Palps
-
Posts
39 -
Joined
-
Last visited
Posts posted by Palps
-
-
Thank you very much for investigating.
Up to now until for threat events.
Just for your background, we are reporting out IT topics on a monthly basis. We have some KPI's and one of them is also including the monthly threats to show that we have a secure environment.
Thanks!
-
Hi together,
I have currently the issue, that some of my exceptions are not working.
ESET is detecting the following false positive:
It seems, that BackupExec is running because for every detection I am getting another shadow copy path.
file:////Device/HarddiskVolumeShadowCopy11/ProgramData/Druva/inSyncCloud/inSyncServer4/detectav.exe
file:////Device/HarddiskVolumeShadowCopy6/ProgramData/Druva/inSyncCloud/inSyncServer4/detectav.exe
Now I tried to adapt our exceptions with the following paths and processes but every morning I am getting the false positive again.
Path exclusions:
Process exclusions:
How is the syntax or which kind of wildcards are working for the exceptions?
Would really appreciate your help.
Thanks.
-
Hi Roga,
is there any background why you want to install the client software manually?
I just did the update from v5 to v6 for about 500 clients and some servers.
I installed the agent via our software deployment or via a batch file. As soon as the agent is installed you are able to manage the clients via the console. So after the agent installation the clients appear on our console and are immediately moved to a dynamic group with a task assigned to install EFS/EEA as soon as a computer is joining the group. This is working quite well and you don't need any additional xml files or do something manually because of the configured policies.
This is also working for our remote offices.
regards
Palps
-
Any updates on this topic? Would appreciate it.
-
Hi together,
we are currently updating all our clients and servers to the new ESET v6.
The client update went quite well, also the server update.
On some servers (e.g. Windows Server 2012 R2 Standard) we are getting the following error message after installing the new version (ESET File Security v6.3.12006.0).
According to the Logs the HIPS module is causing this issue. Regarding our Policy HIPS (v1222) should be disabled, but in the main screen it is shown as enabled and in the advanced settings shown as disabled (see attachments).
We did the following steps to update our servers (old version 4.5.12017):
1. Uninstall the old version
2. Restart server
3. Install Agent
4. Install ESET File Security v6.3.12006.0
Do you have any information about this error?
Thanks!
-
But isn't this just the interval on the x-axis from when to when data should be displayed.
So when I set "Between 1 month ago and now; only whole month(s)" I get the number of threats by day for the range of 1 month. But I want just one bar with all threats for this month. As shown in my first screenshot.
My understanding was that I can set this at Data as shown in the screenshot. I thought if I set "Time Interval Unit" to Month I would get what I am searching for, but unfortunately there is no option "month".
Am I wrong?
-
Hi,
i am looking for a solution to get a chart for the threat events per month for the last 6 months.
I only found thread events per hour and per day.
So is it possible to create a report like the chart attached?
Thanks!
-
Our AD structure is synchronized on a daily basis to our ERA.
I just checked permission sets and native users.
I created a new permission set for location 1 and assigned only the static groups for location 1 and as you said the reports are automatically adapted according to the permissions of the user.
I also like the idea with the different peer certificates and the dynamic group filtered by it. This would be the option I would go for but I discussed this topic with my colleagues again and we decided to go for the reports filtered by the different location subnets.
Simply because we are one company and we have to support each other. So when a user is traveling and has a virus or problems with ESET the admins of the user's current location have to support because they are on-site and may provide the better support then the remote admin.
Thank you very much for your information.
-
First, thanks for your prompt answer.
But how can I be sure that I don't miss any device in this folders? I assume they would have to be maintained manually without AD sync.
Via the AD synchronized static folders I can be sure, that I don't miss any device and can check if there are devices which are not managed yet.
In our infrastructure only devices in our AD are getting ESET, so the synchronized folders are the best way to check if there are devices without ESET installed.
Thanks!
-
Hi together,
I was already searching for this question but I couldn't find an answer.
Is it possible to create a new dynamic group based on more then one static group?
The background is that we have several locations and I want each admin to maintain their own devices. So my idea was to create a new dynamic group based on the static groups (synchronized from the AD) which belong to this location. Each location has it's own groups in the ad for clients and server.
This new dynamic group, containing all devices from the different static ad groups should be used for a location based dashboard.
Or is there a more simple way to create a dashboard where the admins have an overview about their own devices?
IP based is not an option because our users are traveling very much, so they are getting a different IP address in each location.
Thank you in advance
-
Hi, I have also a question regarding wildcards but not based on a filename.
We have the same folder but sometimes on a different partition, so would it be possible to add exclusions like below metioned?
We have the following folders C:\BEControl\* and D:\BEControl\*. Can I exclude both with the exclusion *\BEControl\*
Thank you in advance.
Edit: I just figured it out by myself. Only C:\BEControl\* is working, not *\BEControl\*. I did a test folder structure on my test machine and added the exception not to scan the content of this folder. But If I use *\BEControl\* wildcards the contents will be scanned. If I use C:\BEControl\* nothing will be scanned as expected.
-
Thank you for your prompt answer. This helped me a lot!
-
Hello,
I have basically the same problem. I want to be sure, that my clients are receiving their updates from the Apache HTTP Proxy and not from the internet.
In general my clients are updating, I just want to know from where.
I set the update server to AUTOSELECT and set my Apache HTTP Proxy as proxy server. With this settings the client is requesting the update at our proxy server, so this seems to be correct.
When I now capture the traffic at my proxy server I can see that the proxy server is connecting to the ESET servers in the internet. Now the question is, is this request just for authentication or is the proxy downloading the update files every time a client is running an update?
When I look at the Apache cache directory, then I can see that there are many cached files. So it seems that the proxy is caching the update files correctly. How do I know that the client is using the cached files instead of just be redirected through the proxy to the ESET update servers?
Attached you can find two Wireshark captures, one of the client (ip 10.51.13.23) and one of the Apache proxy (ip 10.51.13.17) and the log-file of the Apache proxy server.
Maybe everything is correctly setup already, I just want to be sure, that the clients are using the cached update files instead of downloading it from the internet.
Thank you in advance
Exceptions not working
in ESET PROTECT On-prem (Remote Management)
Posted
Hi Gonzalo Alvarez,
the knowledge base article just shows the same place where it took the screenshot of my exception processes/paths.
I configured already the settings which are described in the article but they are not working, but thanks anyway