Jump to content

droezel

Members
  • Content Count

    5
  • Joined

  • Last visited

Profile Information

  • Location
    Belgium
  1. More info about the IP's: https://www.robtex.com/ip-lookup/91.228.166.52 https://www.robtex.com/ip-lookup/38.90.226.11
  2. Since the last days our Palo Alto firewalls are detecting DNS traffic from ESET nameservers as "DNS Tunnel Data Infiltration Traffic". Traffic DNS udp over port 53... More info on this threat type: https://threatvault.paloaltonetworks.com/?query=18003 Does anyone have an idea about what's going on? And what will be broken now because probably some DNS queries aren't resolving...
  3. I have 3 Enterprise Inspector agents that show a critical error: Missing or invalid SSL certificate or certificate authority. Is there any easy way to fix this? Or will I have to uninstall/install the agent again?
  4. We're test driving Enterprise Inspector and at the moment I have more than 250 clients sending events to EEI, off course there's a lot of noise and I'm adding exclusions for normal application behaviour. I'm noticing that a lot of my exclusions do not work and the events that I want to exclude are just showing up again. Example exclusion for Process from SysWOW64 started by unpopular process [a0416] And still the event keeps showing up as warning: The signer and computernames match up, so I don't see any reason why... Any way to troubleshoot this?
  5. Is there any update on this issue? Almost all my clients are mobile devices that connect through WiFi, Wired Lan, Internal Mobile Broadband and have a Direct Access VPN tunnel to the office... I am getting duplicates daily and I am getting tired of manually deleting these duplicates. Some devices have more than 10 duplicates sometimes so I doubt it will be because of the MAC address...
×
×
  • Create New...