-
Posts
9 -
Joined
Posts posted by Tim Jones
-
-
16 hours ago, MichalJ said:
Hi Tim,
can you confirm that the following works?
Network attack protection -> IDS exceptions -> Add -> “Alert: any alert; Remote IP address: 1.2.3.4”
That is what i have set but it still alerts in the client and back to ERA, The settings are showing in the clients
-
Hey Guys
I have updated to Version 7 great stuff it so much better than 6, I have also started updating my clients to V7 as well but have noticed the V7 File Server clients now reporting in
Detected attack against security hole, Obviously awesome and IPS protection is much appreciated, However it seems to alert from my scans with NessusIs there any way to exclude the IP's of our Nessus Scanners from triggering these and swamping the reports and dashboards with these alerts, I have excluded the ip's in the policy for all alerts and logs but im not sure its working any one else having a similar issue? ( it could be but maybe ive missed something)Tim -
Hi I am interested in this GA release, How GA is it? will it be updated to production supported, Could i build a new server import my RA certs and move a few clients across and see how they go?
-
One more thing if you could locally run a command against ERAAgent to regen guid would be nice
eg
eraagent --regenguid
and that just does an UPDATE key_value_table SET value = '%randomguid%' WHERE key = 'local_peer_uuid'
in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db
and updates the reg keys as well
REG delete HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /f
REG add HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /t REG_SZ /d %randomguid% /fotherwise you end up having to do it with sqlite3 with a bunch of scripts and hacks to crash the service modify it then start it again it works but would be nice if i didn't have to and it could just do it out of the box,
PS I know its wrong, and I only do this when the guys forget to tell me when they deployed an image without telling me first and somehow included it in the image, would be even better if this was supported so i could just tell the guys to do what they like as long as they run the command at the end of an imaging task
Tim
-
Hi Team,
Description: Example REST API usage with Perl / Python
Detail: An example document on how to use the API with Perl would be helpful you have one using C however I would just like to create a few script based calls to it using Perl for use with Nagios and other systems I have to integrate further with our other tools.
Description: Failure Details inside Web Interface,
Detail: Most of the time when a task fails it provides hardly any details why I need to follow the rabbit hole to the trace log,
Description: Slackware Linux Support /+ Native x64 support without 32 bit libs
Detail: I run 100s of Slackware Servers and have gone away from multilib etc, Also activate product from Remote Administrator rather than having to download an offline license for them
Description: Use Latest option for software install
Detail: Software install of ESET use latest option would be helpful eg tick a box and policy would always use the latest version available of eg Endpoint Antivirus when running the task
Description: From Dashboard take filters and generate a Dynamic Group / Action
Detail: I forever have out of date machine on the dashboard and have to copy the filters down and go an create a dynamic group from them to trigger an upgrade can a button be incorporated ( where you have generate CSV /PDF etc ) to say generate dynamic group please
Thanks
Tim -
also seems that when using the downloaded (all in one Agent+Installer) package from the RA server one of the guys has reported
--silent
the same switch I use for Eset old versions
does not work and exit code is 5024....
-
yea definitely splash screen at startup is turned off in policy and can see setting on local machine is off in the GUI ( and locked due to my policy), but still get the splash screen at startup
-
Has anyone got issues with this i rolled it out to a few test machines and the EAF protection in EMET alerts on all browsers blocking their use,
Also noticed splash screen has come back
Thanks
Tim
Version 7 File Server Reporting to ESET SMC7 Detected attack against security hole ( How do I exclude Nessus)
in ESET PROTECT On-prem (Remote Management)
Posted
Is anyone else having this issue? Im thinking about logging a call with our vendor as no matter what I do Eset File Security 7 allways logs reports ( and blocks) ips if policy is pushed from SMC7