FIX: ESET PROTECT Policy not applying to all clients.
If policies from ESET PROTECT are not applying to all client machines running ESET Endpoint Security, then continue reading below to learn how to fix the issue.
I recently tried to apply a firewall policy created in the ESET PROTECT web console to all client computers in a domain environment, but after completing the process, I discovered that on some computers the policy was applied correctly, while on others it was not, with no indication in the ESET PROTECT logs why this might be happening.
After verifying that the policy was correctly assigned to these computers and they were connecting and communicating with the ESET PROTECT console, we discovered that the only difference between the workstations that received the policy and the computers that did not, was the different version of the ESET Management Agent. And yes, that was the problem…the old version of ESET Management Agent on computers that do not receive the policy!
So if you are experiencing the same problem, the first thing to do is to check if the version of the ESET Management Agent is newer on the workstations where the policy was applied and those where it was not.
How to FIX: ESET PROTECT Policy not Applying to Clients.
Step 1. Find out the ESET Management Agent on clients.
1. On ESET PROTECT web console, select COMPUTERS on the left pane.
2. Now make sure that the computer(s) that did not have the policy applied were last connected to ESET PROTECT after the time you applied the policy, and then from the 3-dot menu next to the computer name, click Show details.
3. Note the version of the ESET Management Agent (e.g. "9.01141.0" in this example)
4. Then, open the details of a computer where the ESET policy is applied and check the ESET Management Agent version there as well.
If the version is newer, like in this example (e.g. "10.1.1292.0"), proceed to step-2 below to update the ESET Management Agent version on the client computer where the policy was not applied and you will resolve the issue.
Step 2. Update ESET Management Agent on clients.
1. In ESET PROTECT dashboard, select Tasks > New > Client Task.
2. Type a name for the new task (e.g. 'Upgrade Management Agent"), select under "Task" ESET PROTECT Components Upgrade and click Continue.
2a. Now accept the terms of the application and click Choose server.
2b. Now. choose a Server from the list and click OK.
2c. Now select if you want to automatically reboot the client machine(s) after the upgrade and then click Continue.
3. Then select CREATE TRIGGER.
4. Type a name for the trigger and click Continue.
5a. Click ADD TARGETS.
5b. Select the computers where the ESET policy is not applied because of the outdated ESET Management Agent version and click OK.
5c. Click Continue.
6. Now choose to apply the trigger "As soon As Possible" to apply the trigger immediately, (or schedule it at a later time if you wish), and click FINISH.
7. Now wait a few minutes and then go to the Tasks section to see the overall progress of the task you created. To view more details of the progress, click on the task and then click Show Details.
8. Notice the computers where the progress is "Finished", and in these computers send a "wake-up call" to connect immediately on the ESET PROTECT and apply the assigned policy.
9. To send a "Wake-Up Call", navigate to Computers section, and from the 3-dot menu next to computer's name click Send Wake-up Call.
10. After doing the above, click Show Details on the computer you want and navigate to Configuration > Applied Policies to verify that the policy is applied.
Conclusion:
Typically, when an ESET PROTECT policy is not applied, the cause is an old version of the ESET Management Agent on the client. If, after following the steps above, the problem is not resolved, check the following:
- The workstation is connected in ESET PROTECT console. If not, send a wake-up call to the client and, if it does not connect, uninstall and reinstall the ESET Endpoint Security (on the client).
- The Assigned Policy does not conflict with any other Applied Policy.
That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
Frequently Asked Questions
Why are ESET PROTECT policies not applying to all client machines?
The most common reason for ESET PROTECT policies not applying is an outdated version of the ESET Management Agent on the client machines.
How can I check the ESET Management Agent version on client machines?
In the ESET PROTECT web console, select COMPUTERS, find the target machine, and from the 3-dot menu, choose Show details to see the ESET Management Agent version.
How do I update the ESET Management Agent on client machines?
Create a new client task in the ESET PROTECT dashboard under Tasks > New > Client Task, select ESET PROTECT Components Upgrade, and follow the prompts to complete the update.
What should I do if updating the ESET Management Agent doesn't fix the issue?
Ensure the workstation is connected to the ESET PROTECT console, and if not, send a wake-up call to attempt re-connection.
