Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by schuetzdentalCB

  1. Too early for me...just deactivated network adapter and it still directly isolates the testclient. so it looks like its working how it should no waiting for protect server needed
  2. Hi, is it correct that a Client Task which should start an Network Isolation with a Trigger that reacts on Event-Log Criteria, is processed directly on the client without waiting for feedback of ESET Protect Server? - It looks like that for me. (Would be great if im right because so i can diretly isolate a client which has found malware on it (so in case it still starts ransomware and eset detects it after a few moments it can't spread over the network...even if our network system shouldn't be vulnerable for this network spread stuff.. but i like to build some extra protections..you never
  3. What i'm doing atm is: HIPS Rules which are denying any execution from explorer.exe and then an additional rule which allows explorer.exe to start mspaint.exe, winword.exe, and so on. (not 100% bulletproof, but a good way to restrict the normal user) - you can use this for any kind of applications and executions. restrict starting executables out of an winrar archive, - maybe this helps you.
  4. Include BadUSB Prevention like G Data's USB Keyboard Guard. That would be cool. It scans all connected devices and after that, every other/new connected usb device will need to be allowed manually. user interaction or by eset protect backend.
  5. When restarting a Client by sending a restart task, the client is killed without giving the client the chance to save any files. would be great to extend the restart feature with some kind of "choose time after restart will be executed and show a message box". atm i just create a "run command" task with shutdown /r /t *time* /c "pc will be restarted in x minutes" running under C:\ but maybe it would be a useful feature for other customers.
  6. Funny thing is if you remotly install older Endpoint Security/Antivirus Version it's working. (for me) - i have the same issue but with the newest Endpoint Security Version.
  7. Maybe something interesting regarding the secure browser feature: Trojan's with implemented Keylogger Function like the QuasarRAT can still record input from eset's secured browser window. - or maybe i misunderstand this function and its only protecting against hardware keyloggers?
  8. hey, just found this new Feature in my ESET Security Management Center when editing client policies for Eset Endpoint Security: Looks like that this feature is not recognized by the clients? Endpoint Security itself doesn't have that menu feature when checking directly on client. also theres nothing happening when adding a protected website? is it some beta stuff?
  9. Hi, why is it that eset is able to block acces to smb share and c$ adminshare but its not working when using the hostname \\hostname\...? its even not logging the event when using hostname instead of local ip. also when using custom ids rule which says block admin share acces its not working. i know i could block it on remote pc/server site but im just curious about this.
  10. Hey, is anyone having an idea how to use eset hips to prevent google chrome from saving .html files to the local harddisk? most download links like from wetransfer are not using a direct link to the downloadable file like wetransfer.com\dl\sample.html which could be blocked by webcontrol easily. is hips able to work with wilcard paths like *.*.html like the webcontrol module? in my tests it wasn't responding to this. so i think no.. sometimes there are incoming mails with legit wetransfer or dropbox download links which then just download a .html file with some stupid phising content
  11. Do you have SSL/TLS Filtering enabled? And on the same Policypage "add root cert to browser" - Function Enabled? I think ESET needs to work with its own browser cert to decrypt browsed https pages.
  12. no idea? - already tried to reinstall the whole ESLC appliance but stillt 122 pending updates with same error after a few seconds.
  13. Hi, already googled it but cant find any real answer to my problem. as there is no SSH available in ESET Shared Local Cache i cant do anything attached please find a screenshot with the error. already checked: firewall is not blocking update servers/repos, internet access working fine on the machine, mounted vmware tools .iso over vsphere to the machine because of the error message but that did not change anything. update task from ESMC is also not working. best regards maybe anyone knows how to fix this or i re-install the VM. Christian
  14. Today ESET marked the same File which looks like something as an microsoft update as a trojan on 3 PC's. - Maybe someone can tell me something about this? Looks Like False Positive to me. Threatname: XML/Runner.M Hash: B885CB1F1F93D57B56F07EF5789AECA4CA170336 file:///C:/Windows/servicing/LCU/Package_for_RollupFix~31bf3856ad364e35~amd64~~18362.535.1.6/amd64_microsoft-onecore d..ectxdatabaseupdater_31bf3856ad364e35_10.0.18362.387_none_8b2d87237c70998c.manifest THX
  15. hi, just a short question. if eset endpoint with activated EDTD configured like above, is it really blocking .exe, .bat, and so on until its analyzed by EDTD? in my test with an unkown file i was still able to execute it after download over chrome browser. (edtd was still checking the file online at this moment). - what is eset doing to prevent a user from running an unkown file? changing nfts permissions or something like this?
  16. Something else which would be awesome is some kind of Application Whitelisting Function. - Like Windows AppLocker or this McAfee Application Control which allows Whitelisting Applications and deny everything else on a client system to run.
  17. Hi, i forwared a javascript file which came zipped and packed in a .vhd File by Mail to the ESET Threat Defense to let it be scanned. - Did not took that long to recognize it as crypto.trojan malware...the test client with ESET Endpoint Security and also activated Dynamic Defense License is not recognizing this file as malware. (scan result is still: clean). EDTD Scan: https://d.edtd.eset.com/details?hash=5A9DA791E9A2A1FF87A11C2F5E2862D0FE8719D9&key=3905694752422291548&lang=de_DE&era_ver=7.0 JS File: https://www.virustotal.com/gui/file/94450fb4e7d4e8a1c03e52d69081868
  18. Description: Automatic Client Isolation Detail: So if ESET Performs a System Scan and finds an infected process which was not recognized before, it could automatically block every kind of network action of this infected client. (internal and external network traffic). - And send some Information about the outbrea to the Eset Management Platform.
  19. Doesn't look like it has been fixed. - Getting several Notifications of Blocked Powershell Scripts by EDTD on many Clients. - Maybe you guys can check again? 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\RS_SyncSystemTime.ps1 contains Blocked EDTD. 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\TS_InaccurateSystemTime.ps1 cont
  20. Hi, sure: (some of them) file:///C:/Users/sha/AppData/Local/Temp/SDIAG_bd6bcd71-2578-4123-9e81-0c15a3c74516/TS_VolumeErrors.ps = BE920097E915073F14C3CF55A73D4DBA46AC4619 file:///C:/Users/sha/AppData/Local/Temp/SDIAG_bd6bcd71-2578-4123-9e81-0c15a3c74516/RS_SyncSystemTime.ps1 = 5C3C15B6CE9ACBFC5E35CD124CD3DD06F641F05B file:///C:/Users/vc/AppData/Local/Temp/SDIAG_123bc112-fbad-4c74-8d26-9a5a5d4b8ad1/TS_InaccurateSystemTime.ps1 = C1B6134AA7F1A8D0E3C7903B871568457B392EB6 file:///C:/Users/ba/AppData/Local/Temp/SDIAG_a497407a-985c-491d-a73f-96ec38ea299c/RS_UserDiagnosticHisto
  21. Hey, just wondering why EDTD is blocking all of this PowerShell Files: C:\Windows\TEMP\SDIAG_0d3c5bbe-38ba-44cc-9320-c03504ed0553\TS_VolumeErrors.ps1 contains Blocked EDTD. (Happens on a lot of Clients here). - Same File. Google told me that it is created by Windows. False Positive or something to do here? Thank's
  • Create New...