Arakasi
-
Posts
2,411 -
Joined
-
Days Won
71
Posts posted by Arakasi
-
-
Hello,
Thanks for returning and giving a deserving company another chance to keep you protected.
Feel free to browse the forums and touch on any recent topics, you feel you could add to, or compliment.
Welcome to the forums ~
-
Happy New Year !
-
There are 6mo trials and 12, in addition to the 3, respectively.
Remember the vip cards ? lol
-
You could try a port forwarding effect, but i am unsure if it would work. Not mentioning how slow it could be...
It would be best that clients outside or not in the office, query ESET servers for definitions, and then back to locally when they return to the office.
The clients or endpoints can have 2 profiles for updates.
1 profile with local
1 profile for outside office hitting ESET servers.
They may just have to switch the profile when they leave or you can schedule a policy update on the days you know they are leaving.
If they leave the office sporadically, it will be up to them to change the profile.
Or you can put multiple servers in the update list.
For the first server, que locally, for the second que eset servers, and this might work for those outside the office with no management or user interaction needed.
Keep in mind if the endpoints or clients outside the office are queing ESET servers, the username and password must be entered into the client or into the policy.
-
I imagine they will.
Thanks for posting and giving feedback.
-
One thing to add from the manual is that it recommends using ms sql but that seems to be only if large networks, how many clients will be used ?
express is recommended for less then 5000, also express is installed by default and is part of the install package.
Proxy installation - windows....... is the same as Remote Admin Proxy
I would assume that msi contains the apache http proxy inside.
-
I would recommend, going to page 34 in the manual, and starting from there going down.
It even lists prerequisites, A Db server already installed and conf, etc
Foneil do we have a KB already for ERA 6 mirror replacement instructions by proxy if we lost it after verison 5 ?
Maybe Tomas can provide a breakdown or step by step.
Continue to check back.
-
Hi,
via the installer directoryWhen you say this ... What exactly do you mean ?
These are the directions i am looking at :
Open ApacheHttp.zip and extract the files to C:\program files\apachehttpproxy
Do you get that prompt after "httpd.exe -k install -n Apachehttpproxy" from the command prompt ?
-
how can I set eset enpoint av clients to updates from external eset update servers directly instead of internal server due to some error on server? Can it set like ver5 just key in user name and pw on each clients?
Answer is yes. You can actually input the lic file and the username/password into a policy and all the clients will have the credentials for ESET entered into themselves and the setting for Choose best server, will allow the clients to go to ESET servers, hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN332
-
Hi Larry, just an FYI
hxxp://www.flight1.com - This is not a secure website.
If it were secure it would be like this https://www.flight1.com
and if you go to the web server or site on port 443, it tells you its not an encrypted sight.
You can still get malware and viruses from secure sites, secure only means the connection between you and the website is encrypted and theoretically or mostly no one can intercept your traffic to and fro.
For your activation problem, what you could do is have a moderator here check your license for validity. If it is not a valid license, then you have to purchase or if you already did through ESET Thailand, then you have to receive support from them or the distributor/partner/sales person who you bought from.
ESET's headquarters are located in Slovakia and USA. There are 5 other offices in different regions and contact info here : hxxp://www.eset.com/int/about/contact/
Here is all partners / distributors , areas : hxxp://www.eset.com/int/partners/find/
If you did not purchase through the main website, whichever partner you bought from has to provide support for you.
You can't phone an office in another country and get support, unless you purchased from that region.
However you could always receive support from the main offices if your license is valid.
There have been times when licenses have been invalid, or wrongly sold, or even mistakes where partners were not given authentic licenses.
They usually lose their partnership or are dealt with accordingly once recognized.
As far as these support forums go, we are here for anyone using ESET products in any country, but its free help, and there is only so much we can do unless you are in our area as well.
As a partner myself, I could help with license issues if you lived in the south central area of the US, no where else am i allowed to support with license issues etc,
i have to defer to a moderator or someone in your area also !
Hope you get everything resolved.
The most help i could give is maybe a trial for your frustrations.
If i were you, Protecting your PC is paramount, and i would uninstall ESET that won't activate, and reinstall with a new download Trial for now so you get the full protection at least till this is sorted out, respectively !
When reinstalling just choose trial. You will have a 100% activated product and fully functional.
Regards
-
Thanks foneil !!
-
Here is the v6 manual
hxxp://download.eset.com/manuals/eset_era_6_userguide_enu.pdf
Page 9 Discusses the proxy
Page 34 Proxy server component install
Page 39 HTTP proxy install
-
With Endpoints it works like the same as if you did this with File Security.
See attached picture
I as well am still using version 5 and the mirror was created on several of my networks using the feature in ERA5.
-
Laptops and devices that leave your LAN, will not receive updates if you have the mentioned cache setup, or a mirror for that matter, as the Local IP of your server is what goes in the clients.
However for all the clients that leave the premise and are abroad, you can set a policy for those to update server = [autoselect] and when they leave or go offsite they will get updates from ESET servers.
When they return you can change their policy or settings back to the local server IP to begin receiving updates locally instead of leaving the dmz and going in/out as internet traffic.
-
Hello again
reviewed below:
Running processes
"Module" = "c:\windows\system32\crypserv.exe" ( 5: Unknown ) ; CrypKey NT Service ; Kenonic Controls Ltd. ;
See the following links related to this service:hxxp://www.isthisfilesafe.com/company/Kenonic%20Controls%20Ltd._details.aspx
hxxp://www.isthisfilesafe.com/product/CrypKey%20Software%20Licensing%20System_details.aspx
So please make sure this process is legitimate
Network connections
I advise with removing your sysinspector log from this public forum as it contains information that normally would not be shared with the public.
"admin.exe" = "192.168.1.2 shows a connection to a server and the port number to connect on. This should be kept private.
Programsshop/account/admin.exe
Important Registry Entries
I can also see your AutoKMS , please understand that piracy is forbidden as a discussion here and no links or info etc regarding should be discussed.
However keep in mind that searching and downloading cracks and torrents for software that should be paid for will certainly lead to viruses and malware on your hunt, this may have been where your problem came from.
Not necessary AutoKMS, but maybe similar.
The following key loads a vbscript, that sits in Appdata, i have no clue what is coded in that VBS file, but it would be worth a look to see if it is causing problems.
"Key" = "HKU\S-1-5-21-619436963-3875522305-764751383-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" ( 5: Unknown ) ;
It resides in a folder labeled "1" , which is a pattern that malware has used in the past. However i noticed your username is 1 or the PC at least is 1-PC.
"iexplore" = "wscript.exe //B "C:\Users\1\AppData\Roaming\Internet Explorer\\iexplore.vbs"" ( 5: Unknown ) ; ; ;
You have several BHO's listed in the registry as well, one that also says redirect:
"Default" = "URLRedirectionBHO" ( 5: Unknown ) ;
Might want to reset your browser to default and clear out any BHO's you might find in the registryHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
This is a suspicious Shell Open Command
"Default" = ""C:\Program Files\AutoRun Maker\AutoRun Maker.exe" "%1"" ( 5: Unknown ) ; AutoRun Maker ; Abhishek ;
Under this key :
"Key" = "HKLM\SOFTWARE\Classes\BB FlashBack Player.Document\shell\open\command" ( 5: Unknown ) ;
I find the following :
"Default" = "㩃停潲牧浡䘠汩獥䉜畬扥牥祲匠景睴牡履䉂䘠慬桳慂正䔠灸敲獳㔠䙜慬桳慂正倠慬敹硥┢∱" ( 5: Unknown ) ;
This needs to be removed ^Is Kelk 2000 a good program ? I also see that in the registry.
Look for a DllDirectory in your system32
"DllDirectory" = "%SystemRoot%\system32" ( 5: Unknown ) ;
Not sure if that is good or bad.Have to also question this entry, Is this the Hyena Tool for AD ? hxxp://www.systemtools.com/HyenaHelp/introduction.htm
"Key" = "HKLM\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}" ( 5: Unknown ) ;
"DriveMask" = "0x20 (32)" ( 5: Unknown ) ;
Here is the Crypkey not only as a process but a service as well :
"Crypkey License" = "crypserv.exe" Automatic ; Running ; ( 5: Unknown ) ; CrypKey NT Service ; Kenonic Controls Ltd. ;
Drivers
The following driver is suspicious, do you know what it is for ?
"NetworkX" = "c:\windows\system32\ckldrv.sys" System ; Running ; ( 5: Unknown ) ; ; ;
EVENT LOGS
I found these two entries to be suspicious:
"Entry" = "Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, direct connection. trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.
Send request returned 0x80072ee7" 27/12/2014 13:02:52 ;"Entry" = "Product: ESET NOD32 Antivirus -- Error 1922. Service 'ESET Service' (ekrn) could not be deleted. Verify that you have sufficient privileges to remove system services." 25/12/2014 13:25:26 ;
Were you trying to uninstall ESET ? Or was this an outside source trying to remove the service or attack ESET?
Your system logs have thrown the following error :
"Entry" = "The driver detected a controller error on \Device\Harddisk1\DR1." 11/12/2014 11:52:06 ;
Files
"Linked to" = "Important Registry Entries -> Shell Open Commands -> HKLM\SOFTWARE\Classes\.amsf\shell\open\command -> "C:\Program Files\AutoRun Maker\AutoRun Maker.exe" "%1""
hxxp://www.isthisfilesafe.com/company/Abhishek_details.aspx
Abhishek has several files floating around that are harmful. They even have a couple file extension changers, which sounds like a probably cause of the issue you are facing.
"Linked to" = "Important Registry Entries -> TypeLibs -> HKLM\SOFTWARE\Classes\TypeLib\{4F9C41AB-1074-4AE8-992F-1C856F676877}\2.0\0\win32 -> C:\Users\1\AppData\Local\Temp\Excel8.0\MSForms.exd"
MSForms.exd Not sure if this file is safe or not, as ESET lists it as unknown. The location is strange.... appdata
"Linked to" = "Important Registry Entries -> Standard Autostart -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Windows\AutoKMS.exe"
"Linked to" = "Important Registry Entries -> TypeLibs -> HKLM\SOFTWARE\Classes\TypeLib\{ADD29A64-3096-4E72-AD8E-12EB238A6D2A}\1.2\0\win32 -> C:\Users\1\AppData\Local\Temp\VBE\RefEdit.exd"
"Linked to" = "Running processes -> admin.exe -> c:\program files\programsshop\accountant\admin.exe"The accountant program that we discussed previous which listed connections and showed server ip and port etc.
"Linked to" = "Running processes -> admin.exe -> c:\program files\programsshop\accountant\psptf.dll"
"Linked to" = "Important Registry Entries -> Standard Autostart -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> wscript.exe //B "C:\Users\1\AppData\Roaming\Internet Explorer\\iexplore.vbs""
-
Hello,
In-case you were unable to submit the log per instructions.
I took the opportunity to go through it really quick.
My response following will detail everything i would double check on my own machine if found.
I advise against solely taking my advice, and wait for an ESET moderator or employee to review as well, and make sure there is not more.
They are the experts, they are the ones who developed Sysinspector. I defer to them on any questions related.
-
Root can also be called the most parent directory of a drive or system/OS file system.
-
-
Did you check the server was listening and allowing ports for rdp after the install ?
Are you using port 3389 ?
So your port forwarding on your router from outside your dmz is not working after installing file security ?
hmmm
-
Can create EAV trials, NFR trials, and EAV trials.
-
Yes partners can create trial licenses if you need one.
Depending on what region your in, if your looking at the home products i would let you trial 1 maybe 2 for 1 month. It to me is enough to experience on 1 computer, the goal is to see if its a good product and good fit for you.
In the business side of things you get a lot more options, like trial for 10 workstations with Era and file security for 1 or 2 months.
There is a lot of license misuse in the past, and ESET has started to implement measues to combat this misuse of trials etc.
Partners and distributors, while the goal is to bring in more people to try and use ESET products, we have rules in place, but are to do what we can within reason to bring in legitimate customers.
-
Hello,
I am not sure File security protects on the network level, or blocks connections; however, a good question to ask is, have you enabled protocol filtering in the advanced setup?
-
If its compressed it will not be 550 mb
memory dumps compress at like 200-300%
So if it were 550mb it would compress down to like 25mb or less, i dont know the algorithm, but thats how it works.
Take the .DMP file and zip it using 7zip or winzip.
-
Hello Charli
I have to agree halfway, Yes Norton is unfortunate, and if you have ever met the guy, he is not the professional type.
If i had to choose a 3rd party for ESET i would choose SOS online backup, which is the same one Malwarebytes uses. I currently have a yearly subscription.
However i do have to state that Norton has an awesome research team, and their business, and enterprise areas of Norton are top notch.
Altiris is a very good deployment and management software, Norton security software usually catches majority of threats.
The side of Norton i am not to fond of is their home products and related.
ESET usually benefits more with 3rd party and partnerships, so if they develop their own backup software, and build their own data center for hosting, it will be long long into the future before that happens, because they concentrate most of their efforts on their software, security research, and support, rather than adding additional software and resources onto their plate.
[MERGE] Server 2012 R2 Backup and ESET File Security - Failure Compacting Virtual Hard Disk
in ESET Products for Windows Servers
Posted
Rugk makes good and correct points.
In addition, Nod32 should not be run on windows server.
File security is what you should be using, because it is preconfigured by ESET for a server, and to exclude important services servers use, right away by default.
Please let us know if you need assistance making the switch.