[Mobile Push doesnt work on android devices (ESET Secure Authentication)]

Push notifications are working.  However I am unable to provision someone with an Android device.  Is this related?

[Mobile Push doesnt work on android devices (ESET Secure Authentication)]

We ran into this yesterday at my work.  I have a ticket open with support.  Any ETA by chance on this issue?

[Creeper.472.B False Positive?]

6 minutes ago, Marcos said:

By the way, a really interesting FP which is triggered only on this very day and would not be triggered after the midnight.

Is it a full moon or something? 

[Creeper.472.B False Positive?]

1 minute ago, Marcos said:

We have already fixed it, it's a detection from 1999. In the mean time, you can create a detection exclusion for the detection name.

Will do.  Thanks. 

[Creeper.472.B False Positive?]

@Marcos Here you go.

 

[Creeper.472.B False Positive?]

Is there any other way to send you this file?  I am unable to email it due to our security policies.

[Creeper.472.B False Positive?]

2 minutes ago, Marcos said:

Sounds like a prehistoric DOS detection from 20-30 years ago. Please submit the file to samples[at]eset.com as a possible false positive.

Will do.  Thank you.

[Creeper.472.B False Positive?]

This popped up on the ESET Protect Cloud console this morning.  Livegrid has never seen it before.  A quick Google search did not provide much information.  Any idea on this one folks?

Thanks.

 

[LiveGuard Question]

5 hours ago, Marcos said:

Sent files are logged in the Sent files log by default, you don't need to enable logging.

To find out if a particular file was actually sent out and analyzed (a verdict could be known without analyzing the file), please provide logs collected with ESET Log Collector as well the name of the file.

That is what I thought.  When I checked this morning, nothing appeared in sent files.  I will run the Log Collector to see.

EDIT:  Sent you a PM with the logs @Marcos

[LiveGuard Question]

3 hours ago, itman said:

Verify the following highlighted setting is enabled in Eset GUI:

Also verify that Eset logging verbosity level is set to Informative:

Will need to double check when I get home.  Thank you!

[LiveGuard Question]

This morning I received a popup saying that a file was being analyzed and was blocked until it was checked by LiveGuard.  A short while later I received another pop-up that the file was safe.

My question is, how do I see what file was analyzed and was blocked?  If I go to "Sent Files" logs nothing appears.

Time;Component;Event;User
8/17/2022 8:59:27 AM;ESET Kernel;ESET LiveGuard is analyzing the file to ensure it's safe to use. We will notify you in a few minutes.Unblock the file (not recommended)Change setup;DESKTOP-CR8F50R\User
8/17/2022 8:59:27 AM;ESET Kernel;ESET LiveGuard has analyzed a file. It is safe to use.;DESKTOP-CR8F50R\User

I am running the latest ESSP and Windows 11 21H2 and is fully patched.

Thanks.

[ESET Secure Authentication App (Android) Reset / Remove PIN Lock]

Can't you just deprovision him and reprovision him?

[Question about updates when computer is locked]

Same with me.  I do not use screensavers but rather just lock my workstation.

[Question about updates when computer is locked]

Thank you @Minimalistand @Marcos for this quesion and answer session.  I posted about this on the forums here a few years ago but did not find a resolution.  Happy to see it is an easy fix.

Cheers.

[Error Installing FDE]

On 8/3/2022 at 2:47 AM, AAndrejko said:

Hello all,

This issue was caused by the ESET Package Installer, a new installer has since been pushed to the Protect repository so if you do have an installer producing this error code, please re-download the installer from your console. It should pick up the new version.

This was the fix.  I re-downloaded a new installer from ESET Protect Cloud and all was ok after that.  Sorry for my late reply, been rather busy of late.

Cheers.

[Error Installing FDE]

Mods please delete.  Figured out the issue. 

Thanks.

[Error Installing FDE]

Any thoughts on this please?

 

[latest endpoint security reboots itself after update...again!!]

On 7/4/2022 at 2:40 AM, Peter Randziak said:

Hello @Trooper

ESET PROTECT Cloud hasn't used the affected Configuration module, so #1 from the list is not applicable 

https://forum.eset.com/topic/32875-eset-endpoint-shutting-down-after-scheduled-scan-with-9120510/?do=findComment&comment=153054

#2 and #3 from the list should be resolved automatically with the fixed Configuration module so based on my current knowledge of the issue, you do not need to take any action.

 

Peter 

 

Thanks Peter I appreciate it. 

[latest endpoint security reboots itself after update...again!!]

8 hours ago, Peter Randziak said:

Hello guys,

Fixed configuration module 2011.5 is now available on pre-release update stream for EP/ESMC/ERA management agents and Endpoints

Reverting update to Configuration module 1998.2 has been released for EP/ESMC/ERA servers (on release update stream, since ~ 11:25 CEST) in order to prevent further policies corruption.

 

Peter

I am on ESET PROTECT Cloud.  Do I need to take any action on this @Peter Randziak?

[ESET Endpoint Security Version 9.1.2051]

12 hours ago, Peter Randziak said:

Hello @Trooper,

it has been reported at 

https://forum.eset.com/topic/32875-eset-endpoint-shutting-down-after-scheduled-scan-with-9120510

https://forum.eset.com/topic/32896-latest-endpoint-security-reboots-itself-after-updateagain/

I would recommend to check those for further updates.

 

We apologize for the inconvenience caused by it.

Peter

Thank you @Peter Randziak

[ESET Endpoint Shutting Down After Scheduled Scan with 9.1.2051.0]

Having the same issue with shutdown after scheduled scan.  Holding off on rolling this out until it is fixed.

[ESET Endpoint Security Version 9.1.2051]

Question.  Can you shed some light on this please from the changelog?

NEW: Endpoint restart/reboot improvements for managed networks

Also, will it still be the same thing as the last time where it will take up to 30 days for auto upgrades to take place?

Just today, after a weekly scheduled can, ESET prompted me that it was going to shut down my computer.  This has never happened before.  Do I need to log a ticket for this?  I was able to cancel the shutdown thankfully.  I am the only one using at the moment thankfully so no harm done to my end users.

Thanks in advance.

 

[ESET Server Security Version 9.0.12013.0?]

Thanks very much.  Cheers!

[ESET Server Security Version 9.0.12013.0?]

Just recently finished updating my servers, now I see this version is available.  No change log has been posted yet from what I can see.

Can someone from ESET chime in on this please?

[CVE-2022-30190]

6 hours ago, itman said:

Based on my testing of recent Follina malware samples, Eset has you covered in regards to this specific msdt.exe exploit. All samples were detected upon download; either by signature detection of payload or via Eset exploit protection by CVE.

However, there's another exploit technique that has been discovered that I posted about over at wilderssecurity.com and described here: https://www.bleepingcomputer.com/news/security/new-dogwalk-windows-zero-day-bug-gets-free-unofficial-patches/ . This one appears to be a Microsoft Defender bypass since opening of the malware dropper, a .cab file, bypassed Mark-of-the-Web checking. Until shown otherwise, I would say Eset should cover this one also.

-EDIT- Looks like Eset has issues with Qbot malware deployment of Follina exploit: https://forum.eset.com/topic/32642-eset-not-detecting-qbot-deploying-follina-exploit/

Thank you for your reply.  Looks like ESET has now addressed the Qbot malware deployment as well.  Cheers.