-
Posts
35,860 -
Joined
-
Last visited
-
Days Won
1,429
Posts posted by Marcos
-
-
A v11.2 hotfix addressing several bugs should be available within 1-2 weeks from now.
-
You have Malwarebytes 3.5 installed. Try uninstalling it. Also I've found two suspicious applications with the name commencing with "Po.." installed. Not sure if that's something what you have installed intentionally.
-
Thanks. Since the issue with Web Control is most likely related to Endpoint and to avoid discussing different issues in this topic, please create a new topic in the Endpoint forum and provide a screen shot or two with the errors that you are getting. I've checked the logs you've supplied and there was no mention of an error neither in ESET's event log nor the system log.
-
In this case it's the PR_TRANSPORT_MESSAGE_HEADERS_W property which is in conflict. The property contains transport-specific message envelope information for email and this modification cannot be avoided. If email is scanned on the mail server, disable integration with MS Outlook.
As of Enpoint 7.1, processing email messages will be completely revamped and will ultimately prevent sync issues from occurring.
-
Try uploading it here, it should be possible now. Nobody but moderators will see the uploaded file.
-
I reckon I've mentioned elsewhere that this will be addressed in the next v11.2 hotfix.
-
If disabled, ESET should not continue detecting it AFAIK.
-
What do you mean by page with ESET name? Do you have a screen shot? Does it look like as follows?
-
-
If it's a pre-installed application which is detected, you can only disable it in the system setup.
-
ESET continually updates malware, botnet and spam detections, provides institutions (typically banks) with insight into threat intelligence data via the ESET Threat Intelligence service, performs research and co-operates with the police and other institutions to disrupt botnets (e.g. https://www.welivesecurity.com/2017/12/04/eset-helps-law-enforcement-worldwide-to-disrupt-gamarue-botnet/), etc.
-
Actually SysInspector is the most important log that I wanted to check.
-
Please refer to https://support.eset.com/kb3466 for instructions.
-
Please provide me with logs collected by ESET Log Collector. I'd like to check what software is installed on the machine and find applications that might possibly clash with ESET.
-
30 minutes ago, Trooper311 said:
So for the Windows 7 clients stating that Web Control is not functional is that a false positive basically?
It can be either an issue registering a WFP callout (e.g. due to issues with BFE or registry permissions), or you disabled protocol filtering which is now indicated by a change of the protection status. Please provide me with logs collected with ESET Log Collector from such machine so that I can check the configuration.
-
Please refer to https://support.eset.com/KB6925/
Agent can be upgraded by sending a component upgrade task. If you are using an ERA Proxy, the computers on which you are going to upgrade Agent to v7 must be able to connect to ESMC directly or through an http proxy.
-
It is necessary to upgrade the server from ERA 6.5 to ESMC. As stated in the documentation, Agent v7 cannot communicate with an ERA Server do to changes in the communication protocol.
Agent can be upgraded by sending an ESMC component upgrade task to clients.
As for the notifications that the firewall is disabled, you can suppress them via a policy -> User interface -> Application statuses.
-
-
-
-
Parental Control should treat url-based rules as case insensitive. Please try adding the url to the list of blocked addresses in the web access protection setup and see if that helps. You might need to delete the browser's cache to ensure that the content is actually filtered by ESET.
-
17 minutes ago, nexon said:
Instead, simplify advanced settings...
Actually advanced users love the ability to customize numerous settings. Common users don't need to go to the advanced setup at all since ESET products provide well-balanced protection out of the box.
- persian-boy, Azure Phoenix and galaxy
- 3
-
33 minutes ago, Robert Andrews said:
If I disable the HIPS rule (Deny child processes for powershell.exe), won't that leave the computers more vulnerable to ransomware attack?
You could try creating another rule like "Deny child processes for powershell.exe" but change the action to Allow and enter "C:\WINDOWS\System32\Conhost.exe" as the target application.
If there is a specific application that runs powershell, a better and probably also safer solution would be to create a permissive rule for that application and "powershell.exe" as the target application. Also create a blocking rule for powershell.exe with no application listed in the target application list. That way only the desired application will be able to run powershell.
-
Normally HIPS should be used without custom rules. If one applies the extra rules for improved protection against ransomware, he or she should know how to remedy possible issues stemming from the rules. Please disable the HIPS rule(s) that are causing issues with PowerShell.
Remote Management Version 7
in ESET PROTECT On-prem (Remote Management)
Posted
The current design enables computers to be autonomous without connection to ERA. E.g. if a user takes a notebook outside the corporate network, if an active malware has been detected and a policy disconnects the machine from network, etc.