Marcos
-
Content Count
20,569 -
Joined
-
Last visited
-
Days Won
896
Posts posted by Marcos
-
-
The firewall logic has not changed over years. We assume that Teams has been updated and now works in the way that a connection is initialized by the server. In automatic mode, all outbound communication is allowed and all non-initiated inbound communication blocked, hence a rule for Teams may need to be created. It is beyond us to have a list of all 3rd party applications where the communication is initiated from outside and maintain the rules for them.
-
No, currently we don't have application control nor HIPS on Mac.
-
Did you check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html on the troublesome client? Is the ESET Management service running on the machine? Just in case, please collect logs with ESET Log Collector on the machine and upload the generated archive here.
-
-
Firewalls in general work with IP addresses, not with hostnames. Since IP addresses may change in time, I would not recommend creating firewall rules to restrict communication of the OS with Microsoft's servers.
-
There is only one trial license registered with your forum's email address. The public license ID is 3AJ-M9S-J6A and the license is valid until Oct 6, 2020.
-
It's quite straightforward, just send an ESMC component upgrade task to desired clients / groups:
-
For now we'll unblock the IP address and discuss it internally later.
-
The IP address was blocked today; the block is not a problem. What I find surprising is that "wpad" is resolved to the blocked IP address on your machine.
-
On Windows it's not possible to block applications via HIPS either unless you specify the full path to an application. On Mac we don't have HIPS so if there's a possibility to block execution of applications, it could be accomplished only using 3rd party tools.
-
9 minutes ago, Luca_Bellinzaghi said:
I've purchased NOD32 for Linux online by your site,
I've received your email with public ID, license key but not username/password requested to enable NOD32 updates.Please check your personal messages.
-
wpad.co.uk is a parked domain. I, for one, was unable to find any working domain on that IP address. The question is why "wpad" resolves to the blocked IP address.
-
It should work but you may need to create more rules via the troubleshooting wizard.
-
That's a policy for Windows. For Mac it should look like as follows with port 443 added:
-
If you are testing the rule with https websites, make sure that you have added port 443 to the list of ports in the web access protection setup. However, since SSL filtering is not supported on Mac it may cause issues with certain https websites; in such case the port 443 will need to be removed from the list.
-
Maybe a problem with the proxy 172.29.48.1? What if you configure agent to connect to the ESMC server directly, does it work then?
-
Please check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log on the troublesome clients for possible errors.
-
1, Create a permissive rule for bi-directional communication with the trusted zone selected on the remote tab:
2, Create a blocking rule for bi-directional communication and no IP address / zone selected and put it below the permissive rule that you previously created.
-
In order to update agent on clients, please send an ESMC upgrade task to the clients.
-
Are you an administrator of the website and the threat was detected upon downloading a file via a WordPress admin interface?
Please provide logs collected with ESET Log Collector but select also quarantined files to collect.
-
1 hour ago, mars_ots said:
So I edit the policy. How do I make it to take in effect again? Do I need to re-run the policy?
If you select a particular setting to be applied (ie. with the blue dot), it will be applied. You can enforce the setting by selecting the flash icon in case the setting was set by another policy. You can also choose how the setting will be applied; whether it should replace existing setting on clients or if it should be prepended or appended to the existing list of known networks.
-
We haven't had any ticket with this error yet. Googling for the error code yields a lot of results pointing to pages where users of different AVs ask about the error. Most likely it's a problem with the security center and the OS itself.
-
By NOD32 Antivirus v7 you mean ESET Endpoint Antivirus 7.3.2039? Does temporarily pausing real-time protection make a difference?
-
I've taken this from v12 so it doesn't look like the default skip option has changed recently:
Multiple indentical log records
in ESET Endpoint Products
Posted
Could you please provide a screen shot for clarification?