Jump to content

kapela86

Members
  • Posts

    190
  • Joined

  • Last visited

Everything posted by kapela86

  1. Eset probably just blocks file access but not device access (directly reading/writing to device)
  2. @Cody_Klamann Hi, I just wanted to know if you resolved this? We're going to use device control in the same manner as you to block optical disks, usb disks and phones.
  3. Is it possible to use Let's Encrypt certificates for ESET Protect website? We're using ESET Protect VA if it matters. I just want to use it for website, not for anything else, with autorenewal of course.
  4. It didn't create duplicate entity in "Computers" list. And I found this in audit log. 11:21 is me running reboot from console 12:17 is me accepting that notification about hardware change. And we don't have tasks that are run on new computers automatically. I used Macrium Reflect from pendrive. Cloned SATA SSD to NVMe SSD, turned off pc, disconected SATA SSD and just turned it on.
  5. PC with Win 10 Pro and SATA SSD. I upgraded it to 11 Pro, then used Macrium Reflect to clone it to NVMe SSD. Everything was working fine. After that I noticed in ESET Protect blue notification in "Status Overview -> Questions -> Some decisions cannot be handled automatically...blablabla. -> Computer connection questions: 1". So i clicked it and there was a notification about that PC because of hardware change. So I selected that option that said the hardware was changed and clicked ok. And in a moment a co-worker calls to me and says that it had a notification that ESET will restart a PC in 30 seconds and he couldn't cancel it and his pc restared!! What the f***! How could you program it like this? With no mention in eset protect that it will reboot client PC!
  6. I just found out that on CentOS you have to use this [root@esetprotect ~]# httpd -v Server version: Apache/2.4.6 (CentOS) Server built: May 30 2023 14:01:11
  7. Nothing is returned by running that command. I used yum to check: [root@esetprotect ~]# yum list installed | grep apache apache-commons-collections.noarch 3.2.1-22.el7_2 @updates apache-commons-daemon.x86_64 1.0.13-7.el7 @base apache-commons-dbcp.noarch 1.4-17.el7 @base apache-commons-logging.noarch 1.1.2-7.el7 @base apache-commons-pool.noarch 1.6-9.el7 @base
  8. I'm sorry, nevermind that, I was mistaken. We use proxy in ESET Protect VA. I update that VA about once a month.
  9. No, I wrote "We don't use any proxy etc" If you want to know what that message is in english, then it translates to something like this: "File was not changed in specified time frame/window"
  10. Today I noticed this notification I then went to update, same information was displayed there, below those two standard green "panes" (I didn't screenshot it), I then manually clicked on "check for updates" and it downloaded something, updated and that notification was gone. I then checked eset log and found out that from time to time this happens, but usually when I'm not working (my PC i running 24/7). Other that that, ESET works fine. But it's not just my PC, I checked few PCs in my company and each one had these errors in log. We use Endpoint Security, currently version 10.1.2050.00. This doesn't happen on our two servers with Server Security 10.0.12012.0. We don't use any proxy etc, updates are directly downloaded from Eset servers.
  11. Instead of uploading a file, open it, copy to clipboard and just paste it directly in message panel.
  12. It kinda sux that you can't see what URL user visited that triggered this script. This would be very usefull.
  13. One other thing, today Eset started blocking that script
  14. Looks like it's epainfo.pl there is a <_script src="https://one.dataofpages.com/stats/post.js" id="temp_weather_script"></script> in source, they use Wordpress so it's probably some out of date plugin that got hacked.
  15. I disabled eset, downloaded eicar test file, put it on our internal webserver that doesn't have https, enabled eset and tried downloading it:
  16. If you are talking about stay.decentralappps.com then I can't reproduce it because I don't know what website triggers this, I could check tomorrow on other pc it's web browser history. And regarding SSL/TLS filtering not working, what do you propose to do?
  17. Here's SysInspector log And about eicar, it was detected before browser even downloaded it, but I tested this on my computer, not the one I sent those reports. All computers have same policy, except some computers where I use Web Filtering with "*" Blocked and I allow specific domains. These logs are from that kind of computer. SysInspector log export 2023-09-21 16-30-12.zip
  18. 0c5a17fe-2174-4641-b24d-5ea8fdeb18ad_era-diagnostic-logs_2023-09-21_15-34-14.zip
  19. I'm getting lots of reports in ESET Protect from different computers that this website "stay.decentralappps.com" was "Blocked by internal blacklist". What I don't know is how this is triggered, what website tried to load it, because all reports come from different browsers.
  20. For now I restart our RDP servers every sunday when no one is working. No problems so far.
  21. I've experienced this problem some time ago. Server 2016 with RDS role & Eset 10.0.12010.0. Users suddenly couldn't copy files to/from remote desktop and when they tried logging out it stayed stuck at waiting for System Event Notification Service to shut down. I tried restarting the server and it coudn't shut down so I had to reset it (powercycle), after that it was working ok and I didn't investigate it . And now today it happened again and after reset I did some checking and found out many entries in event viewer that explorer.exe was not responding because of ekrn.exe. After that I looked here and found this topic. I don't have any memory dumps etc (and even If I did, that VM has 90GB of ram). I can only provide you with this. Pakiet błędów 2194417022129290342, typ 5 Nazwa zdarzenia: AppHangXProcB1 Odpowiedź: Niedostępny Identyfikator pliku Cab: 0 Sygnatura problemu: P1: explorer.exe P2: 10.0.14393.5648 P3: 63b792d6 P4: d642 P5: 134217856 P6: ekrn.exe P7: 0.0.0.0 P8: P9: P10: Dołączone pliki: Te pliki mogą być dostępne tutaj: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_explorer.exe_c3235ec849cb1bb83f36349d51f02ab2c0f54ee7_2bda4280_c73c947d Symbol analizy: Ponowne sprawdzanie rozwiązania: 0 Identyfikator raportu: 8749a4a8-effa-11ed-85a1-00155d01dd07 Stan raportu: 0 Skrócony pakiet: f031ea1e2ec292664e7422a7b5163c66
  22. Office 2019, POP3 account, ESET Endpoint Security 10.0.2045.0 I wanted to remove 40000+ e-mail messages from one of our account in Outlook. I selected them, Shift+Del, confirmed, Outlook started to remove them but after a moment it just canceled and ESET displayed that it found a virus (it was probably some old e-mail that was not detected at the time we received it). So I selected those remaining messages, Shift+Del, confirm, Outlook started to remove them, and again after a moment it found another virus and canceled removal. Honestly it's driving me nuts. I'm PERMANENTLY REMOVING these messages, why is ESET even scanning them. Sure, I can just do it again and again and again untill I remove everything, but for me it looks like a bug in ESET.
  23. In ESET Protect, if you edit any policy and go to Assign, then list of already assigned computers is not sorted in any way, and you can't sort it yourself. It has been like that for as long I can remember, can you finally fix it?
×
×
  • Create New...