Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Try adding the directories you want exclude using the path name only and also with the \* option at the end of the path name to Deep Behavior Inspection exclusions section of the HIPS settings.
  3. Today
  4. I have opened a case with our local customer care and provided the requested logs, but they didn't find the root cause of the problem. I was provided with the beta version 6.8.400.0 and issue still occurred there. Edit: Provided logs esets_proxy log level has been set to verbosity level = 8 Sample of esets_proxy.txt customer_info.zip
  5. Good afternoon, We're having a problem here at our office where ESET is preventing a folder from being deleted or otherwise modified, with no logging or alerting that we're aware of. We're deploying alpha versions of some internal software to certain users in our office for testing, but the folder which contains the alpha executables is being locked from modification by ekrn.exe. This folder which we automatically delete and re-create is C:\Program Files (x86)\CompanyName\SoftwareAlpha. We have Real-Time File System Protection enabled, with the following paths excluded from our ESET Security Management Center's settings in Detection Engine > Performance Exclusions: C:\Program Files (x86)\CompanyName\SoftwareAlpha\*.*, C:\Program Files (x86)\CompanyName\SoftwareAlpha\*, C:\Program Files (x86)\CompanyName\*.*, and C:\Program Files (x86)\CompanyName* When I completely disable HIPs for these users, this automated alpha software deployment works fine. Is it HIPS that is locking this folder from being modified? How do I make sure that HIPS is not locking this folder? I've attached a screenshot from the program Process Explorer. When I search for "SoftwareAlpha" (the name of the folder which we want to delete), it shows that the process ekrn.exe is currently using this folder and keeping it from being modified.
  6. @Marcos Thanks for the reply. We are not blocking this traffic on our networks at the client or server. Based on the error messages, it appears that the remote server (epns.eset.com) is blocking/rejecting the communication. Or is the error indicating that the epns server cannot connect to our client? I'm also confused, as the documentation indicates these calls are triggered by a Web Console user. I am the only Web Console user and have not triggered these ever (intentionally, at least). Could you please clarify how to resolve this issue? Ideally we would not want this outbound traffic to ESET. Thanks again.
  7. Hello, We've a customer whose VP had experienced this error: Later the problem resolved and product is updating again however he wants to know why this message can appear. It's difficult to get an ESET Log Collector and we tried from ESMC and it give us error when trying to get the log from ESMC server. Thank you.
  8. Maybe the way to proceed is to verify Eset's RDP brute force password protection. For anyone using RDP, here is an article listing a number of RDP brute force attack tools that are readily available for penetration testing: https://resources.infosecinstitute.com/popular-tools-for-brute-force-attacks/
  9. Webex is not a browser: https://www.webex.com/ . Appears to be an interactive collaborative work software although it may include browser capabiility.
  10. I was aware that a RDP setting existed in Eset IDS. However per Eset online help, it only covers: https://help.eset.com/eis/13/en-US/idh_config_epfw_advanced_settings.html As far as I am aware of, CVE's only pertain to known hardware/software vulnerabilities. A brute force RDP attack does not fall into this category to my best knowledge.
  11. I used https://www.uuidgenerator.net/. I just searched for a UUID generator online.
  12. I think the installing user has the access, i will try it.
  13. Avast bought AVG (merged together) in 2016
  14. I stopped using it since they went to Avast and their servers got infected somehow with the move, I never use it again. here is another post : https://www.bleepingcomputer.com/news/software/avast-and-avg-firefox-extensions-pulled-from-mozilla-addons-site/
  15. Ok thank you very much , I will just wait for the advanced machine learning settings that came to the endpoints and consumer products , it would be much useful for 0-day threats or never seen before threats.
  16. Correct. But I gave ESET full location permissions, and the issue persists. Giving location permissions actually solved the issue right after the release of Android 10, but a more recent update to the ESET app reintroduced the issue - even if ESET has location permissions granted. (Currently my app is at version 5.2.42.0-0)
  17. Does that apply also to File Security ? , and it would be very nice addition the advanced machine learning settings for File Security , because too much files would just come through the servers.
  18. Hello @howardagoldberg, I noticed similar behavior during Connected home scan. The issue (feature) is caused by the Android permissions i.e. if an application wants to know the SSID of a WIFI, the permissions to read location had to be granted and the Location services enabled... Peter
  19. Yes, it also covers SQL and SMB brute-force attacks.
  20. It's a shame as Avast once was respected, kind of similar with AVG at the beginning. I'm now debating if I should remove ccleaner. I don't use it as much as I used to but it can be handy but now wonder if it could technically be classed as a PUA
  21. Yes, it is proper way how to change certificate on clients. Just be aware that this would work only for actively connecting clients and that is why I asked whether you need to change it on active clients or on "dead"ones. Once policy is applied, certificate is immediately replaced and there is no way back so just be careful of which certificate is chosen.
  22. Please drop me a personal message with your registration email address for my.eset.com and your public license ID. A weird thing is that the notification is in English despite having your license manager in Russian. Does the notification continually appear after logging out and logging in to the license manager again?
  1. Load more activity
×
×
  • Create New...