Jump to content

Peter Randziak

ESET Moderators
  • Content Count

    1,920
  • Joined

  • Last visited

  • Days Won

    67

Kudos

  1. Upvote
    Peter Randziak gave kudos to Marcos in Chrome 79 always starts a core dump and crashes   
    As I wrote, there will be a hotfix of ESET NOD32 for Linux desktop that will address the issue.
  2. Upvote
    Peter Randziak gave kudos to Marcos in Delay - updates virus definitions   
    There are no delays in providing update files on update servers. The difference is caused by the default interval for checking for new updates which is 60 minutes. That said, it should take 1 hour at maximum for all machines to update to a particular engine version.
    Unlike EMSL, Windows v7 product use streamed updates to get updates against a group of threats every few minutes. However, in case of VBA malware only ESET Dynamic Threat Defense (supported by Windows Server products v7+) could shorten the reaction time and possibly recognize the malware even before it starts spreading by analyzing attachments possibly carrying malware in cloud.
  3. Upvote
    Peter Randziak gave kudos to Mirek S. in MDM certificate   
    Hello,
    As @Perry noted 3rd party certification authorities typically provide pem or pkcs#12 web certificate which does not contain root CA as that is not required for common webservers - this certificate is typically preinstalled on devices so that chain of trust can be established. MDM does a "bit more" than typical webserver - during enrollment we also install root CA to enrolled device to establish trust (we can't guess whether certificate is selfsigned or signed by CA already trusted by device) so we have extra requirement.
    I'll look into improving documentation wrt to 3rd party certificates as openssl command line how to convert between formats and appending root CA to existing certificates should help some users.
    HTH
  4. Upvote
    Peter Randziak gave kudos to Perry in MDM certificate   
    Hi,
     
    You should create a full chain certificate which contains SSL cert, intermediate, root and private key.
     
    - Download XCA and install it.
    - Download OpenSSL and install it.
    1.) Create a empty file (C:\temp\cert-chain.txt) on your PC and past the following inside it:
    -----BEGIN CERTIFICATE-----
    (Your Primary SSL certificate from C:\temp\your_domain_name.crt)
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE-----
    (Your Intermediate certificate from C:\temp\TheIntermediateCA.crt)
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE-----
    (Your Root certificate part from C:\temp\TheTrustedRoot.crt)
    -----END CERTIFICATE-----
    2.) Now replace the content inside the brackets with your certificates (which you can export via XCA; PEM txt format). The order above is VERY important so do not mix it!
    2.) Export the private key (unencrypted in text format) with XCA from your certificate and store it inside  C:\temp\server.pemkey
    3.) Now merge everything together as pkcs12 (filename extension for PKCS #12 files is .p12 or .pfx). To do that open a CMD (run as admin) and perform:
    cd C:\OpenSSL-Win32
    openssl pkcs12 -export -inkey C:\temp\server.pemkey -in C:\temp\cert-chain.txt -password pass:ABCD -out C:\temp\certificate(chain_and_key).pfx
    4.) Your PFX file is now ready to be used.
  5. Upvote
    Peter Randziak gave kudos to Mirek S. in MDM certificate   
    To have "secure" as in trusted by browser, You need to purchase 3rd party certificate from common internet certification authority.
    One of such certificate authorities is let's encrypt who provide certificates for free.
    ESMC creates self-signed certificates which are not trusted unless their root CA is imported into device certificate store.
    @Command IT What You probably mean was certificate chain installation which was required till 6.5 due to TLS layer we used. In 7.0+ we use different TLS layer on windows (openssl) and PKCS#12 is newly required to contain entire certificate chain including root CA - system certificate store is not used anymore.
  6. Upvote
    Peter Randziak received kudos from Camilo Diaz in Latest update causes eset_proxy to flip out   
    Hello guys,
    I opened a ticket with the dev team to check the logs provided by @Camilo Diaz
    In case you have the logs (as described by Marcos), or are willing to record them feel free to provide me with them so I can have them checked...
    Regards, Peter
  7. Upvote
    Peter Randziak gave kudos to Marcos in ESET update error: File not changed within the given time interval   
    This appears to be a problem of a particular proxy server which responds with 304 Not modified even to non-conditional requests which is not in concordance with RFC.
  8. Upvote
    Peter Randziak gave kudos to Marcos in Win32/TrojanDownloader.Delf.BTT   
    You have a rootkit there. Either boot from a clean medium (e.g. ESET SysRescue) and run a full disk scan, or do the following:
    - start Windows in safe mode
    - move C:\Windows\System32\Ms96FB23EEApp.dll to another folder, e.g. to c:\eset
    - start Windows in normal mode
    - run a full disk scan.
     
  9. Upvote
    Peter Randziak gave kudos to Marcos in Apache HTTP Proxy   
    That's a huge number so a dedicate machine with http proxy will likely be necessary.
    ESET Dynamic Threat Defense runs files potentially carrying malware in a sandboxed EDTD cloud environment. It leverages multi-stage analysis, where it combines advanced detection techniques with behavioral analysis and machine learning.  Scan results are shared among all computers in an organization.
    In combination with Mail Security products, EDTD allows for delaying email delivery until a result of scan is received and only then clean email is passed to mailboxes. EDTD substantially improves protection from malware spreading in Office documents for instance.
    As of Endpoint 7.2, it's possible to block execution of files downloaded via email clients and browsers until the scan result from EDTD is received.
    If you are interested in trying out ESET Dynamic Threat Defense, please contact your local ESET distributor or drop me a message.
     
    Another product for enterprise users that we offer is our EDR solution ESET Enterprise Inspector which provides you with insight into what's going on in your network. With more than 200 pre-defined rules you get a good overview of possible security incidents that you can subsequently respond to or track them back to the source.




  10. Upvote
    Peter Randziak gave kudos to TomasP in ESA: delete old endpoints   
    Hello @Patrick van Lier,
    You just need to remove the corresponding DNS entry (as per the screenshot below) and restart the ESA Core Service.

  11. Upvote
    Peter Randziak gave kudos to TomasP in Updated Apache & PHP   
    Hello, sorry for the late response.
    Both Apache and PHP are planned to be updated in the first half of this year.
    Regards,
    Tomas
  12. Upvote
    Peter Randziak received kudos from pps in Windows 7 enterprise sp1 & eset endpoint 7.2.2055.0   
    Hello Peter,
    I guess the patches are not installed, see https://help.eset.com/ees/7/en-US/?sysreq.html 
    "Microsoft® Windows® 7 SP1 with latest Windows updates (at least KB4474419 and KB4490628)"
    Regards, Peter
  13. Upvote
    Peter Randziak gave kudos to Rami in "This file has been sent to analyze"   
    Yes I understand but sometimes you have cases where the files that you do are private to the company that you work with and it's hard to upload them for analyzing , but I understand it's bad for the AI system , same to what happened to Kaspersky and the American gov went crazy about it and blamed them for stealing data , while their AV saw that some files are suspicious and sent it to their AI.
    I know it's so important to get files sent by users , because that will make the system stronger and more accurate and faster.
  14. Upvote
    Peter Randziak gave kudos to Marcos in "This file has been sent to analyze"   
    Not a good idea. In case the user gets infected with certain new malware we would not be able to react and the malware could remain running and being always detected only in memory then.
    If you mind submission of compiled files if they are suspicious for whatever reason, add the folder with the compiled files to the exclusion list as shown below:

  15. Upvote
    Peter Randziak gave kudos to Marcos in Security Management Center does not update license   
    It's weird, last changes to the licenses were made in Nov, ESMC synchronizes with EBA automatically once a day. Do you see a message that synchronization was successful in the license manager? If running a manual synchronization doesn't make any difference, I'd suggest opening a support ticket with customer care.

  16. Upvote
    Peter Randziak gave kudos to MichalJ in Security Management Center does not update license   
    What I would try as a last resort before raising a ticket would be to remove the licenses from your ESMC, and try to re-add them again, either manually, or via the business account credentials. Adding them in our test environment shows correct expiration dates, for December 2021.
     
  17. Upvote
    Peter Randziak gave kudos to rrochefort in ESET Endpoint Antivirus MacOS Full Disk Access   
    Thank you @Peter Randziak,
    This is helpful, I'm not sure how I missed that when I was searching the site...
    Now I just need to figure out how to deploy the plist using our MDM provider.
     
    Update: Turns out just need to copy and paste the plist code to a custom settings profile.
  18. Upvote
    Peter Randziak received kudos from rrochefort in ESET Endpoint Antivirus MacOS Full Disk Access   
    Hello @rrochefort,
    you can find details at this help page: https://help.eset.com/ees_mac/6/en-US/ud_install_remote.html 
    Peter
  19. Upvote
    Peter Randziak gave kudos to Marcos in Network Wizard Aggravation   
    The firewall troubleshooting wizard was made for the purpose of showing all blocked communications, especially those blicked by user rules. Without that, incorrectly created user rules blocking desired communication could not be identified which would defeat the primary purpose of the wizard.
  20. Upvote
    Peter Randziak received kudos from Rami in ESET Endpoint Antivirus for Linux 7 BETA signup   
    Dear Linux community,
     
    We’ve been working on the new generation of our solution for Linux desktops for quite a while.
    The hard work of our development & QA teams, using technologies developed for the ESET File Security for Linux 7, were materialized into the first BETA version of our Endpoint product, which we would like to share with you.
    To mention just few of the top new features:
    Completely new distributed architecture, natively 64-bit, with better performance, security and stability New technology for On-access scanning by means of ESET-in-house-developed lightweight kernel module   Optimized for multi-core performance  Compatible with latest ESET Security Management Center 7.1  
    If you are interested in getting a chance of a hands-on experience with it and see the full list of improvements, just leave a comment here or send me ( @Peter Randziak) and @TomasP a private message.
     
    We are looking forward to your participation.
  21. Upvote
    Peter Randziak received kudos from PodrskaNORT in ESET Endpoint Antivirus for Linux 7 BETA signup   
    Dear Linux community,
     
    We’ve been working on the new generation of our solution for Linux desktops for quite a while.
    The hard work of our development & QA teams, using technologies developed for the ESET File Security for Linux 7, were materialized into the first BETA version of our Endpoint product, which we would like to share with you.
    To mention just few of the top new features:
    Completely new distributed architecture, natively 64-bit, with better performance, security and stability New technology for On-access scanning by means of ESET-in-house-developed lightweight kernel module   Optimized for multi-core performance  Compatible with latest ESET Security Management Center 7.1  
    If you are interested in getting a chance of a hands-on experience with it and see the full list of improvements, just leave a comment here or send me (  @Peter Randziak) and @TomasP a private message.
     
    We are looking forward to your participation.
  22. Upvote
  23. Upvote
    Peter Randziak gave kudos to Marcos in Latest update causes eset_proxy to flip out   
    When esets_proxy is heavily utilizing the CPU, select esets_proxy on the CPU tab in Activity Monitor. From the menu choose Sample process and Save as. Please provide the file along with ESET Log Collector logs to customer care. You can also upload the files here.
  24. Upvote
    Peter Randziak gave kudos to TomasP in Upgrade to Windows 10 version 1903 may cause boot error on Windows 10 with ESET Endpoint Encryption   
    We have identified a problem when upgrading a Windows 10 system with ESET Endpoint Encryption installed to the 1903 feature update. Installing the update can cause the system to crash (blue screen) when booting.
    We are currently investigating the cause and recommend not upgrading an encrypted system to 1903 until further notice.
    Systems that have been affected will need to be decrypted using our recovery tool (if full disk encryption was enabled) and then repaired using the Windows recovery console. See this knowledgebase article for more details: https://support.eset.com/kb7309/
  25. Upvote
    Peter Randziak gave kudos to Pinni3 in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Thank You @MichalJ and @MartinK for explaination
×
×
  • Create New...