Jump to content

Marcos

Administrators
  • Posts

    35,860
  • Joined

  • Last visited

  • Days Won

    1,429

Posts posted by Marcos

  1. Thanks. Since the issue with Web Control is most likely related to Endpoint and to avoid discussing different issues in this topic, please create a new topic in the Endpoint forum and provide a screen shot or two with the errors that you are getting. I've checked the logs you've supplied and there was no mention of an error neither in ESET's event log nor the system log.

  2. In this case it's the PR_TRANSPORT_MESSAGE_HEADERS_W property which is in conflict. The property contains transport-specific message envelope information for email and this modification cannot be avoided. If email is scanned on the mail server, disable integration with MS Outlook.

    As of Enpoint 7.1, processing email messages will be completely revamped and will ultimately prevent sync issues from occurring.

  3. 30 minutes ago, Trooper311 said:

    So for the Windows 7 clients stating that Web Control is not functional is that a false positive basically?

    It can be either an issue registering a WFP callout (e.g. due to issues with BFE or registry permissions), or you disabled protocol filtering which is now indicated by a change of the protection status. Please provide me with logs collected with ESET Log Collector from such machine so that I can check the configuration.

  4. It is necessary to upgrade the server from ERA 6.5 to ESMC. As stated in the documentation, Agent v7 cannot communicate with an ERA Server do to changes in the communication protocol.

    Agent can be upgraded by sending an ESMC component upgrade task to clients.

    As for the notifications that the firewall is disabled, you can suppress them via a policy -> User interface -> Application statuses.

  5. 33 minutes ago, Robert Andrews said:

    If I disable the HIPS rule (Deny child processes for powershell.exe), won't that leave the computers more vulnerable to ransomware attack?

    You could try creating another rule like "Deny child processes for powershell.exe" but change the action to Allow and enter "C:\WINDOWS\System32\Conhost.exe" as the target application.

    If there is a specific application that runs powershell, a better and probably also safer solution would be to create a permissive rule for that application and "powershell.exe" as the target application. Also create a blocking rule for powershell.exe with no application listed in the target application list. That way only the desired application will be able to run powershell.

×
×
  • Create New...