Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. Hi All, I need a advice about ESMC Client Task trigger. Could you please help? Scenario: I have created a dynamic group to grouping ESET Clients which hasn't AV. Then assign a AV Installation task with "joined dynamic group" trigger. the problem starts here. Think that a technician installs ESET to an endpoint with AIO installer. First, the AIO installer installs the ESET Agent and the client comes to ESMC and joining mentioned dynamic group(ESET Clients which hasn't AV.). As expected, ESMC triggers the av installation task on client and while this is happening, AIO installer has already installed antivirus. So, av installation task triggered by ESMC install AV again to same client. What can you suggest to avoid this situation? Thank you.
  4. Thanks a lot @Peter Randziak
  5. Okay, I'll setup a test machine with ESET and Teams only to isolate the problem and run the steps you listed ASAP.
  6. Besides edf.eset.com, it's also important that clients can connect to pki.eset.com as well to perform activation.
  7. CPU utilization is controlled by the OS. Please open a ticket with your local ESET support for further troubleshooting of the issue.
  8. If it's not a legitimate software it would be detected as malware or pot. unwanted or unsafe application. PUA/PUsA detections are optional. ESET does not make a DLP solution but we have a partnership with Safetica that provides DLP. For more information, visit https://www.safetica.com/.
  9. I installed a software called "Pdfelement". But I have discovered that another software came with it, called "wondershare helper". I uninstalled it. But, after some days, I discovered that the software was still active. I searched on the internet, and I read that the software's main function is to know if you already used the trial time of the software and maybe send ads... But, I wonder, is that possible that this software sent information about my PC activity, or even archives copies or print screens to someone? My ESET internet security was activated all the time.
  10. I'm continually (hourly) getting bugged by these notifications... "At least one of the client tasks in your ESET Cloud Administrator has invalid configuration, and therefore will fail. Please log-in to your ESET Cloud Administrator console for more details" So I do - all client tasks are complete and green, no errors, none running, none planned. I've seen that others have had this but apart from looking for the needle in the haystack there seems to be no simple way to identify what's triggering these notifications. Anyone?
  11. What are the actual risks of changing the permissions and the reason it isn't accessible? I mean I could understand if the system folder was like this by default for safety but the windows app folder is confusing considering the main windows program folder is accessible
  12. Yesterday
  13. Hi there, I'm trying to understand how the <action> </action> feature works . According to the official rule manual implementation you can use several actions that will be triggered along with your rule: "actions—allow to block an executable immediately after rule triggering. Action names are: · TriggerDetection—if no actions specified in the actions tag field, this action is executed by default, and the detection is triggered in EEI. If other actions are specified, and the user still wants to trigger detection, this action has to be added · MarkAsScript—marks an executable as script · HideCommandLine—removes command line string from a process · BlockProcessExecutable—blocks a process hash (ban hash via the rule) · CleanAndBlockProcessExecutable—cleans and blocks a process hash · BlockParentProcessExecutable—blocks a parent process hash · CleanAndBlockParentProcessExecutable—cleans and blocks a parent process hash · DropEvent—drops an event which triggered the rule" This was extracted from from PDF ESET ENTERPRISE INSPECTOR RULES guide that comes with the INSPECTOR, however browsing for more information on a web I found this statement: "A rule is defined using XML-based language. Rules are matched on the server asynchronously, so there is some time interval when recent events are sent from client to server and then processed by rules. Therefore, a rule cannot block execution of a process or operation (rules are intended for ex-post detection of any suspicious/malicious activity, not for their prevention). A matched rule can only notify security engineers by raising the detection." This was taken from https://help.eset.com/eei/1.4/en-US/rule_edit.html?rules.html So I'm kinda confused. I have tried to implement actions of my rules using these patterns: <action name="BlockProcessExecutable" /> AND <actions> <action name="TriggerDetection" /> <action name="DropEvent" /> <action name="BlockProcessExecutable" /> </actions> No matter where I place these lines my rules generate detections but the actions are not working. Is this feature already implemented or am I misunderstanding its usage? Thanks in advance,
  14. Same issue here. I'm on a trial at the moment. After having very good results with our windows web servers we decided to test it out on our Linux web servers and the first one we installed it on went down within 5 minutes of installing and setting up. No ping or anything. We rebooted and same again. CPU is going crazy before it goes down. So we had someone physically plug a monitor in and he got on it fine. He then did yum remove efs and everything started working again. I have now tested it on a blank Centos VM and a scan uses about 70% CPU when it has 2-cores and about 50% when it has 8-cores. Which is crazy compared to windows were it uses about 20% on a 4-core server(sometimes spiking to 40ish%) which is actually a live server(files being modified while scanning) whereas the test VM was doing nothing except the scan. It's a real shame because we had such great results with it on windows.
  15. Must absolutely agree with iTman and that's why I've tried Marcos 1000 times to make things understandable! As always top itman
  16. Hello @leoo1231, It may, make sure that the product is able to access edf.eset.com, for details see https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall Peter
  17. I have sent the activation task but it doesn´t work anyway. I have an proxy in my network to limit connections, may be it being the problem?
  18. Here's the reason why eamsi.dll is generating a hash error. Microsoft has higher requirements when it comes to proper signing of Authenticode modules: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps . Of specific reference is cross-certificate signing requirements: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/cross-certificates-for-kernel-mode-code-signing . Only a handful of specific CA's are authorized and only a specific certificate issued by each. Appears Eset's original SHA-1 certificate was legit since it was issued by DigiCert. The problem is SHA-1 certificates are no longer valid.. Eset's SHA-256 certificate is issued by Symantec and hence, not valid for cross-certificate signing.
  19. Thank you @itman for all your valuable inputs you share in this forum. I did exactly what you mentioned and reverted everything back to default and the rule still works until the app gets updated. But now I know I can access the folder using a file manager and then copy the path name and then paste it on the Eset firewall module "Rules" tab. Thanks for telling me that. I wonder why I didn't think about that in the first place!!!! Now I don't have to change the permissions of Windows Apps folder every time the desired uwp app gets updated. @Marcos You can close this thread as I have the solution now.
  20. Thanks for the instructions. I have attached the trace log which captures another upgrade attempt. Not sure if it's relevant but I noticed the time stamps in the log are 1 hour behind the actual time. The system time on the server is correct. trace.log
  21. The problem here initially is the Eset GUI was being denied access to the Windows Apps folder when you tried to select a file in that folder. The solution to this and like access situations is to first copy/create the full path name to the desired .exe and paste it into the Eset firewall rule. This eliminates the Eset GUI permissions issue since the GUI is not trying to physically access the folder. Make sure you reset Windows Apps folder back to its original default permissions.
  22. This may be a basic question. I am looking to install ESET on a Veeam Backup server. Which product should I install on the server, and what folders/files should I exclude? Thanks, James
  23. Can't help you with that one sorry. A bit weird that it would be blocked. Could just be extra security The only thing is if the folder changes it may need re blocked as some apps have the version numbers as the folder e.g. app version 1.1 so when the version gets updated its now in folder 1.2 and eset was set to block or allow 1.1
  24. But I would really appreciate if ESET have a feature in their firewall module to deny access to running processes on user demand "permanently"
  25. Thank you @peteyt I followed the "Manual" instructions in that page and took ownership of the folder and it's contents. Now I can access it through ESET firewall to create rules.Don't even have to change to interactive mode in the firewall module. It works!!! Now I want to know if there is any security concern for taking ownership of the "Windows Apps" folder andit's contents since Windows didn't want to allow access by default.
  26. Connection parameters (and other configuration options) are set during installation, so these settings were not changed from initial setup. Once policy is applied it stays in configuration (some of our products have a feature that policy removal restores original settings, MDM does not have this feature). ERA/ESMC will not try to do something behind scenes without user approval, so no worries. Actually we will create improvement for newer versions so some connection settings are taken from Agent as it does not make sense/is misleading to configure this separately.
  27. Please carry on as follows: - Temporarily disable protected service in the HIPS setup and reboot the machine - Start logging with Procmon - Reproduce the issue - After a while, stop logging. - Enable advanced operating system logging in the adv.setup -> tools -> diagnostics - Reproduce the issue - After a while, disable logging - Re-enable protected service and reboot the machine. When done, collect logs with ESET Log Collector and add the Procmon log to the generated archive. Upload the archive to a safe location and drop me a personal message with a download link.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...