Trooper
-
Posts
184 -
Joined
-
Last visited
Posts posted by Trooper
-
-
We ran into this yesterday at my work. I have a ticket open with support. Any ETA by chance on this issue?
-
6 minutes ago, Marcos said:
By the way, a really interesting FP which is triggered only on this very day and would not be triggered after the midnight.
Is it a full moon or something?
-
1 minute ago, Marcos said:
We have already fixed it, it's a detection from 1999. In the mean time, you can create a detection exclusion for the detection name.
Will do. Thanks.
-
@Marcos Here you go.
-
Is there any other way to send you this file? I am unable to email it due to our security policies.
-
2 minutes ago, Marcos said:
Sounds like a prehistoric DOS detection from 20-30 years ago. Please submit the file to samples[at]eset.com as a possible false positive.
Will do. Thank you.
-
-
5 hours ago, Marcos said:
Sent files are logged in the Sent files log by default, you don't need to enable logging.
To find out if a particular file was actually sent out and analyzed (a verdict could be known without analyzing the file), please provide logs collected with ESET Log Collector as well the name of the file.
That is what I thought. When I checked this morning, nothing appeared in sent files. I will run the Log Collector to see.
EDIT: Sent you a PM with the logs @Marcos
-
-
This morning I received a popup saying that a file was being analyzed and was blocked until it was checked by LiveGuard. A short while later I received another pop-up that the file was safe.
My question is, how do I see what file was analyzed and was blocked? If I go to "Sent Files" logs nothing appears.
Time;Component;Event;User
8/17/2022 8:59:27 AM;ESET Kernel;ESET LiveGuard is analyzing the file to ensure it's safe to use. We will notify you in a few minutes.Unblock the file (not recommended)Change setup;DESKTOP-CR8F50R\User
8/17/2022 8:59:27 AM;ESET Kernel;ESET LiveGuard has analyzed a file. It is safe to use.;DESKTOP-CR8F50R\UserI am running the latest ESSP and Windows 11 21H2 and is fully patched.
Thanks.
-
Can't you just deprovision him and reprovision him?
-
Same with me. I do not use screensavers but rather just lock my workstation.
-
Thank you @Minimalistand @Marcos for this quesion and answer session. I posted about this on the forums here a few years ago but did not find a resolution. Happy to see it is an easy fix.
Cheers.
-
On 8/3/2022 at 2:47 AM, AAndrejko said:
Hello all,
This issue was caused by the ESET Package Installer, a new installer has since been pushed to the Protect repository so if you do have an installer producing this error code, please re-download the installer from your console. It should pick up the new version.
This was the fix. I re-downloaded a new installer from ESET Protect Cloud and all was ok after that. Sorry for my late reply, been rather busy of late.
Cheers.
-
Mods please delete. Figured out the issue.
Thanks.
-
-
On 7/4/2022 at 2:40 AM, Peter Randziak said:
Hello @Trooper
ESET PROTECT Cloud hasn't used the affected Configuration module, so #1 from the list is not applicable
#2 and #3 from the list should be resolved automatically with the fixed Configuration module so based on my current knowledge of the issue, you do not need to take any action.
Peter
Thanks Peter I appreciate it.
-
8 hours ago, Peter Randziak said:
Hello guys,
Fixed configuration module 2011.5 is now available on pre-release update stream for EP/ESMC/ERA management agents and Endpoints
Reverting update to Configuration module 1998.2 has been released for EP/ESMC/ERA servers (on release update stream, since ~ 11:25 CEST) in order to prevent further policies corruption.Peter
I am on ESET PROTECT Cloud. Do I need to take any action on this @Peter Randziak?
-
12 hours ago, Peter Randziak said:
Hello @Trooper,
it has been reported at
https://forum.eset.com/topic/32875-eset-endpoint-shutting-down-after-scheduled-scan-with-9120510
https://forum.eset.com/topic/32896-latest-endpoint-security-reboots-itself-after-updateagain/
I would recommend to check those for further updates.
We apologize for the inconvenience caused by it.
Peter
Thank you @Peter Randziak
-
Having the same issue with shutdown after scheduled scan. Holding off on rolling this out until it is fixed.
-
Question. Can you shed some light on this please from the changelog?
NEW: Endpoint restart/reboot improvements for managed networks
Also, will it still be the same thing as the last time where it will take up to 30 days for auto upgrades to take place?
Just today, after a weekly scheduled can, ESET prompted me that it was going to shut down my computer. This has never happened before. Do I need to log a ticket for this? I was able to cancel the shutdown thankfully. I am the only one using at the moment thankfully so no harm done to my end users.
Thanks in advance.
-
Thanks very much. Cheers!
-
Just recently finished updating my servers, now I see this version is available. No change log has been posted yet from what I can see.
Can someone from ESET chime in on this please?
-
6 hours ago, itman said:
Based on my testing of recent Follina malware samples, Eset has you covered in regards to this specific msdt.exe exploit. All samples were detected upon download; either by signature detection of payload or via Eset exploit protection by CVE.
However, there's another exploit technique that has been discovered that I posted about over at wilderssecurity.com and described here: https://www.bleepingcomputer.com/news/security/new-dogwalk-windows-zero-day-bug-gets-free-unofficial-patches/ . This one appears to be a Microsoft Defender bypass since opening of the malware dropper, a .cab file, bypassed Mark-of-the-Web checking. Until shown otherwise, I would say Eset should cover this one also.
-EDIT- Looks like Eset has issues with Qbot malware deployment of Follina exploit: https://forum.eset.com/topic/32642-eset-not-detecting-qbot-deploying-follina-exploit/
Thank you for your reply. Looks like ESET has now addressed the Qbot malware deployment as well. Cheers.
Mobile Push doesnt work on android devices (ESET Secure Authentication)
in ESET Products for Mobile Devices
Posted
Push notifications are working. However I am unable to provision someone with an Android device. Is this related?