Jump to content

Peter Randziak

ESET Moderators
  • Content Count

    1,825
  • Joined

  • Last visited

  • Days Won

    63

Kudos

  1. Upvote
    Peter Randziak gave kudos to serlockwright in Can not create license offline in ELA and EBA   
    I already created the offline license file. Thank you for support.
  2. Upvote
    Peter Randziak received kudos from serlockwright in Can not create license offline in ELA and EBA   
    The issue has been resolved, you should be able to generate the offline license file now, can you confirm?
    Peter
  3. Upvote
    Peter Randziak gave kudos to Marcos in Question about Web Protection   
    When referring to objects, we mean basically files, but we prefer using this general term since objects may also mean archives, processes, WMI, UEFI, streams, etc., ie. anything that can be scanned. As for the settings referring to newly created or modified files, it really concerns files only. We could use the general term "objects" as well but "files" sounds more natural to users.
  4. Upvote
    Peter Randziak gave kudos to itman in Question about Web Protection   
    Let's analyze this in detail.
    First screen shot is ThreatSense settings for Web Access protection. The important setting to note is "Advanced heuristics/DNA signatures":

     
    The next two screen shots are for Realtime protection. The important thing to note is the omission of the "Advanced heuristics/DNA signatures" protection on base ThreatSense settings:

    And for file creation and execution,  advanced heuristics are performed for both. Of note is the absence of any reference to "DNA signatures":

     
    From the above, we can conclude that "DNA signature" usage is only used by default by Web Access protection. And that is indeed an issue. The solution to me appears to enable "Advanced heuristics/DNA signatures" scanning option for Realtime time protection. I assume that is disabled by default for system performance reasons.
    Also this issue doesn't just apply to FireFox Send delivered files. What about anything not Internet downloaded such as files on USB media?
  5. Upvote
    Peter Randziak gave kudos to 0xDEADBEEF in Question about Web Protection   
    The only reason I was mentioning this is because web protection has more sensitive heuristics than on-demand scan or realtime scan, as Marcos has stated in this thread.
    This means though the realtime scan or AMS will anyway catch the malware if the file is extracted to disk or memory, it might missed the more sensitive heuristic in the web protection layer, if my understanding is correct. As for how much more sensitive the web protection is compared to normal scanner, I've no idea
  6. Upvote
    Peter Randziak gave kudos to Marcos in Question about Web Protection   
    Didn't notice this inconsistency until now. Advanced heuristics always also means DNA detections.
  7. Upvote
    Peter Randziak gave kudos to Matus in System's Accessibility Features in Security and Privacy are blocked   
    Hi Paul,
    Have you tried also with the latest version - 6.7.876.0 ?
    There have been a couple of changes regarding MacOS compatibility. 
    Thanks
  8. Upvote
    Peter Randziak gave kudos to Marcos in Horizon - Endpoint Antivirus   
    This is untrue. We contacted VMware and provided them with details about the problem in their driver. It's their turn now.
  9. Upvote
    Peter Randziak gave kudos to TomasP in Can No Longer View Who Is Logged Onto The Forum?   
    Thank you for pointing this out, last time it was an issue with a cache, we reported this again to the service provider, so hopefully it will be resolved soon.
    Tomas
  10. Upvote
    Peter Randziak gave kudos to 817 in database create error occurred during ESMC install   
    I checked the version ODBC-driver and re installed 5.3.10, then ESMC installer run correctly.
    Thank you very much, @MartinK and @Peter Randziak !
  11. Upvote
    Peter Randziak gave kudos to MartinK in database create error occurred during ESMC install   
    Problem seems to be in MySQL ODBC driver used. Unfortunately ESMC 7.0 does not support latest versions as there is some bug in driver itself. It was supposed to be fixed in ODBC driver 8.0.16 released recently but seems there might be some another issue.
    I would recommend to check documentation where latest supported version of MySQL ODBC driver is mentioned. If I recall correctly, latest working version is 5.3.10.
  12. Upvote
    Peter Randziak gave kudos to miso in Importing White List Domains, ESET for Domino   
    There is also import command:
    "C:\Program Files\ESET\ESET Security\eshell.exe" server as filtering import APPROVED-SENDERS ${file}
    Show all supported commands for particullar list:
    "C:\Program Files\ESET\ESET Security\eshell.exe" server as filtering APPROVED-SENDERS ?
     
  13. Upvote
    Peter Randziak gave kudos to itman in Can No Longer View Who Is Logged Onto The Forum?   
    This just started today. All I see is myself?
  14. Upvote
    Peter Randziak gave kudos to TomasP in Can No Longer View Who Is Logged Onto The Forum?   
    Hello, this has now been fixed, you should be able to see all online users again.
  15. Upvote
    Peter Randziak gave kudos to MartinK in Question over encryption between Eset Security Management Center Server and database   
    I would recommend to check file:
    %PROGRAMDATA%\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration\startupconfiguration.ini which contains connection string as used by ESMC. Please make sure you create backup before doing modifications. Resulting connection string is passed to SQLServer ODBC driver and thus all parameters supported by driver should be working. Also be careful with using reserved characters as are @,{,},... as it might require special escaping to work properly.
    Also be aware that changes in this file might break upgrade of ESMC in the future, and even if upgrade is successful, it might replace this file with new one, without custom changes you made.
  16. Upvote
    Peter Randziak gave kudos to MartinK in Erro agent Deployment From console ESMC   
    Unfortunately remote deployment task has a glitch that it shows successful installation even in case installation actually failed. This is issue of last phase of installation, so it means ESMC is able to connect to this device, but either download of AGENT installer or installation itself fails. Most probable cause is download, especially in case device has limited access to internet or ESMC is configured to use HTTP proxy.
    I would recommend to create Windows live installer in console (it is bat script) and try to execute it manually on device. It will behave exactly as it executed remotely, but local execution might help diagnose the issue.
  17. Upvote
    Peter Randziak gave kudos to MartinK in Multihomed host - ESMC 7.x   
    That is correct column for this scenario. Remote host shows IP address as seen by ESMC, which is suitable for remote clients, until they are not hidden behind NAT router or load balancer which would result in multiple devices with the same IP address.
    IP addresses shown in other column are based on local state on AGENT, where IP address of interface with highest priority should be shown - but it might have no relation to interface that was actually used to connect to ESMC.
  18. Upvote
    Peter Randziak gave kudos to MichalJ in How to create dynamic group "Not updated Agent"?   
    There are multiple methods: 
    You can click on the "red" part, and drill down to see the list of machines with outdated agent You can navigate to the dashboard "ESET Applications" check table "outdated applications", locate agent, and drill down to get the list of all machines You can alternatively create a DG for not having a specific version of Agent installed (all others will be outdated). I would recommend to use the first / second option. 


  19. Upvote
    Peter Randziak gave kudos to Marcos in Query over TLS1.0   
    You can accomplish this by enabling advanced security in the ESMC server setup and re-regenerating CA and peer certificates.

  20. Upvote
    Peter Randziak gave kudos to RichardW in Query over TLS1.0   
    Thanks
    I just needed to change
    sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to
    sslEnabledProtocols="TLSv1.1,TLSv1.2" within C:\Program Files\Apache Software Foundation\apache-tomcat-7.0.92\conf\server.conf
  21. Upvote
    Peter Randziak gave kudos to MartinK in Query over TLS1.0   
    Hope that helps. Crucial parameters are:
    sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA" where you can limit not only TLS protocol but also list of supported cipher suites, even when we have already enabled only those most secure and considered as secure by various analysis tools.
  22. Upvote
    Peter Randziak gave kudos to MartinK in Query over TLS1.0   
    Unfortunately this is not configurable via UI. It i actually part of Apache Tomcat configuration distributed with ESMC. Please check following KB3724 but just search for TLSv1 and you will understand what to search for in server.xml configuration file. There is no need to follow this KB as it is unrelated.
    Regarding question why it TLS1 enabled by default - it is due to backward compatibility as ERA6 clients were using TLS layer provided by system itself, and we do still support older systems (Windows XP as an example, but also older Linux and macOS) which do not support TLS 1.2.
  23. Upvote
    Peter Randziak gave kudos to Axel.HARTH in file security error "Modules mapping directory not found" on SLES-12.4   
    Hi J.J,
     
    I try your configuration and it is working well.
    Thanks for your help.
     
    Axel
  24. Upvote
    Peter Randziak gave kudos to J.J. in Equvivalent for libcanberra-gtk-module:i386,libappindicator1   
    Disable Selinux (Selinux is not supported by our product):
    To disable SELinux, configure SELINUX=disabled in /etc/selinux/config:
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #       enforcing - SELinux security policy is enforced.
    #       permissive - SELinux prints warnings instead of enforcing.
    #       disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #       targeted - Targeted processes are protected,
    #       mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    Disable Wayland (Wayland is not supported by our product)
    You can do this on Fedora 29 by editing /etc/gdm/custom.conf and uncommenting the line "#WaylandEnable=false"
    Install GlibC
    - yum install libc6.i686
    Install Gnome tweak tool:
    - yum install gnome-tweak-tool
    Install TopIcons Extension:
    - yum install gnome-shell-extension-topicons-plus
    Pre-Requisities: You need the make utility :
    # Debian, Ubuntu
    sudo apt-get install make
    # Red Hat, Fedora
    sudo dnf install make
    Download the code to any folder, using git:
    git clone https://github.com/phocean/TopIcons-plus.git
    Go into the TopIcons Plus project directory and execute the installation script.
    cd TopIcons-plus
    make install
    This will compile the glib schemas and copy all the necessary files to the GNOME Shell extensions directory for your own user account (so you don't need admin privileges to run make). By default, TopIcons Plus will live in the directory 
    ~/.local/share/gnome-shell/extensions/TopIcons@phocean.net/.
    If you want to install the extension so that it will be usable system-wide, you'll have to change the INSTALL_PATH variable, and run as root.
    sudo make install INSTALL_PATH=/usr/share/gnome-shell/extensions
    Finally, launch the gnome-tweak-tool utility to manage extensions. There, you can enable TopIcons Plus and then tweak its look and feel.
    Enable Top Icons plus using Gnome Tweak tool
    - Screenshot attached

    Install ESET NOD32A Antivirus for Linux Desktop

  25. Upvote
    Peter Randziak gave kudos to Silver in ESET Agent&Endpoint remote deploy to MacOS? ECA only.   
    An FYI for anyone else searching - ESET ECA currently can't do this directly, but ESET UK support helpfully provided a sh script which can install the ESET remote agent silently, connecting endpoints directly to the correct ECA instance.
    This worked for me - Meraki can deploy the script by wrapping it into a DMG package and deploying as a custom app.
    ESET ECA can then install ESET sofware/licences etc, with everything being 100% remote.
     
×
×
  • Create New...