Zwergenmeister

EEC update cycle computer police change / EAM language

Recommended Posts

Hello EMSI Team,

 

I am new here and test the EEC and EAM for our company, so i have install EEC and deploy some clients. 2 little questions

 

1) How long does it take that the EAM Client will set up changes from the computer police in EEC. Example I have change the Privacy settings for Anti Malware Network all to yes for this group but the client will not change it, have try a reboot no change. / Is it 10 min / 1 Hour / can i configure it?

 

 

2) In this Police under Generals can i change the Language but only English is there. Yesterday i had a German client before i deployed over EEC. Is ok when EEC is only in English but our users should have a German EAM

 

Have a nice day

Zwergenmeister

 

Share this post


Link to post
Share on other sites

Oh have install EEC Version 2 on Test PC. Today have Install on Server and wowowowo :D  there is a EEC Version 3 from yesterday  ;)

 

And i can change the language now in the Police !!  :D  good work

Share this post


Link to post
Share on other sites

1) How long does it take that the EAM Client will set up changes from the computer police in EEC. Example I have change the Privacy settings for Anti Malware Network all to yes for this group but the client will not change it, have try a reboot no change. / Is it 10 min / 1 Hour / can i configure it?

 

 

 

There is a  fixed delay time of 6 minutes until the changes will be send to the clients in that computer group.

When your client restarts/reboots it will get all policies from EEC, so also the new changes.

 

cheers

Share this post


Link to post
Share on other sites

Hello Frank H.

 

have a little problem the EEC is installed have configure a GPO with the settings in the helpfile.

 

But in the prepare stand more todo i must execute a batch file, is this right ?

 

there a 4 in this directory but, witch i need for AD PrepareAdministrator.bat or PrpareDefaultAdministrator.bat ?

 

-----------

 

And why i need when i click on the deploy a Domain Admin (O.K.) and a local Admin too ??? to active the deploy.

 

Thanks

Share this post


Link to post
Share on other sites

you can do the GPO manually for your client computers or you can run one of the batchfiles.

 

There is a difference between using the default windows administrator or using a useraccount defined as admin.

 

so when you deploy using the default windows admin account, you will have to run PrepareDefaultAdministrator.bat

When you use a user account with admin rights, you have to run PrepareAdministrator.bat

 

This applies too for the 2 batchfiles to be run on the EEC server pc.

----

Local admin: admin account on the EEC server

Remote admin: admin account on the clients

The EEC service performs all the actions and needs to impersonate on the local EEC server too, this is why you have to add both accounts (they will be similar in most cases)

 

Share this post


Link to post
Share on other sites

Hello Frank,

 

First i will deploy over EEC and GPO so i look in the help file.

 

When i understand it right i will need PrepareAdministrator.bat or the GPO Instruction in the help file.

 

I will check out where the difference between batch file and GPO. 

 

So the batch here open Firewall ports on Clients and change DCOM settings, ok understand.

 

But under point 5.1 stay using buit-in domain administrator what i will use ! 

 

All options must i configure in one GPO, i do not must use the default Domain Policy, it can be a new policy on computer group were the clients in it right ?

 

This Option don´t set any Firewall ports and DOCM, so i need the batch too or must configure it in a GPO ???

 

Thank you for help

 

regards 

 

Zwergenmeister

Share this post


Link to post
Share on other sites

Hello Frank,

 

for this option i need no extra scope to secure it ? maybe the localsubnet 192.X.x.?

No because its only active in the domainprofile, when the client is in the domain !?!

 

Allow inbound file and printer sharing

Allow remote administration

 

When i set Windows Firewall: Allow ICMP exceptions to enable an click ok it is in the list automatic set to disable so i need to active all the options in this ? or witch from all option?

 

Thanks that's all

Share this post


Link to post
Share on other sites

Hello Frank,

 

so have set the GPO and understand that do the same as the Script but open all for the Domain.

 

So have deploy it to one client with Domain Admin for both Domain and Local and i get this log, see screenshot. 

 

The Client is deployed, put whats wrong the UAC is set to disable how it is in the help ?

post-42886-0-39132900-1452504742_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

Hi Zwergenmeister,

If you like I can help you with a teamviewer remote support session to show/explain you EEC.

In complex network environments this usually is the most efficient way.

 

cheers

Share this post


Link to post
Share on other sites

Hello Frank,

 

thanks for your offer, maybe tomorrow with a TD Session, note the system in a German installation WIN 2008 R2.

 

Today I am have setup my EEC computer policies and user policies, scans and all other, and it works fine.

 

So i can deploy, have 4 Clients to test in it an found same malware that avast not found. 

 

The problem i still have:

 

1) UAC Warning in the log by deploy (GPO configured, help file), but client is installed correct and connected to EEC

 

2) No SSL Support for E-Mail at EAM

 

3) Little bug by the EEC Installation it is not possible to change the ports 8080 and the other, but no matters.

 

Thanks 

Zwergenmeister

Share this post


Link to post
Share on other sites

Hi,

 

Deutsch ist kein Thema. Please let me know at least one day in advance when/if you need a remote support.

 

1) if all is OK, you can ignore it.

2) I'll check this.

3) bug confirmed. you can change the updateproxy port at: Settings / Updateproxy Server : stop server, modify portnr, start server.
You will have to publish that changed portnr to your client pc's, this can be done by performing a new deploy. This will only send licence keys, portnr, ssl info etc. to the clients.

 

hope this helps

Share this post


Link to post
Share on other sites

Hello Frank,

 

yes it helps.

 

to 1) have test it and it seams do be a wrong warning, the client is installed but not so fast as you protocol it, the service check is to short my clients need 1-2 Minutes longer to start up EAM after installation ?!? maybe that the reason for the message / Screenshots / A redeploy is without fail / I use by deployment for both Users the domain Admin Account.

 

2) Here the GPO its all right ?

 

to 3) maybe it better that EEC not use Port 8080 by standard its a Apache and often used Port. / So i will not change it now, because i know that and have documented it. 

 

 

So I am really Happy with EEC today, there are little to do´s to make it better but i will trust in you that it will come in the future.

 

Maybe for the next release it would be great when you have a information on the first client list with versions numbers of EAM and signature are installed.

 

So i will order now 50 Clients License Key for 1 Year and hope I am happy with all so i can renew it next year :-)

 

Thanks

post-42886-0-62435800-1452600010_thumb.jpg
Download Image

post-42886-0-41904600-1452600011_thumb.jpg
Download Image

post-42886-0-83814600-1452600011_thumb.jpg
Download Image

post-42886-0-81713600-1452600079_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

Hello,

 

1) yes it seems that the EEC timeout is a little too short. We will increase this timeout in a future version.

2) If deploy succeeds and you get status information from your clients in EEC, then your GPO is OK.

3) Port 8080 is commonly used as proxy and caching port. This is why EEC uses this port by default.

 

It is already possible to select additional columns for the Clients grid. See attached screen print.

Howto: right mouseclick on a column header and select the column(s) you want to add.

You can drag the columns in the client grid to another position if you require.

 

thanks

post-22132-0-91668600-1452602603_thumb.png
Download Image

Share this post


Link to post
Share on other sites

WOWOWOW wunderfull nice list options  :blush:  :D

 

Another little Question

 

1) Setup White lists in EEC for File Guard / are there Wildcards like * or % possible ? Have you a litte instruction.

    This files are than save and don´t blocked by anything from EAM

 

2) I have some files in "Verhaltensanalyse" that have status "unbekannt" how can i help to get this files trusted from you or the database ?

 

3) Is there a option to upgrade user rights when i directly sitting at client PC, only for this moment, when i look as admin in EAM maybe with a password ? 

post-42886-0-02970200-1452603324_thumb.jpg
Download Image

post-42886-0-64683100-1452603650_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

Hi,

 

1) no wildcards are allowed.

2) when you use right mouse click on such file and open the fileproperties, you can see which check failed (see the bottom of that window)

3) yes, 2 possibilities:

3.1)  logon on that pc as local admin and EAM will not apply permissions.

3.2) create an admin password at Settings / Permissions: password protection. After that EAM will ask for that password when you click a restricted setting.

(see attached screenprint)

 

cheers !

 

post-22132-0-07666200-1452606298_thumb.png
Download Image

Share this post


Link to post
Share on other sites

Frank,

 

3.2) is a good option that i search for but i can´t configure it in EEC for all clients ? 

 

1) No wildcards are "shit" sorry for it  :( So what i have for option to exclude files like this in screenshot without include every file always.

 By this update files EAM popup 10-15 times with tmp install msi and so on,.....  :wub:

 

A Screenshot how Avast handel it and if works fine.

 

 

And this problem will be always come with every DATEV Update next time for me.

post-42886-0-02212400-1452607473_thumb.jpg
Download Image

post-42886-0-94440900-1452607485_thumb.jpg
Download Image

post-42886-0-76699300-1452607713_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

Hi,

 

Setting such password globally for all eam clients is not yet supported in current EEC beta, but it will be available in a close future version.

 

The file in your sig.jpg has no proper digital signature and has no or too little feedback in the Emsisoft Anti Malware Network (AMN)

This is why the behavior blocker provides an Unknown status. There is not much you can do about that, besides using a properly signed .exe

The file is not monitored, that means you won't get any alerts.

 

Whitelisting a whole folder would help in your situation.

 

cheers

  • Upvote 1

Share this post


Link to post
Share on other sites

Frank

 

that sounds good with the password, i can wait for it.

 

Emsisoft Anti Malware Network / so i can´t send files to you to check this and update it to your Network ?

 

The whitelist folder option i will check tomorrow, the clients will download the files from this share and install it local so there was a 10-15 pop ups because msi installation and unpack in tmp dir, and a TMP dir i want ALLOW ! 

 

 

When the Client send me a E-mail with infection (Test E-Mail works without SSL) ? Here a screen were i get no E-Mail why ? 

 

 

Where i can see witch client have a old test licence ? is here a Way ?

 

Thanks

 

post-42886-0-29262400-1452613140_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

 

Where i can see witch client have a old test licence ? is here a Way ?

 

you will see a warning in EEC when there is a license issue, but you cannot see the expiry dates in advance.

We are aware that EEC License management is missing currently.

 

 

When the Client send me a E-mail with infection (Test E-Mail works without SSL) ? Here a screen were i get no E-Mail why ?

 

Did you try to Quarantine or delete the files? The email will be send after that action.

Share this post


Link to post
Share on other sites

 

you will see a warning in EEC when there is a license issue, but you cannot see the expiry dates in advance.

We are aware that EEC License management is missing currently.

 

 

 

Did you try to Quarantine or delete the files? The email will be send after that action.

 

1) ok that´s enough for starting it will be good to have more functionality in 1 year when licence is over :-) 

 

2) No quarantine and no deleting have left it because i will information about any found via email. A Notebook remote user can left it intentionally, so i will only get any feedback via email if malware is detected and if its deleted or else.

 

 

MSI coming later

Share this post


Link to post
Share on other sites

Hello Zwergenmeister,

 

I'm just checking, looks like this topic is solved already and you proceeded via PM.

 

Please just let me know if I'm wrong.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.