Jump to content

Marcos

Administrators
  • Posts

    35,863
  • Joined

  • Last visited

  • Days Won

    1,429

Everything posted by Marcos

  1. It was a false positive (Machine Learning) that has been fixed and the file is not detected any more.
  2. It means that the Private network connection profile was activated. Probably you have more networks listed under Setup -> Network protection -> Network connections and the connection changed when you received the message.
  3. Please carry on as follows: Enable advanced logging under Help and support -> Technical support Start logging with Procmon Launch the browser and reproduce the issue Stop logging Save the Procmon log unfiltered in the PML format and compress it Collect logs with ESET Log Collector and upload the generated archive here along with the Procmon log.
  4. Please try rebooting the machine by running shutdown -r -t 0
  5. The following procedure should make the communication work: 1, Ensure that Advanced security is disabled, otherwise: A) Click More > Settings > Connection and click the toggle next to Advanced security. B) Click Save to apply the setting. C) Close the Console and restart the ESET PROTECT server service. D) Wait a few minutes after the service is started and log in to the Web Console. Afterwards, when Advanced security is disabled, proceed with further steps: 2.Verify if all computers are still connecting and no other problems have occurred. 3.Click More > Certification Authorities > New and create a new CA. The new CA is automatically sent to all client computers during the next Agent - Server connection. 4.Create new peer certificates signed with this new CA. Create a certificate for the agent and the server (you can select it in the Product drop-down menu in the wizard). 5.Replace your current ESET PROTECT server certificate with the new one. 6.Create a new ESET Management Agent policy to set up your agents to use the new agent certificate: A) In the Connection section, click Certificate > Open certificate list and select the new peer certificate. B) Assign the policy to computers where you want to use the advanced security. C) Click Finish. 7. Wait until all Agents have replicated and obtained new policy. 8. Run a repair installation over ESET Inspect as described here: https://help.eset.com/ei_deploy/2.0/en-US/?get_the_certificate_from_esmc.html Customer can go through first steps of repair as pre-filled from original installation, and then in above mentioned point they need to create new certificate based on correct CA. 9. After repair is finished, observe and confirm whenever Inspect console and Connectors are able to communicate, and if data from Inspect are able to reach PROTECT console. In case Connectors won't be able to communicate with Inspect console, re-installation of Connectors using PROTECT tasks may be necessary. This may not occur, so please, proceed based on observation. 10. Re-enable Advanced security in PROTECT console and restart the service.
  6. Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023View the full article
  7. I've reported the issue to developers. If a particular operation is blocked by a HIPS rule, it can be logged in the HIPS log. In this case it's not caused by a HIPS rule. Please provide logs collected with ESET Log Collector.
  8. Ok, I've learned that activation with an offline license file doesn't work with the current version of ESET Server Security v11. It will be fixed in the next service release. However, it is possible to generate an offline LF for product 211 (without the firewall) and use v11 without the firewall until the next service release becomes available.
  9. Do you have HIPS in automatic mode with no custom rules created? Does temporarily disabling only Deep Behavior Inspection make a difference?
  10. There's just one installer for ESET Server Security v11. Whether it has the firewall or not depends on the offline license file.
  11. The license for ESET Server Security with a firewall has code 318. Make sure that you generate an offline file for this product and use it. We plan to change the name of this product in EBA to distinguish it from the other product.
  12. ESET NOD32 Antivirus is the only product that doesn't contain network protection and thus doesn't generate a pcap with network traffic either. In that case a pcap log needs to be created with Wireshark. There seems to be a weird communication problem on both machines since even the download of a stand-alone ESET SysInspector by ESET Log Collector was failing: [12:31:29.337] Downloading ESET SysInspector from https://go.eset.com/esi?platform=x64 to C:\Users\xxxxx\Downloads\SysInspector.exe... [12:31:40.386] ERROR: ESET SysInspector download failed (If the problem persists, please download the ESET SysInspector manually and place it to the same location as ESET Log Collector.) Are the users able to download it in a browser from the above link?
  13. It's a detection of a suspicious obfuscation misused by malware. It is up to you if you trust the website or not. If it's trusted, creating an exception should be safe.
  14. You can create a detection exclusions as follows:
  15. I'm not getting any alerts while browsing the website. Most likely the malware has been removed in the mean time.
  16. We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threatsView the full article
  17. Could you post a screenshot of the error that the user is getting? I can open the site in Edge alright and no AV vendor has blacklisted it either according to VirusTotal.
  18. I was wrong, the result was from 1 hour ago. After re-scanning it, no threat was found and I'm not getting any alert from ESET while browsing the site either.
  19. The website is indeed infected: https://sitecheck.sucuri.net/results/https/peoplesparksolutions.co.uk
  20. Unfortunately I don't remember any handshake issues in the past. If there were issues, then no connection could be established which was not this case.
  21. We only see that handshake is failing, hard to say why. At least they could disable the appropriate application status on the machine so that it doesn't disturb the user. It should not have any effect on protection but some actions from ESET PROTECT or update of license information in the product may take much longer.
  22. Please contact technical support and report it as a request for feature update.
  23. From the screenshot it is not clear if you have set the server address as the IP address or hostname of the server. Is it failing with the IP address entered?
×
×
  • Create New...