Markwd

Hello, Just a quick (global) question: We have a webserver containing an instance of Apache Tomcat version 9 (not fully up-to-dat). The server also has ESET Server Security version 9 on it. Once in a while ESET Server Security detects an attempt to exploit HTTP/Exploit.CVE-2021-41773 on the Tomcat.exe process. The exploit is bound to a vulnerability in Apache HTTPD instead of Tomcat. Would that be an attempt of the attacker to try if the webserver accidentally has a vulnerable httpd version on it, what is triggering ESET to detect the exploit attempt? Could it be a FP, because Tomcat.exe is not vulnerable to this exploit, or could something else be the reason ESS is triggered? Thanks!

Description: More/better options to set the gui on (Terminal) ServersDetail: Just like the ESET Endpoint products for workstations now use, it would be much better to have the options to set the gui to Full, Minimal, Manual and Silent in stead of just Full and Terminal (in which the last one I think is not the right term).

Thanks! So both Online Help as the KB suggest to disable the gui entirely and do not warn the users when they open malicious content? In my opinion you would want the user to be informed immediately as they open malicious content to create a certain level of awareness. But you do not want the users to mess around in the gui itself. As I see it, only the option to set the GUI to Minimal (the way Endpoint Protection has) would solve that?

Hello @foneil, I was referring to this kb: https://help.eset.com/efsw/8.0/en-US/work_ui_disable_gui.html The title "Disable GUI on Terminal Server" and the text "This is usually undesirable on Terminal Servers" implicates to me, that it is adviced to turn off the gui on Terminal Servers. Also the term "Terminal" mode for the setting of the gui implicates that you want set this mode for Terminal Servers. I would still prefer the modes for Server Security to be the same as being used in the Endpoint software for Workstations (Full, Minimal, Manual, Silent).

Thanks for your respons @Marcos In that case I will try and pilot with the gui on. It would be nice if the gui could be set to minimal (where users only get notifications onscreen).

Hello, As advised in your KB, we have disabled the gui (set to Terminal) on all of our Terminal Servers. This means that the users on the Terminal Servers will not receive a (popup) notification when they open malicious e-mails, websites, or executables. Because of this the awareness amongst the users of these dangers will not grow, because they are not notified when they click on for example a malicious link. What would be the consequence if the gui would be enabled? Would this have impact on the performance of the terminal server? Also, I noticed that the Endpoint Antivirus and Security have also an option to set the Gui to: Minimal ( The graphical user interface is running, but only notifications are displayed to the user) Manual (Graphical user interface is not started automatically on logon. Any user may start it manually.) Silent (No notifications or alerts will be displayed. Graphical user interface can only be started by the Administrator.) What is the reason that ESET Server Security does not have these options for the gui?

Hello, I'm not sure if this forum is the right place for feature requests, but I have 2 feature requests regarding this product: 1) It would be nice if the preboot password and the Recovery Password screens could have a countdown option that displays the remaining attempts for entering your (Recovery) password. 2) Sometimes a user manages to disable the EFDE login and also the Password Recovery login. The only way to recover this (as far as I know) is to use the Data Recovery option to fully decrypt the disk(s) and then re-encrypt the disk(s) which can be a time consuming action (and all you want is to restore the EFDE login). It would be nice if there was a possibility to bypass the loginscreen or change the login password with the help of the USB Recovery media.

Hello, Will the most recent version of ESET Server Security be fully functiontional on a Windows Server 2022 server environment? (We are currently testing this new OS)? Thanks! Markwd

So your saying that major releases will also be installed by MicroPCU, but the difference is that the major releases will require a restart whereas Hotfixes will not? And if so, will the RTS be disabled untill the restart will be done if this major update has been provided through MicroPCU or will the driver be replaced after restarting the server? In other words: Would it be possible / advised to enable MicroPCU on servers and let it do the version updates all the way (including major versions) and have a reboot through a different maintenance windows provide the restart of the server (in some cases) days later?

Hello, ESET Server and Mail Security (v8) have been officially released now with the MicroPCU function built in. I was going through the knowledgebase to find more information about this function, and noticed the following kb: Program component update | ESET Endpoint Security | ESET Online Help It advices to set the PCU setting in the policies to Never for ESET server installations Furthermore, looking at the official statement about the best way ESET advices to do upgrades (Upgrading to a newer version | ESET Server Security | ESET Online Help) It advices us to fully uninstall the currently installed version, then restart the server and then install the new version. Also I noticed the IMPORTANT section stating that you need to have no pending Windows Updates or Restarts prior to installing the upgrades of ESET Server products. I have tested the upgrade to the new version 8 on several testservers and noticed that both the serverproduct as well as ESET Protect state that a Restart is required, but not mentioning that the Realtime Scanner is Non-functional anymore. Our local ESET Support channel also states, that the MicroPCU function only works for minor upgrades, so upgrading from version 8.0 to 8.1 will not work through MicroPCU. In those cases you still need to re-install the product. From upgrading of version 7.2 upwards every single upgrade on every server disables the Realtime scanner engine until the restart has been done. Before that, the products just kept working on the older drivers, until the server was restarted. I would really like to know what ESET officially advices for keeping their serverproducts up-to-date without major interference or security risks on servers of different classes that mostly require high availability. Markwd

Thanks @Kstainton! This helps a lot!! Kind regards, Mark

Hello @Kstainton, We would like to also store the Workstation ID as a Custom Property in Solarwinds N-Central. In case the workstation has lost connection to the ESET Protect environment, we can then create a Recovery Password by looking at this Custom Property, wthout having to ask the customer to provide this. I noticed a tool C:\Program Files\ESET\ESET Full Disk Encryption\EFDEcmd.exe and was hoping this was a commandline utility for such commands, but until now that utility seems of no use.

Hi, I Was wondering if there is an option to obtain the EFDE Workstation ID remotely through a Windows script or commandline utility. Thanks

Hello Peter, I would also like to participate in this Beta (if it is not too late). Thanks! Markwd

Hello MartinK, Thank you for your respons. In case a user does not know their preboot password anymore, we need to identify which workstation the user is working on at that moment. As the user does not know their preboot password (for what reason), he/she does not have access to the Windows Operating System to provide us unique details of the workstation (such as Computername or ip-address). The only unique point of recognition I can find in the preboot login page is the Workstation ID. In our EEE (Deslock) environment we use this all the time to match the workstation the user is dealing with, with the device in the EEE Server environment. This is also described as part of the procedure for decrypting an FDE disk in KB7150: https://support.eset.com/en/kb7150-remove-eset-endpoint-encryption-from-a-workstation (Verify that the WorkstationID value displayed matches the Workstation ID on the client. How do I find my Workstation ID?) (I was almost certain at some point this was also described as part of the password recovery procedure, but I cannot find this anymore). Also thank you for clearifying the usage of the usage for the Encryption Recovery option under Help. From my view this was the only point for matching the Workstation ID (and then from that point on do a Password Recovery). I can see from your point of view why this has been blocked.