Jump to content

kapela86

Members
  • Posts

    95
  • Joined

  • Last visited

Everything posted by kapela86

  1. Few days ago one user was infected with some unknown virus (probably from e-mail attachment), I noticed it because ERA reported everyday at morning that it detected PowerShell/TrojanDownloader.Agent.AZG and I went there to investigate. What surprised me was that there was iexplorer.lnk file in user's startup folder and it pointed to I checked that reg path, it contains this: I decoded it to this: I'm glad that ESET detected download attempt everytime it started, but it probably could detect that lnk file. virus.zip code.rar
  2. Remote IP is useless information if I don't know what domain uses it. And eset SHOULD notify user via notification. As it is right now, user doesn't know that something is blocked! Eset should show a notification, preferably something like: "firefox.exe tried to access www.somemalitiouswebpage.com but eset stoped it because it detected AdRedirector"
  3. So why there is no information about what domain was accessed and why Eset didn't show any notification to user.
  4. I noticed in ERA that one computer has quite a few alerts about "Web threat detected", but when I asked about it coworker that uses this computer, he said that he didn't see any notifications. I did a small test and downloaded eicar test virus and EES displayed notification as it should. I couldn't find out from browser history what webpage was generating that alert. And I couldn't find anything in Configuration to turn on those notifications. Any help will be greatly appreciated.
  5. I would love to see new triggers such as: "when computer is idle", "on computer startup", "on computer lock", "on user login".
  6. I used steps in this article https://support.eset.com.tr/kb3605/ to test upgrading one computer from 6.5 to latest 6.6 (without steps 13 & 14 as this is an existing install). I looked at that computer as it were performing an upgrade. First thing I noticed is that it reset all/some settings that were deployed to it using policies. For example I disabled "Show splash-screen at startup" but after upgrade it was re-enabled. Another thing was that ESET showed that it was not activated and I needed to provide our key to activate it.
  7. Yes we use default "Automatic" firewall setting. If you are worried about constant flood of notifications, then add an user configurable option to show notifications for IDS and set it to off by default. And in this notification there could be some checkbox like "don't notify for this IP address" or something. This way everyone will be happy.
  8. You can translate it to "Packet blocked by active defensive system (IDS)"
  9. I doesn't matter if I want to block it or not, what matters is that Eset doesn't notify users that IDS blocked something. There should be an option to enable such notifications.
  10. It says "blocked 12x", and I don't want to allow it as it is out DVR and after seeing this I suspect it may be part of botnet.
  11. You didn't follow my steps to reproduce this, you probably selected only some entries, but i specifically wrote " Select them all, either using Ctrl+A or clicking on first and then on last with Shift pressed. "
  12. Steps to reproduce: 1. In Endpoint Security, go to Tools -> Logs (or whatever it is called in english) 2. Go to a section that will have some entries, I open that one where signature updates are logged 3. Open filter and apply some filter to narrow the results, I used "date" 4. Select them all, either using Ctrl+A or clicking on first and then on last with Shift pressed. 5. Press Delete on keyboard or Right click and select Delete. 6. Notice that it says "delete everything", confirm it. 7. Disable filtering, notice that everything is gone!
  13. Hi, I just noticed that IDS component in eset blocked some connections I didn't get any notifications for this, I also looked around settings and couldn't find anything about it. I also looked in Tools -> logs but there is nothing from IDS there. I'm using v6.6.2046.1
  14. Just to add some info, it's called "Fast startup" in WIndows 10 (and in 8/8.1 if I remember correctly). You can disable it using this method: https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html If you are using Group Policy, then unfortunately it isn't available there, but you can add it as Registry Key (look it up from bat file from option 2)
  15. And how would I know that, I'm telling you, " I suspect someone is using our key ".
  16. We have a ESET Endpoint Security + File Security license for 50 computers. I saw two computers that I didn't recognize, I deactivated them, then the next day I checked they were again there and activated. I did this again and later they were there again (with activated date corresponding to deactivation). I suspect someone is using our key, but I can't figure out who. Can I somehow block them permanently from using our key?
  17. Ok I finally figured this out, you need to put this in allowed connections FQDN:*/* where FQDN is fully qualified domain name, IIS runs at port 5985 so I had to use :*/*
  18. It doesn't work even if I use * there. It doesn't even work if I put some other url there and try to enter it in Internet Explorer, Eset still blocks it. I don't know how it is called in english, but this is what I'm talking about. I put * in "Lista zablokowanych adresów" and then in "Lista adresów wyłączonych ze sprawdzania" I put localhost 127.0.01 "local ip address" "local fqdn" I will try to install english version tomorrow, it will be easier to know what we are talking about.
  19. Ok I figured out what settings causes this. Sorry for not describing it better in my first post, I kinda forgot what settings I changed in eset when I installed it (it was 2 weeks ago). What causes this problem is that I setup web page filtering to block "*". I just noticed that Remote Desktop Services in Server Manager uses local IIS installation and that setting was blocking it. But now I have trouble excluding localhost from filtering, even if I enter "*" in list of excluded locations, it still blocks it
  20. I have installed Windows Server 2016 Standard Evaluation machine as a test server for Remote Desktop Services. Everything was ok and after I installed ESET File Server Security trial I can no longer manage Remote Desktop Services, I get "A remote desktop services deployment does not exist in the server pool...". If I uninstall ESET File Server Security I can manage it again. Is this a bug or what?
  21. Regarding "Server Hostname", I use ip address. And I don't know if this matters, but I also added a dns entries for it in our AD DNS server (A & PTR records).
  22. "...within 7 day period." Period from where? From "last connected"? It's stupid, it should calcule that based on virus database date and current real date. If you disagree with it, then add a switch so user can change it, everyone will be happy.
  23. " you can set a maximum age of the VSDB, via policy to 1 day. Standard is 7 days " It doesn't solve anything, even if it's set to standard 7 days, ERA still shows OK state for those 1st 2nd 3rd and 4th PC.
  24. Look at this: Only on 4th computer it shows that virus signature is out of date, 1st, 2nd and 3rd show ok status. When going into details of each computer, 1st has virus database from 20170717, 2nd from 20170719, 3rd from 20170719 and 4th from 20170607. It's like that because those are my test computers back when I was testing ERA and agent deployments. 4th computer didn't update it's virus database because I canceled update just after install. Those were all virtual and spare PCs so no problem with that, I just left them in ERA to see how it would behave. So if there were a column (can be opt-in) with virus database version & date, it would be easier for me to spot those out of date computers. Some time ago one of our computers with EES v5 stopped updating it's virus database, and a virus was received with mail, user run it and it started to encrypt his files. He stored most files on network share which has daily backups so we recovered them. So I see that as a very important feature to see how old is virus database on computers.
×
×
  • Create New...