schuetzdentalCB

Something else which would be awesome is some kind of Application Whitelisting Function. - Like Windows AppLocker or this McAfee Application Control which allows Whitelisting Applications and deny everything else on a client system to run.

okay, thank you

Hi, i forwared a javascript file which came zipped and packed in a .vhd File by Mail to the ESET Threat Defense to let it be scanned. - Did not took that long to recognize it as crypto.trojan malware...the test client with ESET Endpoint Security and also activated Dynamic Defense License is not recognizing this file as malware. (scan result is still: clean). EDTD Scan: https://d.edtd.eset.com/details?hash=5A9DA791E9A2A1FF87A11C2F5E2862D0FE8719D9&key=3905694752422291548&lang=de_DE&era_ver=7.0 JS File: https://www.virustotal.com/gui/file/94450fb4e7d4e8a1c03e52d69081868de969f773a571334102e068375e58d3fd/detection I let download my clients signature updates every 60 Seconds. How long will it take to recognize this critical malware on the clients? would eset stop the file execution maybe on runtime? atm i setup a VM Environement to check this and for later files which are trying to crypto the company

Description: Automatic Client Isolation Detail: So if ESET Performs a System Scan and finds an infected process which was not recognized before, it could automatically block every kind of network action of this infected client. (internal and external network traffic). - And send some Information about the outbrea to the Eset Management Platform.

Doesn't look like it has been fixed. - Getting several Notifications of Blocked Powershell Scripts by EDTD on many Clients. - Maybe you guys can check again? 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\RS_SyncSystemTime.ps1 contains Blocked EDTD. 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\TS_InaccurateSystemTime.ps1 contains Blocked EDTD. 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\RS_RemoveUnusedDesktopIcons.ps1 contains Blocked EDTD.

Hi, sure: (some of them) file:///C:/Users/sha/AppData/Local/Temp/SDIAG_bd6bcd71-2578-4123-9e81-0c15a3c74516/TS_VolumeErrors.ps = BE920097E915073F14C3CF55A73D4DBA46AC4619 file:///C:/Users/sha/AppData/Local/Temp/SDIAG_bd6bcd71-2578-4123-9e81-0c15a3c74516/RS_SyncSystemTime.ps1 = 5C3C15B6CE9ACBFC5E35CD124CD3DD06F641F05B file:///C:/Users/vc/AppData/Local/Temp/SDIAG_123bc112-fbad-4c74-8d26-9a5a5d4b8ad1/TS_InaccurateSystemTime.ps1 = C1B6134AA7F1A8D0E3C7903B871568457B392EB6 file:///C:/Users/ba/AppData/Local/Temp/SDIAG_a497407a-985c-491d-a73f-96ec38ea299c/RS_UserDiagnosticHistory.ps1 = CB67BDDD6C00E37386C5C92F1DC18C21F7F46C9F file:///C:/Users/c4/AppData/Local/Temp/SDIAG_d4f231be-748c-4098-9eca-fb0877f6cde1/RS_MachineWERQueue.ps1 = 568F6170ECAA7851B8707D43658EFC4E44F571BD

Hey, just wondering why EDTD is blocking all of this PowerShell Files: C:\Windows\TEMP\SDIAG_0d3c5bbe-38ba-44cc-9320-c03504ed0553\TS_VolumeErrors.ps1 contains Blocked EDTD. (Happens on a lot of Clients here). - Same File. Google told me that it is created by Windows. False Positive or something to do here? Thank's

hi, i see. that's what i thought. thank you

I found a Mail in my inbox with a docx Attachment which is obviously infected with Malware. This is what Virustotal tells me: https://www.virustotal.com/#/file/b1ac6a3d54113c316e71fe28f3e92891a620dd29868a7a0620155e3811c70514/detection This is the ESET Dynamic Threat Defense result... https://d.edtd.eset.com/details?hash=2F7C8C4FD471416F6FF45836C7F117D85A04AFF6&key=17976036267020717378&lang=de_DE&era_ver=7.0 Its one of thoses (This Document is protected Files which you have to click on to run some Macro Code or redirects you to a webpage)... I thought ESET Dynamic TD is checking such manually uploaded files by person and not only by some software??

Looks like there is no fix for this atm...we will have to wait. :(

me2. I think the main problem is within the SSL/TLS Filtering somewhere. If you let Web Filtering active and only deactivate SSL/TLS it still works as normal. Added a image to my post here: Only if you disable the whole function it works fine again. only disable one of those three options down there wont bring anything for me. maybe this helps you. (at this moment when its working, the Web and Mail Filtering is still enabled).

Also disabling quic in chrome config didn't changed anything. just tried it out.

FYI Web Protocollfiltering is slowing down the Internetaccess. Site loads many many seconds up to a minute. I added exlusion for C:\Program Files (x86)\Google\Chrome\Application\chrome.exe this helped. But not really the best way i think Before upgrade to the newest Version of ESET it worked fine.

perfect!!! thank you very much. adding domain pcs worked.

but then i can't collect the files over network - the first one with network path is a good idea but its not working. is eset creating logs which i could check to find out whats happening? ERA tells me the task was successfull but nothing stored in the network path. thanks

thanks. thats a great idea. unfortunately this is not working. i think the user which is used from eset to run the batch file doesn't have access to the network share. is there any workaround? best regards

Hey, am i able to check in ESET ERA if a System which is controlled by Endpoint Security has a logged in user with adminrights? i know i can grab windows systemlog etc. but i didnt found out where or if its possible to see if a user has local admin rights. thanks for any idea.

maybe the software is using a special port which you can block? i have seen no function to block only a process in eset firewall rules without the absolute path to the process

hmm okay. but i was able to activate another File Security Server with that license? will ask my reseller. thank you

Hi, thanks. Public ID is: 33D-4AX-R94 The Server is a normal Windows Server 2012 R2 installation. Connected to our Company Domain. Its not configured as a Terminal Server. The Server only runs our CRM System (Server is 3-4 Days old).

any ideas?

hi, i can't activate a second windows server 2012 r2 server. era activation isnt working and manual activation over the eset security admin acc isnt working too. i get the ERROR ACT.23 (cant find it in the FAQ) - I already have a ESET File Security installation activated in my environment. 6.5.12010.0 Up-to-date version de_DE 25.09.2017 15:06:49 - During execution of Kernel on the computer SD-SRV-30, the following event occurred: Aktivierung fehlgeschlagen: Das Security Admin-konto enthalt keine Einheitenverteilungen, die zur Aktivierung des Produkts geeignet sind.

Just for some more information: The error appears under the windows user? NT-Authority. Thats what i can see in the error log in eset. i will post the logfile next week.

hi, okey i will do that. thanks

Im using Update Type "Regular" Choose Update Server: Automatically Should i create a update mirror?? because that is deactivated at the moment. thanks