Jump to content

Daveywilks

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Posts posted by Daveywilks

    Service account / Shortcut scanning

    in ESET Endpoint Products

    Posted

    I have two issue and I'm hoping to solve one with the other.

    I have been auditing my fileserver access (with a product called FileServer+ from ManageEngine). 
    It is throwing up a lot of READ DENY but from machine accounts rather than user accounts.

    On closer inspection it would seem that ESET is reaching out roughly every 3 minutes and trying to look at and the target of any shortcuts the user currently has visible in Windows Explorer mostly the Desktop.

    So I have two solutions to this, find out how to stop ESET from scanning the shortcuts. I have already disabled the scanning of mapped drives but I'm reluctant to exclude the entire fileserver path as more scanning can only be a good thing. The other solution would be to run the ESET service using a domain based service account that has rights to the shares on the server but I don't know how to change the service.

    Anyone have any ideas? 

    Thanks in advance,

    Dave

    SSL filtering behind a firewall / proxy

    in ESET Endpoint Products

    Posted

    I'm tightening up the web security at our business. I started by implementing Protocol filtering (regular and SSL)  and web control.

    I've moved on to add a squid proxy server (nothing to do with ESET) on our gateway and then blocking direct outbound access from the clients.

    When I do this ESET's SSL filtering breaks SSL connections in Internet Explorer, interestingly Chrome still works.

    If I allow direct access to the following addresses outbound through the firewall....

    proxy-detection.eset.com 38.90.226.28
    91.228.166.91
    91.228.167.91

    the SSL filtering works again. I found this out by monitoring the gateway firewall logs.

    I suppose my question is.... is there any way to proxy these connections and/or shouldn't these checks be done by or through the local remote administration server?

    I hope this makes some sense,

    Cheers,

    Dave.

×
×
  • Create New...