[ESET Endpoint Security 9 & ESET Endpoint Antivirus 9 BETA]

On 10/29/2021 at 7:24 PM, Peter Randziak said:

Hello @johnson.yuan,

the original report was for Win 7 and 2008R2 by Hydra 8.1, can you please provide with the captures for the original report as well?

 

Anyway the research team had a look and found out following:

RDP - hydra 8.1 does not speak TLS or NLA for that matter. For this attack to work the server must be configured with NLA off. Turning NLA on makes the problem to go away.

SMB - probably SMB1 has been disabled on that server. Now, Hydra 8.1 speaks SMB1 only, but it fails to notice the reply from the server or the lack of it, effectively no brute forcing taking place. If we turn SMB1 on, detection seems to work as expected.

 

Peter

Hi Peter

thanks for your reply, I forget to mention, when test on this win 10, I'm using Hydra V9.0, and it succfully find out my password, and EES V9 detectd nothing.  I have checked the Retmote Desktop settings of the  win 10. the NLA is off.

 

Regards

Johnson

 

[ESET Endpoint Security 9 & ESET Endpoint Antivirus 9 BETA]

Hi Peter,

thanks for your reply, attached is the wireshark log, is captured on win 10 64bit.

Regards

Johnson

rdptest.rar

[ESET Endpoint Security 9 & ESET Endpoint Antivirus 9 BETA]

Hello, we are very interested in Brute-force attack protection. as we see too much ransom ware attack delivered by RDP brute force. so we tried the EES V9 on Win 7 and 2008r2, here is the result:

1. On win 7 64 bits, the EES V9 detects SMB brute force but failed to detect RDP brute force, the test is made via hydra 8.1.

2. On 2008 R2,  both the RDP and SMB brute force attacked is unabled to be detected.the test is made via hydra 8.1.

we are very value this function, so please look into this problems, as the hydra is one of the most common used hack tool.

Regards.

Johnson

 

 

 

[failed to register EVS to vShield]

we are testing EVS in customer enviroment.  we have deployed EVH and EVS , but failed to register EVS to vShield. EVS and EVH both are latest version download from eset website.
customer are using ESXI 5.5, seems unable to use NSX so choosed vShield.

we have tried:

1.  reboot EVS and vShield
2. Reinstall the vShield Endpoint
3. test connnection of 443 port of vShield

any suggestions?

here is the creensnape of failure:

screensnape of vShield Endpoint module, the  vShield version is 5.5.4

screensnape of vah:

[Agent failed connect to server, Handshake failed to complete]

On 2017/1/21 at 0:07 AM, MartinK said:

we have seen similar error caused by problem in operating system itself, which could be resolved by installing official KB fix

actually I encountered 3 such case in different network, problem OS all are win 7? can't remember.

could you please provide a link of the official KB  which you mentioned to me ? it my help me resove this issue. great thanks.

[Agent failed connect to server, Handshake failed to complete]

I'm using ERA 6.4 in my network, have around 60 clients, most of those clients are working fine, but one of computer failed to connect to server. I have looked into the log file, and found:

Error: CReplicationManager: Replication (network) connection to 'host: "172.16.1.44" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.

This  computers installed the agent with same settings like others, because they are installed by the same liveinstall batch.

I have tried:

1. reinstall the agent

2. creat new cert and reinstall 

all of above methods doesn't help, any body here have any suggestions? many thanks

trace.log