schuetzdentalCB
Members-
Posts
127 -
Joined
-
Days Won
1
Everything posted by schuetzdentalCB
-
Future changes to ESET Endpoint programs
schuetzdentalCB replied to Aryeh Goretsky's topic in ESET Endpoint Products
Something else which would be awesome is some kind of Application Whitelisting Function. - Like Windows AppLocker or this McAfee Application Control which allows Whitelisting Applications and deny everything else on a client system to run. -
ESET Dynamic Threat Defense: Reaction Time
schuetzdentalCB replied to schuetzdentalCB's topic in ESET Endpoint Products
okay, thank you -
Hi, i forwared a javascript file which came zipped and packed in a .vhd File by Mail to the ESET Threat Defense to let it be scanned. - Did not took that long to recognize it as crypto.trojan malware...the test client with ESET Endpoint Security and also activated Dynamic Defense License is not recognizing this file as malware. (scan result is still: clean). EDTD Scan: https://d.edtd.eset.com/details?hash=5A9DA791E9A2A1FF87A11C2F5E2862D0FE8719D9&key=3905694752422291548&lang=de_DE&era_ver=7.0 JS File: https://www.virustotal.com/gui/file/94450fb4e7d4e8a1c03e52d69081868de969f773a571334102e068375e58d3fd/detection I let download my clients signature updates every 60 Seconds. How long will it take to recognize this critical malware on the clients? would eset stop the file execution maybe on runtime? atm i setup a VM Environement to check this and for later files which are trying to crypto the company
-
Future changes to ESET Endpoint programs
schuetzdentalCB replied to Aryeh Goretsky's topic in ESET Endpoint Products
Description: Automatic Client Isolation Detail: So if ESET Performs a System Scan and finds an infected process which was not recognized before, it could automatically block every kind of network action of this infected client. (internal and external network traffic). - And send some Information about the outbrea to the Eset Management Platform. -
EDTD - Powershell Scripts
schuetzdentalCB replied to schuetzdentalCB's topic in ESET Endpoint Products
Doesn't look like it has been fixed. - Getting several Notifications of Blocked Powershell Scripts by EDTD on many Clients. - Maybe you guys can check again? 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\RS_SyncSystemTime.ps1 contains Blocked EDTD. 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\TS_InaccurateSystemTime.ps1 contains Blocked EDTD. 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\RS_RemoveUnusedDesktopIcons.ps1 contains Blocked EDTD. -
EDTD - Powershell Scripts
schuetzdentalCB replied to schuetzdentalCB's topic in ESET Endpoint Products
Hi, sure: (some of them) file:///C:/Users/sha/AppData/Local/Temp/SDIAG_bd6bcd71-2578-4123-9e81-0c15a3c74516/TS_VolumeErrors.ps = BE920097E915073F14C3CF55A73D4DBA46AC4619 file:///C:/Users/sha/AppData/Local/Temp/SDIAG_bd6bcd71-2578-4123-9e81-0c15a3c74516/RS_SyncSystemTime.ps1 = 5C3C15B6CE9ACBFC5E35CD124CD3DD06F641F05B file:///C:/Users/vc/AppData/Local/Temp/SDIAG_123bc112-fbad-4c74-8d26-9a5a5d4b8ad1/TS_InaccurateSystemTime.ps1 = C1B6134AA7F1A8D0E3C7903B871568457B392EB6 file:///C:/Users/ba/AppData/Local/Temp/SDIAG_a497407a-985c-491d-a73f-96ec38ea299c/RS_UserDiagnosticHistory.ps1 = CB67BDDD6C00E37386C5C92F1DC18C21F7F46C9F file:///C:/Users/c4/AppData/Local/Temp/SDIAG_d4f231be-748c-4098-9eca-fb0877f6cde1/RS_MachineWERQueue.ps1 = 568F6170ECAA7851B8707D43658EFC4E44F571BD -
Hey, just wondering why EDTD is blocking all of this PowerShell Files: C:\Windows\TEMP\SDIAG_0d3c5bbe-38ba-44cc-9320-c03504ed0553\TS_VolumeErrors.ps1 contains Blocked EDTD. (Happens on a lot of Clients here). - Same File. Google told me that it is created by Windows. False Positive or something to do here? Thank's
-
ESET Dynamic Threat Defense question...
schuetzdentalCB replied to schuetzdentalCB's topic in Malware Finding and Cleaning
hi, i see. that's what i thought. thank you -
I found a Mail in my inbox with a docx Attachment which is obviously infected with Malware. This is what Virustotal tells me: https://www.virustotal.com/#/file/b1ac6a3d54113c316e71fe28f3e92891a620dd29868a7a0620155e3811c70514/detection This is the ESET Dynamic Threat Defense result... https://d.edtd.eset.com/details?hash=2F7C8C4FD471416F6FF45836C7F117D85A04AFF6&key=17976036267020717378&lang=de_DE&era_ver=7.0 Its one of thoses (This Document is protected Files which you have to click on to run some Macro Code or redirects you to a webpage)... I thought ESET Dynamic TD is checking such manually uploaded files by person and not only by some software??
-
Looks like there is no fix for this atm...we will have to wait. :(
-
me2. I think the main problem is within the SSL/TLS Filtering somewhere. If you let Web Filtering active and only deactivate SSL/TLS it still works as normal. Added a image to my post here: Only if you disable the whole function it works fine again. only disable one of those three options down there wont bring anything for me. maybe this helps you. (at this moment when its working, the Web and Mail Filtering is still enabled).
-
Also disabling quic in chrome config didn't changed anything. just tried it out.
-
FYI Web Protocollfiltering is slowing down the Internetaccess. Site loads many many seconds up to a minute. I added exlusion for C:\Program Files (x86)\Google\Chrome\Application\chrome.exe this helped. But not really the best way i think Before upgrade to the newest Version of ESET it worked fine.
-
hi, i can't activate a second windows server 2012 r2 server. era activation isnt working and manual activation over the eset security admin acc isnt working too. i get the ERROR ACT.23 (cant find it in the FAQ) - I already have a ESET File Security installation activated in my environment. 6.5.12010.0 Up-to-date version de_DE 25.09.2017 15:06:49 - During execution of Kernel on the computer SD-SRV-30, the following event occurred: Aktivierung fehlgeschlagen: Das Security Admin-konto enthalt keine Einheitenverteilungen, die zur Aktivierung des Produkts geeignet sind.