Jump to content

Mirek S.

ESET Staff
  • Posts

    143
  • Joined

  • Last visited

  • Days Won

    2

Kudos

  1. Upvote
    Mirek S. gave kudos to Embercide in Why doesn't the client version auto update - only the definitions?   
    As the title suggestions, why don't the endpoint security products auto update (eg from 7.2 to 7.3) ?  Only the virus definitions do.

     
    With 90% of staff working from home its not possible to push this update out via our on-premise ERA (not that it ever worked realiably before) 
  2. Upvote
    Mirek S. received kudos from CarloMostoles in updating Mobile Device Connector 6.5 to 7.1   
    Hello,
    I would not recommend using ODBC driver newer than 5.3.11.
    Other than incompatibilities later MySQL ODBC drivers/client library also switched to unconditional use of openssl instead of internal TLS implementation they used to have and in some cases this triggers startup clashes of openssl initialization where MDM requires some setup and MySQL actually uses different one causing runtime issues.
    HTH,
    M.
  3. Upvote
    Mirek S. gave kudos to itman in This really shouldn't be difficult, but it is   
    Where the confusion kicks in on Eset licensing options is they offer a multi-device license option: https://www.eset.com/us/home/multi-device-security/ . This license allows you to install Eset on any device where a supported product version exists.
    To add to the confusion depending on where you reside, Eset marketing in that country might offer a multiple pack option; usually up to 5 devices. So the result is a multi-device and multi-license subscription which allows any Eset product to be installed on up to 5 supported devices. The key to keeping all this straight is that Eset products have built-in restrictions; e.g. NOD32 has an option for Windows and Linux. The other Eset desktop products only support Windows. And obviously, the Eset mobile version is for Smart phones. 
  4. Upvote
    Mirek S. gave kudos to Scotch in This really shouldn't be difficult, but it is   
    It would be so much simpler if Eset would just ask questions before you buy. Nothing crazy, just ask about OS, how many devices, what level of protection, etc. That way, buyers wouldn't do something stupid, like buy the wrong software. *ahem* The irony to me is that the experience I've had resembles how Microsoft makes simple things like finding information on correcting problems -- or even sometimes products you want to buy (!) -- difficult because they put the information somewhere stupid, and/or forgot to tell the user where to find it. Yet, my experience with Eset's Windows and Android products over the better part of a decade has been completely drama-free.

    Thank you, by the way.
  5. Upvote
    Mirek S. received kudos from CEPers in DEP certificate chain error   
    Hello,
    We are aware of this issue. Apple switched to virtual servers (which require TLS SNI) and this caused malfunction in all currently released versions of MDM.
    Please contact support for hotfix version
    HTH,
    M.
  6. Upvote
    Mirek S. received kudos from Peter Randziak in MDM certificate   
    Hello,
    As @Perry noted 3rd party certification authorities typically provide pem or pkcs#12 web certificate which does not contain root CA as that is not required for common webservers - this certificate is typically preinstalled on devices so that chain of trust can be established. MDM does a "bit more" than typical webserver - during enrollment we also install root CA to enrolled device to establish trust (we can't guess whether certificate is selfsigned or signed by CA already trusted by device) so we have extra requirement.
    I'll look into improving documentation wrt to 3rd party certificates as openssl command line how to convert between formats and appending root CA to existing certificates should help some users.
    HTH
  7. Upvote
    Mirek S. gave kudos to Perry in MDM certificate   
    Hi,
     
    You should create a full chain certificate which contains SSL cert, intermediate, root and private key.
     
    - Download XCA and install it.
    - Download OpenSSL and install it.
    1.) Create a empty file (C:\temp\cert-chain.txt) on your PC and past the following inside it:
    -----BEGIN CERTIFICATE-----
    (Your Primary SSL certificate from C:\temp\your_domain_name.crt)
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE-----
    (Your Intermediate certificate from C:\temp\TheIntermediateCA.crt)
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE-----
    (Your Root certificate part from C:\temp\TheTrustedRoot.crt)
    -----END CERTIFICATE-----
    2.) Now replace the content inside the brackets with your certificates (which you can export via XCA; PEM txt format). The order above is VERY important so do not mix it!
    2.) Export the private key (unencrypted in text format) with XCA from your certificate and store it inside  C:\temp\server.pemkey
    3.) Now merge everything together as pkcs12 (filename extension for PKCS #12 files is .p12 or .pfx). To do that open a CMD (run as admin) and perform:
    cd C:\OpenSSL-Win32
    openssl pkcs12 -export -inkey C:\temp\server.pemkey -in C:\temp\cert-chain.txt -password pass:ABCD -out C:\temp\certificate(chain_and_key).pfx
    4.) Your PFX file is now ready to be used.
  8. Upvote
    Mirek S. received kudos from Peter Randziak in MDM certificate   
    To have "secure" as in trusted by browser, You need to purchase 3rd party certificate from common internet certification authority.
    One of such certificate authorities is let's encrypt who provide certificates for free.
    ESMC creates self-signed certificates which are not trusted unless their root CA is imported into device certificate store.
    @Command IT What You probably mean was certificate chain installation which was required till 6.5 due to TLS layer we used. In 7.0+ we use different TLS layer on windows (openssl) and PKCS#12 is newly required to contain entire certificate chain including root CA - system certificate store is not used anymore.
  9. Upvote
    Mirek S. gave kudos to itman in User Interface will not display   
    Refer to the screen shot you posted. A Start Mode of Minimal will only allow notifications to be displayed.
    Appears the Manual setting is what you desire:
    https://download.eset.com/com/eset/apps/business/ees/windows/latest/eset_ees_7_userguide_enu.pdf
  10. Upvote
    Mirek S. received kudos from Peter Randziak in MDM https requirements   
    Hello,
    Those requirements are there mainly because iOS devices as we use built-in iOS. What iOS devices accept as trusted differs per iOS version and we described _most_ restrictive rules which should work always. (There are other requirements like RSA2048+, SHA256+ etc... for iOS described elsewhere in documentation)
    So in the end Your certificate may work (it will definitely work for Android devices), however when Apple brings some update to their trust validation it might stop working.
    HTH,
    M.
  11. Upvote
    Mirek S. received kudos from Peter Randziak in ERROR WHILE INITIALIZING CONFIGURATION EDITOR.: (TYPEERROR) : ((INTERMEDIATE VALUE)(INTERMEDIATE VALUE) , K).INITCONFIGEDITOR IS NOT A FUNCTION   
    Hello,
    We checked multiple browsers to identify which one produces this error (seems like you posted chrome error), However for future reference (and potentional improvement) can you please answer following?
    browser(s) (in case of IE ideally export security settings for security zone console is in) - you already said you tried multiple, however platform/browser still matters for reproduction. webconsole behind reverse proxy/application firewall ESET (or other) product with TLS filtering enabled installed on computer connecting to console Any "uncommon" setup you can think of This issue can arise in case _some_ https requests on same site (in this case as Pavel said seems like js script) is blocked from download. Which in case of TLS (to my knowledge) requires MITM interception (product/WAF/RP/actual attack) or extremely restrictive browser rules.
    Thanks,
    M.
  12. Upvote
    Mirek S. received kudos from Peter Randziak in ERROR WHILE INITIALIZING CONFIGURATION EDITOR.: (TYPEERROR) : ((INTERMEDIATE VALUE)(INTERMEDIATE VALUE) , K).INITCONFIGEDITOR IS NOT A FUNCTION   
    Hello,
    It's possible CloudFlare incorrectly caches some parts of configuration editor and returns out-of-date data causing this. Please create HAR log @PavelP mentioned it might help us determine whether issue is with CloudFlare or webconsole itself.
    Ideal would be to have tomcat access log paired with this log to determine which requests made it to server and which did not.
    Thanks.
  13. Upvote
    Mirek S. gave kudos to MichalJ in Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)   
    @andy_s We will track this as an improvement request, towards the future versions. Issue is, that the "upgrade" itself is handled by Endpoint (in case you execute scan and select option "shutdown after scan"), and Endpoint does not initiate agent wakeup to report scan completion. It simply triggers shutdown, before the result is replicated.
    Maybe, if you are willing to, can you explain why are you shutting down the machines? Is it to save power over weekends, or? As there might be different way how to achieve that. One that will report "success" would be a run command, with a respective windows shutdown / with delay, as task would report "Success" not in the moment of task execution, but on the moment when it contacted WMI provider with the command the reboot. If system acknowledged, it will report success.  Also, out of curiosity, what is your replication interval?
  14. Upvote
    Mirek S. gave kudos to Kieran Barry in Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)   
    Description: Enable right-click and double-click in ERA
    Detail: ERA is one of the most easy-to-use management services I have used. However i believe that to make it more ergonomical there should be a functionality that lets users double-click on something. For example, when wanting to generate a report you first have to click on the report, then go down to the "GENERATE NOW" button and click that. I feel like adding the ability to open reports and other things with a simple double-click action would improve accessibility.
    The right-click I admit is quite an odd suggestion seeing as if you click on a field once it brings up a menu etc, however, again for things like editing reports, you first have to click the report, then click on the little cog icon over to the far right, and then click on edit. Would it not be easier just to be able to right click the report and choose edit?
     
    A very pedantic suggestion I know...
  15. Upvote
    Mirek S. gave kudos to Marcos in EFS 7.0.12014.0 - MSSQL ERROR   
    It's not a problem. The only reason why it occurs with v7 is that older version didn't support protected service, a security feature of Windows. In v7 it's possible to disable protected service at the cost of worsening protection, however, it wouldn't be worse than with v6.5 which didn't support it yet. With v7 you get also ransomware shield which can proactively protect the server from encryption by ransomware.
  16. Upvote
    Mirek S. gave kudos to Beech Horn in EFS 7.0.12014.0 - MSSQL ERROR   
    That line looks like the example from:
    https://docs.microsoft.com/en-us/previous-versions/windows/hardware/code-signing/dn756632(v=vs.85)#user-mode-and-kernel-mode-code-troubleshooting
    With the signing levels being:
    0x0: Unchecked 0x1: Unsigned 0x2: Enterprise 0x3: Custom 1 0x4: Authenticode 0x5: Custom 2 0x6: Store 0x7: Custom 3 / Antimalware 0x8: Microsoft 0x9: Custom 4 0xa: Custom 5 0xb: Dynamic Code Generation 0xc: Windows 0xd: Windows Protected Process Light 0xe: Windows TCB 0xf: Custom 6 It looks like you are requesting all DLLs to be higher than (or more likely equal to) 0x7 (Antimalware) and this DLL is actually 0x1 (Unsigned).
    THE FOLLOWING IS THEORY AND SHOULD NOT BE CONSIDERED ACCURATE
    To me, it looks like NOD32 is loading the DLLs into its own service when running as a Protected Service rather than scanning them without loading it into memory in a manner unlike a library (e.g. without running the code or injecting the DLL into the service).
    On top of this sqlnclir11.rll should be reported as 0x8 instead of 0x1 by Microsoft, which is in itself a problem.
    If we look at 0x4 (Authenticode) this would also trigger that error but could be legitimate signed code which gets blocked due to the way NOD32 is scanning when running as a Protected Service.
  17. Upvote
    Mirek S. gave kudos to Marcos in EFS 7.0.12014.0 - MSSQL ERROR   
    There is no way to solve it if Microsoft doesn't update the rll file with one with a valid signature except disabling Protected service in the HIPS setup which would enable unsigned dll files to be loaded in ekrn.exe. Of course, that would be a security hole and unnecessary risk so we don't recommend disabling protected service.
  18. Upvote
    Mirek S. gave kudos to Marcos in <resource-not-found-0x120000ef> alerts after ERA RA to ESMC 7 migration   
    You must have an older v6.6 installed (6.6.0.0 – 6.6.2063 are affected) so upgrade to v7 will surely fix it and the notice will go away then.
  19. Upvote
    Mirek S. gave kudos to AGH1965 in As soon as possible option of Scheduler   
    Here some more results:
    If consecutive scheduled daily scans can't run at the scheduled time, then the scan will only be done as soon as possible if the previous scan was at least 23 hours ago. If that is not the case yet, then EIS will wait until it is.
    If consecutive scheduled weekly scans can't run at the scheduled time, then the scan will only be done as soon as possible if the previous scan was at least 6 days and 23 hours ago. If that is not the case yet, then EIS will wait until it is.
    In my opinion this is not how it should be! 
    For example: A scan is scheduled to run every Monday at 00:00:00, but it doesn't get the chance to run at that time. The computer isn't booted any earlier than Wednesday 20:00:00, but almost directly after booting the missed scan is executed. The next week again there is no chance to run the scan at the scheduled time, but now the computer is booted on Monday at 08:00:00. I would expect the scan to run then almost directly after booting, because it is scheduled to run every Monday at 00:00:00 and in this case 08:00:00 is as soon as possible, but instead EIS decides to wait until Wednesday 19:00:00, which is 6 days and 23 hours after the previous scan. In other words, if there is never a chance to run the scan at the scheduled time, then it will take many weeks to get the scan running on Monday again, because the time will only be advanced 1 hour a week.
  20. Upvote
    Mirek S. gave kudos to LCS in Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)   
    Agreed. I even thought about the programming logistics of that when I posted it, but as the forum is about suggestions, I thought what the heck, let's put it in, as it is a nice idea (IMO) 
    Andy
  21. Upvote
    Mirek S. gave kudos to itman in Migration from ESET to another antivirus   
    You might want to refer to this latest A-V Comparatives Endpoint test and resign yourself to living with the issue of high false positives as far as TrendMicro is concerned: https://www.av-comparatives.org/tests/business-security-test-march-april-2019-factsheet/
  22. Upvote
    Mirek S. received kudos from Peter Randziak in Mobile Device Connector install in Linux   
    Hello
    --https-cert-path is not Agent certificate but certificate used to communicate with devices.
    Agent certificate does not have valid properties for this interface.
    You can create valid https interface certificate in ESMC certificates when You select MDM product.
    HTH
×
×
  • Create New...