Knowledgebase business article search

Enable firewall advanced logging in ESET Remote Administrator (6.x)

Issue

A new version has been released

Version 7 of ESET business products were released on August 16, 2018. This article applies to version 6.x and ESET Remote Administrator. For information about what's new in the latest version and how to upgrade, see the following article:

  • Create a log of all connections blocked by the ESET firewall
  • Enable advanced logging of the firewall

Solution

 Endpoint users: Perform these steps on individual client workstations

I. Activate logging of blocked connections in ESET Remote Administrator

ERA 6.5 User Permissions

This article assumes that your ERA user has the correct access rights and permissions to perform the tasks below.

If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is grayed out), see the following article to create a second administrator user with all access rights (you only need to do this once):

 

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Policies

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers  
Once these permissions are in place, follow the steps below.
  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in.

  2. Click AdminPolicies New Policy.
    To edit an existing policy, select the endpoint policy that you want to modify and click the gear icon Edit.

Figure 1-1
Click the image to view larger in new window

  1. Type a name for the new policy in the Name field.

Figure 1-2
Click the image to view larger in new window

  1. Expand the Settings section and select Endpoint for Windows.
     
  2. Click Tools → Diagnostics.
     
  3. Click the slider bar next to Enable Firewall advanced logging.

Figure 1-3
Click the image to view larger in new window

  1. Expand the Assign section, click Add Computers, select the client for the policy and then click OK.

Figure 1-4
Click the image to view larger in new window

  1. Click Finish. The policy will be applied on the client computer. With logging enabled, repeat the action that is blocked by the firewall and then continue to Part II.

II. Download and run the ESET Log Collector tool

The ESET Log Collector will create the firewall log along with other logs to help ESET technical support resolve your issue quickly.

  1. Download and run the ESET Log Collector tool.
     
  2. Include the log file that the tool produces in your email response to ESET technical support. If you have not already opened a case with ESET technical support, complete a technical support request and submit the file you just saved to ESET technical support for analysis.
     
  3. To stop recording logs of all blocked connections, repeat the steps in the Activate logging of the firewall section and click the slider bar next to Enable firewall advanced logging to disable it in step 6. Click Finish. If advanced logging is not disabled, it will generate a large log file.

Figure 2-1
Click the image to view larger in new window


Using Override mode in ESET Remote Administrator

ESET endpoint version 6.5 products includes an Override mode option. When Override mode is enabled from ERA Web Console, a user on a client machine can change the settings in the installed ESET endpoint product, even if the settings were locked by another policy. After the changes have been configured on the client machine, the configuration can be requested and saved as a new policy that can be then applied on other computers.

Click for more information about Override mode.

 



Was this information helpful?