Jump to content

Peter Randziak

ESET Moderators
  • Content Count

    2,173
  • Joined

  • Last visited

  • Days Won

    86

Kudos

  1. Upvote
    Peter Randziak received kudos from OdoArdTus in ESET Endpoint Security 8 BETA signup   
    Hello ESET Endpoint Security / Antivirus users,
     
    It’s been quite a while since we released the 7th generation of our Endpoint solutions, so naturally you may ask when the generation 8 will be released. We have good news to share, as we are approaching the final stages of development and preparation for the release, we would like to share it with you so you can try it before it gets released officially and give us feedback on it, which is very valuable for us.
    I guess the first question, which comes to mind is what will be the new features of it. Let me briefly name some:
    Secured browser bringing additional security to the browsing experience as it protects the browser’s memory, restricts the extensions and protects the keyboard inputs as well.
    Micro Program Component Update which will be manageable from the management console as a practical solution to keep the product up to date with ease. Installed endpoint can wait for its application, without affecting the protection level. Moreover the updates are differential, thus much smaller than standard installation packages.
    WMI Database and System registry scans added as a scan targets, allowing the users / administrators to initiate on-demand scans on them.
    Unified exclusions for IDS bringing the unified UX to those exclusions as well.
    To find out more and try it yourself, join the BETA program…
     
    I hope the described features and improvements made you interested, you sign up here by a reply, or by sending me or TomasP a private message.
    By joining the BETA you agree with our BETA Program agreement.

    We are looking forward to your feedback.
    Thank you in advance, 
    Peter Randziak on behalf of teams involved
  2. Upvote
    Peter Randziak gave kudos to Marco5342 in Protocol filtering stops access to emails   
    The last few days/weeks I've been in contact with Peter and he consulted the ESET dev team to solve my issue. We tried several things, I sent several logs and tried a patched version of the filtering part but it didn't help. Finally my issue disappeared after I removed some certificates from the 'Manage Certificates' config box in Thunderbird. This were certificates I (long ago) accepted due to self-signed certificates or test servers. Some servers I connect to now (which have now a valid certificate) had an certificate in that box (but not all). It looks like somehow something got confused by those certificates.
    After deleting my own accepted certificates, I could enable the IMAPS check in ESET again and everything works fine. It doesn't explain where and why things went wrong and unfortunately I cannot reproduce it any more. You could try this too (and make a backup of the certificates first for debugging purposes).
  3. Upvote
    Peter Randziak received kudos from Guilhermesene in Passord Manager 3 troubles   
    Yes as I mentioned earlier, it should be fixed in the upcoming 3.0.6 release of the extensions.
    I'm checking the planned release date with the guy responsible...
    Peter
  4. Upvote
    Peter Randziak gave kudos to PuterCare in Eset blocking encrypted network traffic with a trusted certificate?   
    Thanks @Peter Randziak @TomasP, I have PM'd you the link to logs.
  5. Upvote
    Peter Randziak gave kudos to JozefG in ESET 14.0.22 - Tardy Notification - Firewall & Network Protection - Win 10 Security Alert   
    @davidovitch Note that Windows Security Center service is delayed start service. Until it starts we cannot report anything as there would be bunch of errors.
    Can you please share screenshot of such alert?
  6. Upvote
    Peter Randziak gave kudos to Staj in How To: Setup Active Directory Integration for ESMC (Linux Component Install)   
    I had some issues configuring Active Directory integration (Kerberos etc.) with ESMC so I decided to do a write-up on what I did to get it working. This is for Ubuntu Server 18.04 but it should be applicable to other Debian based distros, adjust where required.
    Let's assume we have the following environment:
    ESMC Linux Distribution: Ubuntu Server 18.04
    ESMC Hostname: esmc
    ESMC FQDN: esmc.test.local
    ESMC IP Address: 10.123.1.2
    Active Directory Domain: test.local
    NetBIOS Domain: TEST
    Domain Controller: dc.test.local (10.123.1.1)
    ESET ESMC AD User Account: eset.esmc@test.local (eset.esmc)
    Ensure the required Server prerequisites (v7.2) are installed. sudo apt-get install krb5-user ldap-utils libsasl2-modules-gssapi-mit samba  
    Configure Samba at /etc/samba/smb.conf
    Ensure you change workgroup to the NetBIOS Domain, netbios name to the ESMC Hostname and realm to the Active Directory Domain.
    The following configuration is based on one found in ESMC VA v7.2
    [global] workgroup = TEST netbios name = esmc server string = Samba Server Version %v security = ads realm = test.local domain master = no local master = no preferred master = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072 use sendfile = true idmap config * : backend = tdb idmap config * : range = 100000-299999 idmap config TEST : backend = rid idmap config TEST : range = 10000-99999 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes winbind refresh tickets = yes template homedir = /home/%D/%U template shell = /bin/bash client max protocol = SMB3 client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes restrict anonymous = 2 log file = /var/log/samba/log.%m max log size = 50 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes client ipc signing = auto Configure Kerberos at /etc/krb5.conf
    Ensure you change default_realm to Active Directory Domain (Must be capitalised) and the realm definition Active Directory Domain (Must be capitalised). Ensure you specify your Domain Controller as a kdc under the realm definition for your Active Directory Domain, if you have multiple Domain Controllers, specify multiple kdc's. Ensure you map Active Directory Domain (prefixed with ".") to the realm name (Your Active Directory Domain but capitalised) under domain_realm.
    The following configuration is based on one found in ESMC VA v7.2 [libdefaults] default_realm = TEST.LOCAL ticket_lifetime = 24h forwardable = true [realms] TEST.LOCAL = { kdc = dc.test.local } [domain_realm] .test.local = TEST.LOCAL  
    Configure DNS Resolution.
    systemd-resolved can cause issues with Kerberos, it can probably be worked around but disabling it as follows also works. sudo systemctl disable systemd-resolved.service sudo systemctl stop systemd-resolved Configure /etc/resolv.conf
    Specify your Domain Controller as a nameserver, create additional nameserver definitions for each Domain Controller. Specify Active Directory Domain for search nameserver 10.123.1.1 search test.local Ensure Hostname is set correctly
    If you need to change your hostname, you can use: sudo hostnamectl set-hostname esmc.test.local  
    Configure /etc/hosts
    Add your ESMC and your Domain Controllers to the hosts file. Take note of the ordering of FQDN and aliases after the IP Address as net join will use the first defined alias for your host as SPNs etc. when joining the system to the domain. All values are tab separated. 127.0.0.1 localhost 10.123.1.2 esmc.test.local esmc 10.123.1.1 dc.test.local dc Configure Time Synchronisation
    By default, the maximum tolerance for computer clock synchronization for Active Directory Kerberos participants is 5 minutes from a Kerberos Key Distribution Center (KDC; in our case, the Domain Controller) to operate correctly. If ESMC is in a VM, you may already be using a Hypervisor with some VM Agent that handles this but, if not, then systemd-timesyncd should suffice or you can use ntpd. Let's assume you use systemd-timesyncd: Configure /etc/systemd/timesyncd.conf
    NTP Server addresses are separated by spaces. specify each of  your Domain Controllers [Time] NTP=10.123.1.1 Ensure systemd-timesyncd is set to sync and force it to resync. You should see a log entry that it "Sychronized to time server 10.123.1.123" as per your configuration. sudo timedatectl set-ntp on sudo timedatectl status sudo systemctl restart systemd-timesyncd.service systemctl status systemd-timesyncd.service  
    Join System to Domain If you have Webmin you can use Rejoin Domain (VA v7.2) but it more or less just runs the following command (Replace Administrator with an authorised AD User that can join systems to the domain): sudo net join ads join -U Administrator This relies on a correctly configured /etc/smb.conf
    You will probably want to move the resulting Computer object this creates in your domain from the default Computers OU to a more relevant OU given your OU hierarchy design in your domain.
    Setup Mapped Domain Security Groups under Access Rights in ESMC Configure Active Directory under Advanced Settings in Server Settings (v7.2) Map Domain Security Groups and assign Permission Setting
    Map Domain Security Group users (v7.2) Setup a Static Group Synchronization Server Task in ESMC
    Synchronization mode - Active Directory / Open Directory / LDAP (v7.2) Setup a User Synchronization Server Task in ESMC
    User Synchronization (v7.2) Troubleshooting
    The following can be used to test Kerberos login and LDAP GSSAPI whilst showing debug information, useful for troubleshooting. It destroys and existing Kerberos tickets for your user, obtains a Kerberos ticket for the specified AD user, lists obtained Kerberos tickets then performs LDAP Search by authenticating with GSSAPI.
    When troubleshooting Kerberos, you should always check the system time with the relevant Domain Controller (KDC) to ensure they are within 5 minutes of each other (by default).
    Replace eset.esmc with the AD User Account that ESET ESMC will connect under. Replace dc.test.local with your Domain Controller. Replace DC=test,DC=local with the Distinguished Name (DN) of the Base OU in your Domain where you want to list all child Computer objects of. kdestroy KRB5_TRACE=/dev/stdout kinit eset.esmc klist -f KRB5_TRACE=/dev/stdout ldapsearch -LLL -Y GSSAPI -h dc.test.local -b 'DC=test,DC=local' '(&(objectCategory=computer))' 'distinguishedName' 'dNSHostName' @tomasS @Peter Randziak
  7. Upvote
    Peter Randziak gave kudos to Staj in Documentation: Active Directory Integration on Linux for ESMC (Non-VA)   
    @Peter Randziak
    This appears to be resolved, turns out I missed out on some configuration in the hosts file. Thank you to @tomasS for the one-on-one assistance with this.
    I'll try to write-up a How To soon on how I configured this all so if anyone else is configuring this on a Linux component (non-VA) install, they'll avoid some of the mistakes I've made.
  8. Upvote
    Peter Randziak gave kudos to MurrayCarte in Introduce yourself   
    How did you find the ESET Security Forum?
    Duckduckgo
    What OS are you running?
    Win10 Pro
    What AV are you running?
    Eset Nod32 Antivirus
    What’s an interesting fact about you?
    The first computer I played on was a Commodore 64
  9. Upvote
    Peter Randziak gave kudos to grapeyy28 in I keep getting "can't reach activation servers" with error code ecp 20019 when trying to activate   
    Thank you so much Marcos! The firewall method worked!
  10. Upvote
    Peter Randziak gave kudos to Staj in Documentation: Active Directory Integration on Linux for ESMC (Non-VA)   
    @tomasSWill sent unredacted log to you via direct message.
  11. Upvote
    Peter Randziak gave kudos to joaer in Protocol filtering stops access to emails   
    Marcos, I have already sent a log collection to Peter Randziak. Do you require another one?
  12. Upvote
    Peter Randziak gave kudos to Marco5342 in Protocol filtering stops access to emails   
    I just uploaded a new log to a private message thread chat with Peter and TomasP.
  13. Upvote
    Peter Randziak gave kudos to itman in Protocol filtering stops access to emails   
    Also has been pushed to regular update channel.
  14. Upvote
    Peter Randziak gave kudos to tomasS in Documentation: Active Directory Integration on Linux for ESMC (Non-VA)   
    Hello, could you please try to clear the Kerberos cache by "kdestroy". Afterwards, please try to obtain the TGT(by "kinit") and use the same command just replace the "ldaphost" with the IP:
    KRB5_TRACE=/dev/stderr ldapsearch -LLL -Y GSSAPI -h 10.123.123.1 -b 'DC=test,DC=local' '(&(objectCategory=computer))' 'distinguishedName' 'dNSHostName'
    Is there any chance to provide us with the "krb5.conf" and settings of user "eset.esmc" from the AD >> I mean "Account options" from "AD Users and Computers" >> particular user >> "Properties" >> "Account"
  15. Upvote
    Peter Randziak gave kudos to MartinK in Changing Agent hostname for remote deployments   
    Indeed as of now, it is proper workaround fr this issue. This FQDN value will be used as default for installers, used in case override is not provided explicitly.
  16. Upvote
    Peter Randziak gave kudos to ChuckM in Changing Agent hostname for remote deployments   
    I believe I found my answer. Changing the tbl_servers.server_identificator from the SQL database. Will report back if this actually works and any issues that comes with it, if any.
  17. Upvote
    Peter Randziak gave kudos to janoo in ESMC Install Docs: Additional Notes   
    Hello @Staj
    I am sorry for your inconvenience. The winbind package is used by ESMC server only as a backup solution. By default, the AD is synchronized using kerberos (properly configured) and ldapsearch packages, which are in the prerequisites list you mentioned.
    Usually this kind of error happens, when Web Console > Server Settings > Advanced Settings > Active Directory is not filled properly. You need to enter a read-only account and host name. Container is optional.
  18. Upvote
    Peter Randziak gave kudos to joaer in Protocol filtering stops access to emails   
    For the record, I managed to solve my Thunderbird SSL/TLS problems by keeping protocol filtering enabled, but adding the IP address of the IMAP server (a local address on my home network) to the Excluded IP addresses list, found in Advanced setup > Web and email > Protocol filtering > Excluded IP addresses. Maybe not the correct or best way to solve it, for for now, I'm good.
    I presume my firefox errors were a result of certificate regeneration, which I handled by following the advice above.
    Regards, Joakim
  19. Upvote
    Peter Randziak gave kudos to Posolsvetla in Sources of Web Control categories in Endpoint Security   
    In most cases only domain is sent, but the whole URL can be sent as well. The URL part after ? or # is not sent.
    Currently the URL can be quite easily read from the request, however these days we are in the process of releasing a new functionality for the encryption of these requests. The process should be finished in November if no blocking issues emerge.
    The URLs are not kept at our servers at all.
  20. Upvote
    Peter Randziak gave kudos to igi008 in Windows MSP Agent installer only providing .exe download, not .bat   
    Thanks, quite a good idea. We will try to bring it in a service release next year.
  21. Upvote
    Peter Randziak gave kudos to Mirek S. in MDM and weak certificate   
    Hello,
    Android team is currently investigating this issue with self-signed certificates. If You use self-signed certificates (ESMC generated) please fill ticket with customer care so there is more data regarding this (we will need logs from phone and mdm certificate to speed up the process).
    Sorry for inconvenience,
    M.
  22. Upvote
    Peter Randziak gave kudos to Vilket Namn in Recovery of password manager account.   
    Thank you. I found it.
  23. Upvote
    Peter Randziak received kudos from Vilket Namn in Recovery of password manager account.   
    Hello,
    the recovery key is generated locally in the browser.
    For security reasons no one else has access to it, you can navigate to the settings, change the password and new recovery key will be generated for you.
    Peter
  24. Upvote
    Peter Randziak gave kudos to TS2020 in ECA Login - "login failed - communication error"   
    Thanks Peter. Seems to be working ok now.
    Had tried yesterday with incognito mode so cache/cookies shouldn't make much difference. 
  25. Upvote
    Peter Randziak received kudos from HeinrichS in Foreign identity in Password Manager 3.0   
    Hello @HeinrichS,
    I will try to check it.
    1. Can you please send me a private message with an e-mail you used to set up the password store?
    2. The migration was competed in the end so you can see the accounts correctly and the issue is only with the identity and notes, or? 
    3. In the old PWM do you have identity and notes saved? 
    Peter
×
×
  • Create New...