Eset endpoint Mirror update fails on some and works on some

[Eset endpoint Mirror update fails on some and works on some]

First of all, on Windows server you should install ESET File Security. Please uninstall EEA and install EFSW 7.2. Secondly, v5.0 is a legacy version which is in limited support and will have reached EOL by the end of this year.

Please update ESET products to the latest version. If you have offline computers, use the ESET Mirror tool to create a mirror (https://help.eset.com/esmc_install/70/en-US/mirror_tool_windows.html). If the machines have access to a computer connected to the Internet, install an HTTP proxy server (it's a part of the ESMC all-in-one installer) and configure clients to update through it.

[Issue installing File Security on an Windows server]

10 hours ago, Peter Randziak said:

It may, make sure that the product is able to access edf.eset.com, for details see https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall

Besides edf.eset.com, it's also important that clients can connect to pki.eset.com as well to perform activation.

[Full CPU with eset FileServer Linux]

CPU utilization is controlled by the OS. Please open a ticket with your local ESET support for further troubleshooting of the issue.

[If a software tried to collect my data, would ESET prevent it??]

If it's not a legitimate software it would be detected as malware or pot. unwanted or unsafe application. PUA/PUsA detections are optional. ESET does not make a DLP solution but we have a partnership with Safetica that provides DLP. For more information, visit https://www.safetica.com/.

[ESMC: Global process exclusion w/ placeholders]

Please carry on as follows:
- Temporarily disable protected service in the HIPS setup and reboot the machine
- Start logging with Procmon
- Reproduce the issue
- After a while, stop logging.
- Enable advanced operating system logging in the adv.setup -> tools -> diagnostics
- Reproduce the issue
- After a while, disable logging
- Re-enable protected service and reboot the machine.

When done, collect logs with ESET Log Collector and add the Procmon log to the generated archive. Upload the archive to a safe location and drop me a personal message with a download link.

[Deny Internet access for running process]

As a workaround you could temporarily switch to interactive mode, run the desired Windows app, create a blocking rule and then switch back to automatic mode. However, creating rules for Windows apps is not recommended since the folder name changes with each update of the app and therefore you'd have to create a new rule each time an app updates.

[ESMC: Global process exclusion w/ placeholders]

Strange, we've used Teams without any exclusions and issues.

Does temporarily pausing real-time protection actually make a difference? Do you have the latest Endpoint 7.3.2039 installed?

 

[Deny Internet access for running process]

You can create a blocking firewall rule for specific applications. As for WindowsApps, not sure what's special about it since I can't get there either from explorer after elevating rights via UAC but can get there through a file manager after elevation.

[ESMC: Global process exclusion w/ placeholders]

Wildcards are supported in performance and detection exclusions and only at the end of the path.

What is the actual issue that occurs if you don't create process exclusions?

[Deny Internet access for running process]

Via the network connections panel you can temporarily block communication for a process:

 

Quote

Now I can't block it the traditional way since the user have no access to the folder ("C:\Program Files\WindowsApps\DisneyMagicKingdoms") by default.

I don't understand. Only users with administrator rights can create rules. And such users have access to folders in Program files.

[ESMC: Global process exclusion w/ placeholders]

Since ekrn runs in the local system account, user variables cannot be resolved. Only system variables should work but not for process exclusions; at least it seems that variables are not accepted at all.

[NOD32 keeps blocking internet access]

The problem has been pinpointed and will be fixed in the upcoming version of the Cleaner module 1213.

[Device Control]

My understanding is that you would have to create 11 policies with unique device control rules and manually assign each to the particular computer. PC1-3 would use the same policy, likewise PC7-8 and PC9-10.

[Activation failed]

You should get an error message with a code number if activation fails. What is it?

[Licence Overused:have bought the android licence through google play store,]

This forum is public so if you want to provide some personal or otherwise sensitive information, please drop me a personal message. What you can share is you public license ID in the form XXX-XXX-XXX.

[Maze Ransomware/ Anchor Trickbot removal]

ESET detects and cleans both. However, files encrypted with Filecoder.Maze cannot be decrypted.

[incoming mail disappear]

ESET can only move email to specific folders only if malware was detected or if an email was evaluated as spam provided that a supported email client is used (typically MS Outlook). If you don't use a supported email client, there's no chance that ESET could move emails.

[incoming mail disappear]

Does he or she have ESET installed? If so, does temporarily uninstalling ESET make a difference?

[SysRescue http proxy]

It seems that the current version doesn't support temporarily saving settings. Unfortunately, it appears there is no workaround.

[Threat removed pop up]

You can switch to the pre-release update channel and wait for a new Internet protection module to become available which should address this issue.

[how do i review my blacklist]

What blacklist do you mean? Antispam blacklist? At any rate, you cannot check someone else's configuration.

[Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll]

Let's stop any speculations, all AVs have this issue. The topic is subject to dispute with Microsoft.

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

 

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

 

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\TmWscSvc\WSCHandler.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\DrWeb\drwamsi64.dll that did not meet the Microsoft signing level requirements.

 

 

[Licence Overused:have bought the android licence through google play store,]

Overused is your license for ESET Mobile Security. It was purchased for 1 mobile phone but it was activated on 2. Huawei CMR-W09 connected to ESET's servers one month ago. If you don't need it, click Deactivate product:

I've also added your EIS license and it's not overused:

 

[eset not scanning certain areas]

Even if you run a scan as an administrator, there will be dozens of files that cannot be scanned.

[eset not scanning certain areas]

As the notice says, the files could not be scanned due to being exclusively used by the operating system or another application, or you don't have sufficient read permissions. Running a scan as an administrator should scan more files than if run as the current user without elevated permissions.