Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by kapela86

  1. You can click on a client in Computers list, then go to Details -> Hardware to see it's hardware specification. I would like you to change two things in Network Pane: 1. Add information about every network interface, not just an active one (for example, laptops usually have LAN and WIFi and it only shows information about one.) 2. Concatenate IPv4 and IPv6 information in one entry, see image for example.
  2. In custom installer, after you run it, right at the welcome screen, if you press Enter on keyboard it minimizes that window. You can use Tab a few times to change active button to "Next". Can you change default buttons on every page of the installer so you can quickly install it by pressing Enter on every page?
  3. Thanks, I forgot that it's different from Endpoint Security update. On a related note, can you FINALLY change update process of Management Agent so it can be run directly from Dashboard just like Endpoint Security update?
  4. I recently updated ESMC VA to 7.2.2233.0. Now I want to update Management Agents on Windows clients to newest version. When I create "Security Management Center components upgrade" task, in Settings there is "Reference Security Management Center Server" and in there is only a Linux version. Is this how it's supposed to be, can I safely select it and then it will update Windows clients?
  5. in Endpoint Security I clicked on Help -> ESET Log Collector, it opened https://support.eset.com/pl/kb3466-jak-uzyc-narzedzia-eset-log-collector and there i clicked on Pobierz ESET Log Collector EDIT: I switched to english version of that website and from there downloaded I attached logs from this version EDIT2: Forgot to say that I found task that is responsible for this scan after definition update and changed it to run only once in 12 hours. Also I noticed that it says to scan "Commonly (or Frequently) used files". But I saw that it goes through Program Data, Users, both Program Files and Wwindows folders. And I don't think it's applied from policy, I think it's built in. ees_logs.zip
  6. Since when did Endpoint Security run a full C scan after every virus database update? I updates recently to 7.2.2055.0 and I'm pretty sure that previous versions did some sort of quick scan (probably only running processes, etc). I noticed some time ago that ekrn.exe was using cpu for a long time, I just confirmed with Process Monitor that after every virus database update it does a FULL 😄 scan, going through every folder. What is really anoying is that it takes about 50 minutes at my PC to finish (Visual Studio, SQL Management Studio, lots of iso/zip files in subfolders on desktop, Thunderbird with many GB of mail messages), so lots of unpacking and creating temp files in C:\Windows\Temp\NODxxxx.tmp. I have SSD drive so it's a LOT of write cycles to it (SSD have limited write cycles).
  7. Thanks, it worked. @MartinK It's really counterintuitive to put it there. But, whatever, you can leave it as is, but when someone tries to update Management Agent from "Dashboard -> ESET applications -> Outdated applications" (or from any other location applicable) then ESMC should create task "Upgrade Security Management Server Components" instead of saying "No ESET products, which can be updated automatically, have been found".
  8. Some time ago I deployed ESMC VA 7.x (can't remember exact version) in my organization, created All-in-one Installer (at that time Management Agent was 7.0.577.0 and Endpoint Security was 7.1.2053.0). I manually installed this to about 40 computers and everything is working fine. Recently I updated ESMC VA (it showed notification in Help menu) to 7.1.503.0, now I wanted to update eset software on client machines. I noticed that I can create update task but only for Endpoint Security. I tested it on my machine to see how this is done and it worked and now I have 7.2.2055.0. But I can't update Management Agent (to version 7.1.717.0), it shows "No ESET products, which can be updated automatically, have been found". How can I do this without manually installing it on every computer?
  9. I saw this page and I have already allowed *.e5.sk/* *.eset.com/* *.eset.eu/* What is weird is that ERAAgent connects using IP address instead of DNS name. That's why I'm asking, is this the desired behavior? To me it looks like a "bug", because everywhere ESET uses DNS names to connect and only this one thing in ERAAgent uses IP address.
  10. I have a question about http(s) filtering. I have ESET File Security 7.1.12006.0 installed on RDS server. I set it up so it blocks all http(s) connections "List of blocked addresses: *" and only allow specific hosts, for example "*.eset.com/*", "*.microsoft.com/*" etc. I Noticed that ERAAgent.exe makes requests to different addresses in these ranges: 91.228.166.* and 91.228.167.* Is this the desired behavior? If yes, can I somehow allow them safely? What I mean by that is, if I allow "91.228.166.*/*" then one could open "hxxp://91.228.166.somedomain.com" which is not good.
  11. A little while ago I installed ESMC virtual machine (version 7.0.471.0) and I noticed it scans our network once or twice a day for open ports 139 and 22 (and maybe more but I noticed only those). Why does it do it and can it be disabled if not needed?
  12. Ok so it's an Invision forum "thing". I searched around the web and found this: https://invisioncommunity.com/forums/topic/424381-search-tool-doesnt-search-archived-posts-ridiculous/ Please read it, especially posts from IPS staff/management and tell me what you think about this.
  13. I'm thinking about changing Endpoint Security firewall profile on every client PC in our network to Public. This way we could avoid any viruses that spread to other computers like WannaCry. We use Win 7, 8.1 & 10 Pro and they are connected to Active Directory and ERA Server. Does anyone use similar setup in their environment? Will there be any issues with this setup regarding Active Directory or ERA? I know that Samba/RDS/ICMP will be blocked by default on public network but I can make exceptions for them if needed.
  14. Is there any forum admin I can contact about this issue?
  15. Nope https://forum.eset.com/search/?&q=wmi&search_and_or=or&start_after=946684800&start_before=1542672000 EDIT: And here's a topic from this year, you can't find it using search because it's archived https://forum.eset.com/topic/14821-malicious-powershell-script-wmi-for-persistance/
  16. Try searching for wmi, notice that you only get few results. Then try searching in google for wmi site:forum.eset.com, notice that you get much more results, for example https://forum.eset.com/topic/3410-help-with-policy-to-allow-wmi/
  17. And it doesn't on mine, also Win 10 x64 1803 Pro connected to Active Directory, tested with an account that is only standard user. I will test this later at home on Win 7 x64 Home Premium and 10 x64 1803 Home
  18. No it doesn't. Yes we have Endpoint Security, I will try to experiment with HIPS. I meant to do it anyway to block running vbs files.
  19. Sure they can, it's standard Windows design dating back Windows 98 if not older. If you put lnk files in C:\Users\you\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ they will launch at user login
  20. Yeah I removed it, but there would be no harm leaving it as it is harmless on its own, it was obvious it's not a standard system key, I even gogled mssccfile, only 1 result was found
  21. Well it's in HKEY_CURRENT_USER so current user has rights to edit it and any malware run from that account can also do it. And thanks for pointing out about "Constrained Language " mode, I will look into it.
  • Create New...