Jump to content

Marcos

Administrators
  • Content Count

    22,669
  • Joined

  • Last visited

  • Days Won

    952

Posts posted by Marcos

  1. As long as there is an infected machine in the network, the worm will continue to spread to network shares and ESET will continually detect it on the server.

    Please carry on as follows:
    - enable advanced network protection logging in the advanced setup -> tools -> diagnostics
    - wait until the malware is detected
    - stop logging
    - collect logs with ESET Log Collector
    - upload the generated archive here or to a safe location and drop me a personal message with a download link.

    Last but not least we'd recommend upgrading to a fully supported OS for which the vendor releases security updates on a regular basis.

  2. The pre-release update channel serves modules before they are server on the regular update channel. I'd say that in 99% modules from the pre-release channel are same as those that are later put on the release channel. However, we don't recommend using pre-release modules on production machines. On the other hand, we recommend using them on a few non-critical systems so that you can notify us about possible issues before the modules are released for all users.

    Regarding mirror vs http proxy update, here are several benefits of using http proxy:
    - streamed updates; machines are updated every few minutes which enables them to protect you from the very latest threats
    - LiveGrid provides another technique for providing rapid response to new threats
    - only files that are actually needed to update clients are downloaded. Mirror contains a lot of files that clients will never need. This way you should be able to save even GBs of Internet traffic per month.

  3. 22 minutes ago, sergio_sd said:

    Apache log when trying to update a workstation:

    
    192.168.0.124 - - [16/Feb/2021:10:18:28 +0300] "HEAD /mirrorRepo/update.ver HTTP/1.1" 404 196 "-" "ESS Update (Windows; U; 32bit; PVT F; BPC 6.5.2132.6; OS: 5.1.2600 SP 3.0 NT; TDB 48489; CL 1.0.0; LNG 1049; x32c; APP eea; ASP 0.0; PX 0; PUA 1; CD 0; RA 1; UNS 1; SHA256 0; WU 4; HWF: 010075DE-583E-8AA1-EC9D-A2A92FEEF81C; PLOC ru_ru; PCODE 107.0.0; PAR -1; ATH -1; DC 0; RET 2103)"

    It looks like that module updates work. If you want to update from a mirror and troubleshoot the issue, please provide a screen shot from Endpoint with the error.

  4. 2 minutes ago, sergio_sd said:

    This is upset :(

    https://help.eset.com/protect_install/80/en-US/apache_http_proxy.html

    Caching function

    Apache HTTP Proxy downloads and caches:

    ESET module updates

    Installation packages from repository servers

    Product component updates

    Cached data is distributed to endpoint clients on your network. Caching can significantly decrease internet traffic on your network.

  5. A preferred way to update more machines in a network is via an http proxy. Unlike update from a mirror, the machines would receive streamed updates and would also communicate with LiveGrid servers and thus receive maximum protection at all times.

    As for the issue updating from the mirror, how did you configure the update server on clients? Can the path to the mirror be opened in a browser?

  6. 2 hours ago, gemaynard said:

    I am attempting to reach the Consumer Reports website (https://www.consumerreports.org/) on my desktop computer and the message “Website certificate revoked” is returned. 

    We've seen several such reports recently when a Windows API function returned a critical error X509CSF_PartialChain which was caused by a missing root certificate.

    Please carry on as follows:
    - enable advanced protocol filtering logging in the advanced setup -> tools -> diagnostics
    - reproduce the warning
    - disable logging
    - collect logs with ESET Log Collector and upload the generated archive here.

  7. My understanding is that you have Sophos in the network which filters SSL communication to perform inspection. The cert. issued by Sophos already expired. The certificate we use to sign filtered communication uses the same validity period as that set for the certificate used in the original communication:

    image.png

    That said, the question is why Sophos encrypts the communication with an expired certificate given that Google provides as valid one as shown in my previous post.

  8. In order to investigate the issue, please carry on as follows:

    - configure Windows to generate complete memory dumps as per https://support.eset.com/en/kb380
    - reboot the machine
    - reproduce the lock
    - manually generate a system crash as per the above KB so that a dump is generated
    - after a reboot, compress the memory dump
    - collect logs with ESET Log Collector
    - open a support ticket with your local ESET distributor and provide them with the dump and ELC logs.

  9. Please carry on as follows:
    - enable advanced protocol filtering logging in the adv. setup -> tools -> diagnostics
    - reproduce the issue
    - disable logging
    - collect logs with ESET Log Collector and upload the generated archive here.

    We'll check the validity of Google's certificate and report it to them, if invalid.

    When testing, I received a valid certificate:

    image.png

  10. Does temporarily pausing ESET firewall make a difference? If so, did you choose Home/office network when the network was first detected? Asking since sharing is not allowed in the public network, only in home/office network (trusted).

    Also please rename this topic name to something meaningful.

  11. I would say it's ok; on my VM in idle state I've received about 280 mil. packets in 24 hours.

    As for the communication from 192.168.1.118 which was blocked, make sure that the network 192.168.1.0/24 is trusted. You can add it to the trusted zone manually if you are unsure. Also the firewall troubleshooting wizard should provide more information about the blocked communication.

×
×
  • Create New...