Mauricio Osorio gave kudos to Marcos in I cannot apply an exception to a device control rule
Both leading and trailing spaces matter. I recollect this should change soon and they should be ignored.
I'd recommend creating a rule on a workstation with the removable medium connected and selecting "Populate" in the Device Control rule editor. This will enable you to create a rule exactly based on the medium properties. You can then retrieve the configuration of Endpoint via the ESET PROTECT console and convert it to a policy.
Mauricio Osorio gave kudos to kurco in EFS installation does not work
Hi Mauricio Osorio,
from that attached screenshot, it look like your machine doesn't have enough free space to successfully complete installation with all necessary dependencies. Look at line 7 in screenshot "No space left on device", probably issue of some of yours mount point (maybe this one /dev/xvda3, it's 100% full)
There is nothing much to see in exported logs. But what I can see there, are missing installation files and incorrect permissions of installed files.
Mauricio Osorio received kudos from MartinK in Database server connection is not working
I think I found the problem and it really is not technical, the problem is with the translation into Spanish from Latin America. Let me show you:
In the latin american user guide, you can see this instructions:
Highlighted in yellow you can see that it indicates that for Linux MySQL version 8, the parameter log_bin_trust_function_creators = 1 must be added or modified. But it is indicated only for Linux environments. In the English manual this option is not conditioned to Linux:
As I was working in a Windows environment, I chose not to make this modification, because the manual indicated that it should only be done in a Linux environment. Just to discard I decided to make the change and everything works correctly.
Thank you very much for your collaboration and if you can please change the manual (Latin America Spanish) in this section as it may cause confusion.
Mauricio Osorio gave kudos to Marcos in Ransomware SDEN
Files were encrypted by Filecoder.LockedFile. According to the logs, there were about 170,000 failed attempts to log in via RDP as "administrator" and alike in approx. one day when the encryption occurred. Also an older version of EFSW 6.5 without Ransomware shield was installed.
The OP was informed and improvements in protection were suggested.
Mauricio Osorio gave kudos to MartinK in Migration Case
Yes, it is possible, but you have to be careful as it might result in inability of AGENT to connect even to their original ESMC.
Roughly you have to:
choose new ESMC (i. e. one of existing, or install completely new ESMC) -> I will reference it as "primary ESMC" ensure that ESMC's peer certificate (as set in server settings) contains all required hostnames (or wildcard *), so that AGENTs can connect using various hostnames/IP address. export CA certificate from "primary ESMC". It has to be CA certificate that has been used to sign certificate used for incoming connections, set in server settings. import CA certificate from previous steps into all original ESMC instances. export CA certificates from all original ESMC instances and import them into "master ESMC". in this moment, all connecting AGENTs should have all 6 CA certificates (5 original + 1 from new ESMC), which means that they can connect to master ESMC, as they will trust it's certificate. This works also other way around -> master ESMC will trust all original AGENT certificates, which means it will accept connections of AGENTs from all previous instances. In each original ESMC instance, create new configuration policy for "ESET Management Agent" and specify servers to connect to in a way that list of hostnames is used, where first in list is hostname of master ESMC, and second is hostname of original server. This is just to be sure that in case AGENT cannot reach new hostname, it will be still connecting to original ESMC. In case hostname will be the same for all AGENTs, you can simplify process by export/import capability. Policies should be assigned to all clients. From this moment, AGENTs should start connecting to master ESMC. You could optionally create policy for "ESET Management Agent" which changes list of server to connect to and AGENT peer certificate so those available in master ESMC, so all remnants of original ESMC servers is removed.