Peter Randziak
-
Posts
3,511 -
Joined
-
Last visited
-
Days Won
207
Posts posted by Peter Randziak
-
-
3 minutes ago, Estrelo said:
What you have pinned in the forums is the wrong advice! Servers that haven't rebooted still have the real time protection working. If you reboot you lose malware protection. Rolling back updates does not work.
Tested with Eicar file. Please advise people NOT TO RESTART THE SERVERS until the issue is solved!
Yes I admit that the information provided in the alert was not up to date and accurate. The situation was quite dynamic and new findings were emerging...
As of now, it is up to date https://support.eset.com/en/alert8521-error-during-auto-updates-in-eset-server-security-for-microsoft-windows-server
We apologize for the inconvenience caused.
-
-
Hello guys,
we are checking the issue with the highest priority.
Please provide us with the ESET Log Collector output taken during such problematic state so we can check it.
Peter
-
Hello @delicatho,
Please provide us with an output from ESET Log Collector tool taken during such state so we can check it.
-
Hello @OlafB,
I assume that it is just a misunderstanding.
This seems to be related to End o sales of some of the offerings i.e. not the product themselves.
I may assure you, that the currently deployed products will stay functional according to our EoL policy, available at https://support-eol.eset.com/en/index.html
When it comes to the ESET PROTECT Virtual Appliance, which is currently based on CentOS there will be a communication covering it, but one of the options for our customers will be to migrate to a new ESET PROTECT Virtual Appliance, based on a supported distribution.
Peter, ESET HQ
-
Hello @j-gray,
I may confirm that the development team identified several issues on the macOS management agent and commit fixes for them, so those will be available in the next released version of the management agent.
We apologize for the inconvenience caused by this.
Note for us: P_EP-29414
-
Hello @Andi316,
you are welcome.
As of now it is not possible to schedule the VA scan twice a day. Each scan costs some amount of resources and the VA DB is not being updated that often.
An undocumented work-around to run the scan again is to unassign the policy enabling the VA, this will remove the VA related data from the endpoint and assign it back.
The feature is under development so I assume that more options and things will get covered over time...
-
Hello guys,
O.K. I understand what we talk about now.
The file has been signed by a recognized certificate so it had higher reputation.
The signing certificate had been revoked, so it had been removed from the list of recognized signing certificates.
Our teams are looking into it and checking the underlaying processes speed up recognition of such in the future.@IvanL_5306 thank you for pointing on this, really helpful for us.
Peter
-
Hello @IvanL_5306,
not sure what you mean by
17 hours ago, IvanL_5306 said:This sample is whitelisted by LiveGrid.
however it is being a subject of detection by ESET now, can be checked on VT.
Peter
-
Hello guys,
thank you for the feedback provided.
When it comes to release of the 7.4 to the ESET Repository again, the plan is to do it during this week, I stress the plan 🙂
A hotfix build will be released, i.e. not just the version, which was there before.We admit, that the issues mentioned are not directly related to Sonoma, but rather to the 7.4 build, yes we might have named the alert article differently.
I passed your feedback internally to people responsible for the macOS product.
We apologize for the inconvenience caused.
Peter
-
Hello @me myself and i,
the feature is implemented in Internet protection module 1457.
Today (September 27, 2023) it has been released on pre-release update channel, further releases will scheduled later.Peter
-
Hello guys,
the feature is implemented in Internet protection module 1457.
Today (September 27, 2023) it has been released on pre-release update channel, further releases will scheduled later.Peter
-
Hello @Alexander Keilhofer,
the feature is implemented in Internet protection module 1457.
Today (September 27, 2023) it has been released on pre-release update channel, further releases will scheduled later.Peter
-
Hello @Andi316,
the VAMP scans the applications once a day, based on the time frames defined in it's policy.
I recommend to check it in a day i.e. after consequent VAMP scan will be finished and the ESET management agent will connect to the server to send the fresh data.Peter
-
-
Hello,
just to add to what Marcos replied.
The Apache HTTP proxy has been replaced by the ESET Bridge, we recommend to migrate to it.
The latest version of the is 2.4.56.64
Many of the vulnerabilities reported are not valid for the features, we have enabled / use.
-
-
Hello guys, @obee / @Mitchell,
ESET services should be allowed by default.
Make sure that you have the latest version of ESET Bridge deployed / you use the config from the latest version and try it with it.In case the communication to an ESET service is blocked, please provide us with the Bridge logs capturing the attempt tp connect to it with the info verbosity set and of course the address of the service, you are trying to connect to.
Peter
note for us: P_EB-704 -
-
Hello @j-gray,
19 hours ago, j-gray said:@Peter Randziak Ok, if I understand correctly, you're saying that the Bridge can cache updates (modules, product updates), etc.) for OS X as long as the requests are via HTTP and not HTTPS? If that's the case, then great.
Yes the ESET Bridge or any standard proxy with the caching enabled.
19 hours ago, j-gray said:The documentation is a bit confusing, then, as there's no mention of HTTP traffic and the only list of supported products I could find were Windows and specifically not OS X.
Well the documentation stats what is supported for the HTTPS traffic caching, I admit that the behavior for http / macOS might be not that obvious from it 🙂
It is stated as
"•Cache and distribute updates to client computers and installation packages to ESET Management Agent."I submitted an improvement request for the Docu team to make the info more easy to understand.
19 hours ago, j-gray said:Thanks again for you help. I appreciate your presence here, as well as the other ESET folks.
Thank you for your very positive feedback provided, really appreciated.
We are also glad to have you, as a very active and cooperative user on the forum.Peter
-
-
Hello guys,
as my colleague Marcos stated, in the products for the home users, the notification cannot be disabled as it will prevent future upgrades of your ESET protection.
The migration / Windows upgrade is not necessary, just installation of an update bringing the ACS support is needed https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4
The notification can be disabled in the ESET security products for business users, where the administrator is responsible for the system and it's security.
Peter
-
Hello @j-gray,
18 hours ago, j-gray said:Thanks for the reply. The document you linked looks like firewall info, so does not appear to be relevant.
You are welcome, well yes it covers services which needs to be allowed on 3.rd party firewall.
It lists the services to which the ESET products connect to (vast majority of them) and those need to be allowed in the ESET Bridge ACLs as well...18 hours ago, j-gray said:ESET's bridge documentation, lists support only for Windows platforms and states specifically, "ESET Bridge does not support HTTPS traffic caching for ESET security products (and their versions) not listed above—Linux/macOS security products and earlier Windows security products."
yes that is for the HTTPS traffic as that needs to be intercepted by the ESET Bridge in order to be cache-able.
18 hours ago, j-gray said:I'm primarily interested in caching downloads and updates, but from everything I read, only Windows and Linux clients are supported. Meaning that we can't cache anything for OS X clients.
The module updates are by default served over HTTP so they can be cached by ESET Bridge.
By Downloads I assume you mean those served from Repository, right?
I assume that yes, those are being served by HTTP as well, for example the latest agent for macOS is being downloaded from http://repository.eset.com/v1/com/eset/apps/business/era/agent/v10/10.1.3267.0/agent_macosx_x86_64.dmg so it can be cached by ESET Bridge / standard caching proxy as well.Peter
-
Hello @j-gray,
ESET Bridge is indeed a successor for the Apache HTTP Proxy.
What exactly do you mean by support for OS X?
The ESET Bridge is able to cache the http traffic (like caching of module updates) and to pass the httpS traffic to most of the ESET's services listed at https://support.eset.com/tr/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall
Peter
Eset Server Security Non-Functional After Last Module Update
in ESET Products for Windows Servers
Posted
Hello guys,
the fixed modules are available on the Update servers since ~13:00 CET (November 14, 2023).
Users affected by this issue do not need to take any steps, the module will be updated automatically and the issue will be resolved by it.
We apologize for the inconvenience caused,
Peter on behalf of the teams involved