Trooper

I did not see it in the path. For now we are ok, but thought it strange. I was able to however restore the file on the Exchange server directly from within the GUI of ESS.

So is LiveGuard the same as EDTD for business users? I have seen some files missed in EDTD as well. I am also curious what notifications you need to have enabled to see the alerts on this page you linked. They have been hit and miss for me. I am also using LiveGuard on my home PC as I have ESSP.

Hi, Can ESET SERVER SECURITY be installed on Microsoft Windows Server 2019 Standard (Core)? Last info I read was for Microsoft Windows Server 2016 Standard (Core). Also since this is all command line, how does one install it? I am using ESET PROTECT Cloud. Thanks!

The restore task failed. Any reason why it would?

Thank you sir.

Thanks Marcos. I assume I should restore the file then?

In addition, now can I download the file to send for analysis from ESET CLOUD Protect? The only options I have are to Restore and Delete. Thanks!

This was picked up on my Exchange server by real time file system protection. Server seems to be ok. Any way to find out if this is a false positive? Thanks in advance.

Hi @IggyPop Did that. Seems as if it has been delegated to the back-end team per the engineer I was working with. Thanks!

I certainly can. This will be my first time running EDR. When we upgraded from on Prem to the Cloud late last year, we were told that the Cloud version of EDR was going to be out Q4 2021. So we moved to the cloud knowing we would be able get the cloud version of EDR. It is an issue now at my company since our new insurance provider for our premises includes protections (or proof thereof) for ransomware, 2FA, and now Log4j2. This part of our IT environment is new (having to answer for, show proof of, protection, etc to a third party company). So having to wait until end of Q1 won't be good. If we can at least gain access to test for a bit to show them what we are doing and what we will be implementing, should suffice. I will send you a PM now so we can discuss further. Thanks!

Hello @MichalJ I am running into the same dilemma. We just moved from OnPrem to the cloud, but we also upgraded our license for the ESET ENTERPRISE INSPECTOR. Is there any way I could get in on the early access program to at least get a feel for this prior to full public release? Please let me know. Hoping @Marcoscan vouch for me. Cheers!

Thanks a lot for this link!

Got you. Do you know what specific notification would need to be enabled on the endpoint?

Should I open up a ticket for these questions?

In addition, would there be a way to test the notification? Thanks.

Thanks to you both. Now how can I setup notifications to be notified of this on an endpoint and/or server?

Hi everyone, As per this article, https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability it states that if we have Network Attack Protection enabled we are protected. I have that enabled but I do not use the ESET firewall. See picture here. I need to know if we are still protected, or do we need to use the ESET firewall in conjunction with Network Attack Protection to be secure for the Log4J2 exploit? Thanks!

Thank you @IggyPop much appreciated. Another issue we have been having is when we log out of the ESA console we receive 5 email notifications stating this. 12/23/2021 10:58:03 AM Access denied (missing role): MANAGEMENT Server: SERVERNAMEHERE The only thing that I noticed is that this only seems to happen when logging in with domain authentication. Any ideas on this perhaps? Thanks!

Hi everyone, I am in the process of rolling out ESA at my company. We have been having a few snags throughout the way, but I am looking for some advice on this one first. When a user takes their laptop home, they have been unable to login. It states that the credentials failed, and that you need to login while in "Online" mode. Does this mean that all accounts that would need access remotely (like my admin account) needs to have logged in at least once while the laptop is on site so that I can login when a user is remote? Or does a hole need to be punched into the firewall in order for the laptop to communicate to the ESA server remotely? Another user was repeatedly being prompted for an OTP while offsite. Is this normal behavior?

Thanks to all for your replies. I did end up removing some polices however @MartinKsimply to consolidate the amount of polices issued to endpoints, and there was overlap. Cheers!

I saw that, but was looking for more specifics. Anything to do with the log4j2 issue?

Thanks Marcos this is good info to be aware of. I am upgrading all endpoints as I type this. Is there a changelog for this? I only noticed a hotfix mentioned earlier. Thanks!

But if a user is logged an, and receives the upgrade while logged in, a reboot is required correct? At least that is what I am seeing at my company. All computers have been required to have a reboot.

I have a few questions based upon the subject line. I am in the process of migrating our on prem endpoints to the cloud. I was following this guide. https://help.eset.com/protect_cloud/en-US/cloud_migration.html however, I have a few questions. It states here that you need to reactivate endpoints once they have been moved over to the cloud. I have not seen any of the endpoints showing up in red asking to be activated. Is this still relevant, or do I not need to do this? What I have noticed, and not on each endpoint, is that a handful of endpoints on my on prem server, showing up in red stating that the peer cert is invalid. Is there a correlation between the two? I also moved over my policies and had them running lean and mean. Now that things are being moved over, I had to add them back to my groups which I have synced from our AD using the ActiveDirectoryScanner tool. The problem is now, there are newly added policies which looks like they are being applied to the Windows (desktops) and Windows (servers) groups. and therefore now being applied to my synced AD OU's. Do I need to keep these polices as they are something additional for the CLOUD instance, or do you think it is safe to remove and/or combine them into my existing polices and remove the other ones? Trying to do the right thing here as the CLOUD for ESET is brand new to me. If additional information is required, please let me know. Thanks!

That did the trick. Thanks Marcos!