jdashn received kudos from aparker in Lets Encrypt Internal Blacklist block
As of this morning i'm getting a lot of alerts across the orginization for:
For each alert the last bit of the address changes, but this part is the same:
They all also have a target address of :
Just wondering if there is more information on this, what might be causing it, if this is an indicator of a primary infection, etc.
jdashn received kudos from AnnaJuist in Eset Blocking Chromecast
I am guessing there are parts of what is in pre-release that are more complex to test, and could have further reaching impact than the exclusion of a port for scanning. Which would be why they've not released this 'fix' as it's a part of a larger update package, that is still being tested.
I wonder, though, if this piece could be released to the general codebase, before the testing on the rest of the 'update' is completed. I would guess that you're just going to be doing the exclusion of the ports for scanning on the back end, so pretty simple to test and know is working.
Is this maybe one of those cases where Dev and Testing don't know that this part of the update is turning away home use customers, and causing a lot of consternation among the client base (likely a TON more than what you see here, we all know in support you only ever get 1% of complaints via forums, or email -- easier to buy a new product than complain). Heck maybe if Dev and Testing knew they'd be able to put this available for release, but I can't see that with a fully functional forum like this that the moderators here aren't regularly working with dev/test and letting them know of the daily buzz on the forums (heck a few might even have accounts and read?).
I'd imagine that releasing a portion of an Update is relatively simple, seeing as how everything has been made more modular with eset, but honestly I dont know how development works here, could be that to uncouple this update from others would mean far more work and delays in other areas. Could be that a large enterprise customer is asking for a feature, and that has been fast-tracked, and other projects have to wait.
I guess really what i'm saying is that who knows why it's taking so long, yes it could be that they're waiting to click that button for no 'good reason' aside from 'thats how we do it' .. or it's a lot more complex than the minimal information that we get via the forums would lead us to believe.
jdashn gave kudos to TomFace in User monitoring
Peter stay on top of it. State clear expectations "formally" (and again DOCUMENT it).
Do not dance around, if you do, nothing will change (and your position will then be on the line).
Build your case carefully, but make it expedient as it's not a matter of if something bad will happen, but how soon will something bad happen. It WILL happen.
It sounds like a small business, but if there is any Union organization there and you have a working relationship, after talking with HR (or the owner), you might consider involving them to gain some leverage and buy-in.
I've been there and done that dozens of times.
It's never easy, but sometimes you have no choice.
jdashn received kudos from TomFace in User monitoring
There are some good free softwares out there for viewing browser history logs, and usb access logs.
I'd just make sure that keeping browser history is enforced via gpo (if you can). Then they can't delete out the logs after each use, keeping you blind to their activities. While you're at it with the GPO, lock down the browsers so they can't install extensions/addins.
You could also lock down (via ESET Device Control) exactly which (down to Serial number, but as broad as make, or model) usb keys' they're allowed to use. I'd also look to disable booting from USB via the bios, and lock the bios with a PW (if you can boot to usb you can run tails or some such with no IT visibility).
And like tom said... document, document, document... Talk to your boss, make sure you're in the clear for the 'watching'.
Is this user an Admin on the computer in question?