meantime, I wanted to let everyone know that there is currently a project to create descriptions for all of the parameters in the policies. As you know, there are many policy settings (over 1000) but we are working to document all of them. These descriptions will be available in the product in a future version release or build update. Until then, we plan to make a document available on our website with the descriptions that have been written so far. Ultimately, there will be a “comprehensive list of all of the policy settings in ESET and what each one does and how they interact with each other” as you request.

    The current project is only for Windows products but after this is finished, we will write the descriptions for Mac, Linux, Mobile Security and EMSX.

    Also, please note that the version 3 and version 4 descriptions will be listed as they appear in the ERA 5 Configuration Editor, but that they can also be used in the ESET Smart Security, ESET NOD32 Antivirus branch in the ERA 4.x Configuration Editor.

    I hope the phone call this morning will help satisfy your concerns and also provide us with more information we can use to further improve our products and service.
     
  6. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    There are two places to check in ERAS and the ESET Client if your clients aren't communicating with ERAS. On the ESET client, go into the settings and check the "Remote Administration" settings. Under the Primary Server tab, make sure those settings are correct, and notice that the default port 2222 is used. If you have any firewalls, you might want to check and confirm if they are blocking your communication.

    On the ERAS server, under Server Options, check the Security Tab. If you are using a password for your clients to connect with, make sure it is setup under "Passwords for Clients". Just to rule out password issues, you can also make sure the option "Enable Unauthenticated access for clients".
     
  7. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    I will believe it when I see it :) Users have been asking for more comprehensive docs for years. Whomever decided to only partially document your software should be fired, as they were very lazy IMO.

    The odd thing is that some of th epolicy settings are document in the GUI that the client uses, but the same policy settings are not documented at all in ERAC. Why did ESET document things for the end user and ignore us admins? A totally confusing business philosophy is you ask me...
     
  8. Drifter104

    Drifter104 Registered Member

    Joined:
    Mar 25, 2010
    Posts:
    12
    To be honest I've never found the lack of policy docs to be that much of an issue. I use RC across 30-40 different servers over the same number of customers. Each customer has something like 15 policies; policies that point clients to different internal http update servers depending on what ip address and location they are dialing in from for example. The KBs that exist are general quite good if a little difficult to find sometimes. Overall I'm happy with what there is.

    As for the support from the tech team, they do seem to be a little lacking sometimes. I've only used them a couple of times and each time I've had to go away and try things as they didn't know the answer.
     
  9. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Drifter104 - imagine you are a brand new ESET user. How would you know how to configure the many policy settings (using ERAC) when virtually none of the settings are defined? e.g. as a new user myself, one of the first policy settings I saw was something like "Enable Self-Defense". I have no clue what that meant, and there were no docs that i could find in ERAC. That's just one illustration of how the lack of docs affects new users. I could give you hundreds more :)

     
  10. splansing

    splansing Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    13
    Location:
    USA
    I just heard from ESET and had a very good experience. Support was very helpful. They have actually always tried to be helpful, but the experience overall is still leaving me uneasy. The lack of documentation is inexplicable, because some settings, like those controlling the end users' gui, for example, don't do what you think they will...unless you also check off this box over here to "supress user settings". Silly me, I thought that if I un-ticked a box for the user's gui at the server level, he wouldn't get a gui...but then he does.

    The design flaw is that there are all of these thousands of parameters to begin with. And that's a big flaw. I could live with it, except that it's a flaw complicated enormously by the lack of documentation. And that's just crazy.

    Props to Jesus for the awesome helpful call.
     
  11. Drifter104

    Drifter104 Registered Member

    Joined:
    Mar 25, 2010
    Posts:
    12
    I was a brand new ERAC user, while I had been using Eset clients for 3 years I never had the need to install ERAC. I'm used to layered policies from build GPOs, and pretty much all the settings in ERAC can be accessed in the client which has its own docs. So even new I didn't find the lack of specific policy docs a problem
     
  12. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    I guess you didn't want/need centralized management of your ESET clients? Being a Managed Service Provider (MSP), centralized management of software components (like AV) is crucial. As far as the ESET policies - I did not have a problem understanding the GPO-like structure. The problem is that the hundreds of policy settings are totally undocumented in ERAC (e.g. "Enable Self-Defense" - what the heck is a newbie supposed to make of that?) :( If they had designed it like Microsoft policy settings, there would be an "EXPLAIN" tab for every setting. But whomever wrote the documentation for ERAC didn't feel like doing it, so nothing is documented for administrators within the ERAC product. Anyway, I'm glad to hear ESET has decided to do their homework and document this stuff. What's amazing to me is that they can't just get it done quickly. One knowledgeable person should be able to do it within a week IMO. Instead, they are probably going to drag out this project into little bits and pieces taking many months (or years)...

     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Editing policies should be done by persons who are familiar with the particular product and need to adjust certain settings. Tampering with default settings is not recommended as it may result in weaken protection.
    What I can add on this topic is that we're planning to add use cases into the help and manuals which will explain basic procedures in a straightforward way.
     
  14. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Marcos - how do new users "get familiar" with your product if there is NO DOCUMENTATION on all the policy settings? I do not mean to insult or offend you, but your comment makes no sense to me.

    All of us are interested in what DWMACK said earlier in this thread:
    In the meantime, I wanted to let everyone know that there is currently a project to create descriptions for all of the parameters in the policies. As you know, there are many policy settings (over 1000) but we are working to document all of them. These descriptions will be available in the product in a future version release or build update. Until then, we plan to make a document available on our website with the descriptions that have been written so far. Ultimately, there will be a “comprehensive list of all of the policy settings in ESET and what each one does and how they interact with each other” as you request.
     
  15. splansing

    splansing Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    13
    Location:
    USA
    Any news on when this documentation process will be completed?

    Honestly, I just don't care anymore. I've gone through the process, learned how to use this thing, rolled the client out to hundreds of workstations... and then learned that if I want them to have the latest patch (5122 to 5126)...I have to upgrade them all through a process much like the big push install I just did. I just tested the upgrade on my own computer. It ran 4 instances of the msiexec process, several ekrn what-have-yous, seized up my machine, and left me in an unprotected state when, after about 15 minutes I finally forced a reboot.

    I've just had it. The remote clients don't automatically get patched. So the issues with 5122 (including blue screening some machines) you can only fix by going through this push install/upgrade process, an install process which is light years behind Sophos and Symantec. I'll spend 20-40 hours a month administering this bloody software! If it were $5/client maybe I could see it. But it's not.
     
  16. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    I find it difficult to get Marcos to consistently answer posts in this form. I wish they would take this form of support much more seriously :(


     
  17. foneil

    foneil Eset Staff Account

    Joined:
    Dec 7, 2010
    Posts:
    255
    Location:
    San Diego
    Hello, here is an update on the project to provide documentation for the configuration descriptions.

    The Knowledgebase team (responsible for creating documentation) is working every day to document the descriptions for each configuration item. We take support feedback regarding documentation very seriously.
    A lot of progress has been made as far as the descriptions for our primary products. However, to ensure their accuracy, all of these descriptions need to be thoroughly reviewed by our ESET Development/QA teams before providing them in any form.

    This is where we currently are with the project.

    The Knowledgebase team has been following this thread and any others that offer suggestions or recommendations about documentation. Although we recognized the need for these descriptions before this thread was started and subsequently began the project to document them, we recognize that not having this information documented before now is unacceptable. I can’t give a date for completion but I can assure you that we will continue to do our best to work on the documentation that is important to you and we treat every comment about documentation with the highest priority.

    Fer on behalf of the ESET NA Knowledgebase
     
  18. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Hi foneil,
    Thanks for the update on this project!

    I'm curious though, why can't ESET provide whatever documentation that has been written so far as promised earlier in this thread by ESET's DWMACK?

    He said:
    These descriptions will be available in the product in a future version release or build update. Until then, we plan to make a document available on our website with the descriptions that have been written so far.
     
  19. foneil

    foneil Eset Staff Account

    Joined:
    Dec 7, 2010
    Posts:
    255
    Location:
    San Diego
    We absolutely plan to make the descriptions available as soon as they are verfied by ESET Development/QA.

    Once verified, we will provide them to users in one of the methods mentioned earlier in thread.
     
  20. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Hmmm, your timeline sounds awfully vague. Why not just post what you have so far, with a disclaimer that it is a work in progress (a beta of sorts)?

    As a new user of NOD32, I must tell you how incredibly difficult it is to use this product *intelligently* since there is no (or very little) documentation. Being a software developer, and doing IT for over 25 years, I just cannot fathom why a company would not document such a complex product. I mean, documentation has to exist at some level in order for the developers to know what their goals are/were.

    I hope ESET learns and matures as a result of this insanity, and that ALL future products are thoroughly documented at the time of their release.

    Am I frustrated? YOU BET! This product has cost me a lot of wasted time (money).

    PLEASE, get this done in weeks, not months or years!
     
  21. James2012

    James2012 Registered Member

    Joined:
    Aug 15, 2012
    Posts:
    16
    I honestly think your making a big deal out of this. When its not really that difficult to figure out.

    We use ESET Endpoint Antivirus on 200+ seats. And setting up the policies was a breeze.

    Whilst I can see this being a problem for Non I.T. individuals, You have to admit, the policies are pretty self-explanatory.

    I would recommend setting up ESET in a test environment (something like a virtual machine) and play around with the settings in there.
     
  22. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    James, I've been doing IT for over 25 years, written numerous software packages (serial communications and fax APIs for developers) etc. I have never encountered software with such incomplete docs. My first day trying to create policies I discover there are NO docs in ERAC that cover the hundreds of policy settings. Zilch. So I'm looking at one of the first policy settings called "Enable self defense". What the heck does that mean? I call Labtech support (who I purchase my ESET license thru) and ask them what it means. They don't know and log a call into ESET. 2 weeks later I finally get to talk to someone from ESET. They couldn't remember what this setting was for either (no docs, remember). But they do share a good tip - that SOME of the policy settings are explained in the online help that accompanies the client GUI... So ESET put SOME docs in the client GUI and NONE in the admin tools o_O My customers have no interest in these policy settings, nor would any admin ever want them changing any policy settings... The docs should have been put into ERAC!

    How you deduced what all these settings mean is amazing. Maybe you are one of the developers :) Or, you never delved into the hundreds of settings trying to learn about the default policy settings before deploying? Or, as ESET tech support told me - "most folks just use our default policy settings and don't bother tweaking anything". Well, we know why most folks don't bother trying to adjust the policy settings :)
     
  23. James2012

    James2012 Registered Member

    Joined:
    Aug 15, 2012
    Posts:
    16
    Haha.

    No I'm not a developer :)

    I'm guessing your from the US. We are based in the UK. The support over here is fantastic. We usually get a response within 1 hour, and any problems we have had get fixed on the first email.

    I have taught myself to memorize most of the functions of ESET, and set the various parameters in the policy management.

    Granted, Seeing as ESET have an ISO:9001 certification, they SHOULD document everything.
     
  24. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    How do you teach yourself totally undocumented policy settings? e.g. First time you saw the "Enable Self-Defense" policy setting (assuming you use ERAC), how did you make an intelligent choice for that setting?
     
  25. James2012

    James2012 Registered Member

    Joined:
    Aug 15, 2012
    Posts:
    16
    I do use ESET Server Administration Console.

    However, I have used the product before activating the policy.

    For example, The "Self-Defense" policy you have mentioned is clearly in the ESET User Guide

    "ESET Endpoint Antivirus has a built-in Self-defense technology that prevents malicious software from corrupting or
    disabling your antivirus and antispyware protection, so you can be sure your system is protected all the times. Changes
    to the Enable HIPS and Enable Self-defense settings take effect after the Windows operating system is restarted.
    Disabling the entire HIPS system will also require a computer restart."



    So enabling/disabling the "Self Defense" policy would make the change as described above.
     
Thread Status:
Not open for further replies.