[Version 7 File Server Reporting to ESET SMC7 Detected attack against security hole ( How do I exclude Nessus)]

Is anyone else having this issue? Im thinking about logging a call with our vendor as no matter what I do Eset File Security 7 allways logs reports ( and blocks) ips if policy is pushed from SMC7

[Version 7 File Server Reporting to ESET SMC7 Detected attack against security hole ( How do I exclude Nessus)]

16 hours ago, MichalJ said:

Hi Tim,

can you confirm that the following works? 

Network attack protection -> IDS exceptions -> Add -> “Alert: any alert; Remote IP address: 1.2.3.4”

That is what i have set but it still alerts in the client and back to ERA, The settings are showing in the clients

[Version 7 File Server Reporting to ESET SMC7 Detected attack against security hole ( How do I exclude Nessus)]

Hey Guys

I have updated to Version 7 great stuff it so much better than 6, I have also started updating my clients to V7 as well but have noticed the V7 File Server clients now reporting in

Detected attack against security hole, Obviously awesome and IPS protection is much appreciated, However it seems to alert from my scans with Nessus

 

Is there any way to exclude the IP's of our Nessus Scanners from triggering these and swamping the reports and dashboards with these alerts, I have excluded the ip's in the policy for all alerts and logs but im not sure its working any one else having a similar issue? ( it could be but maybe ive missed something)

 

Tim

[ESMC (ERA7), EDTD, EEI, Endpoint v.7 Early access signup]

Hi I am interested in this GA release, How GA is it? will it be updated to production supported, Could i build a new server import my RA certs and move a few clients across and see how they go?

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

One more thing if you could locally run a command against ERAAgent to regen guid would be nice

eg

eraagent --regenguid

and that just does an UPDATE key_value_table SET value = '%randomguid%' WHERE key = 'local_peer_uuid'

in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db

and updates the reg keys as well

REG delete HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /f
REG add HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /t REG_SZ /d %randomguid% /f

otherwise you end up having to do it with sqlite3 with a bunch of scripts and hacks to crash the service modify it then start it again it works but would be nice if i didn't have to and it could just do it out of the box,

PS I know its wrong, and I only do this when the guys forget to tell me when they deployed an image without telling me first and somehow included it in the image, would be even better if this was supported so i could just tell the guys to do what they like as long as they run the command at the end of an imaging task

Tim

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

Hi Team,

 

Description: Example REST API usage with Perl / Python

Detail: An example document on how to use the API with Perl would be helpful you have one using C however I would just like to create a few script based calls to it using Perl for use with Nagios and other systems I have to integrate further with our other tools.

 

Description: Failure Details inside Web Interface,

Detail: Most of the time when a task fails it provides hardly any details why I need to follow the rabbit hole to the trace log,

 

Description: Slackware Linux Support /+ Native x64 support without 32 bit libs

Detail: I run 100s of Slackware Servers and have gone away from multilib etc, Also activate product from Remote Administrator rather than having to download an offline license for them

 

Description: Use Latest option for software install

Detail: Software install of ESET use latest option would be helpful eg tick a box and policy would always use the latest version available of eg Endpoint Antivirus when running the task

 

Description: From Dashboard take filters and generate a Dynamic Group / Action

Detail:  I forever have out of date machine on the dashboard and have to copy the filters down and go an create a dynamic group from them to trigger an upgrade can a button be incorporated ( where you have generate CSV /PDF etc ) to say generate dynamic group please

 

Thanks
Tim

 

 

[ESET 6.6 with EMET on Windows 10]

also seems that when using the downloaded (all in one Agent+Installer) package from the RA server one of the guys has reported

--silent

the same switch I use for Eset old versions

does not work and exit code is 5024....

[ESET 6.6 with EMET on Windows 10]

yea definitely splash screen at startup is turned off in policy and can see setting on local machine is off in the GUI ( and locked due to my policy), but still get the splash screen at startup

[ESET 6.6 with EMET on Windows 10]

Has anyone got issues with this i rolled it out to a few test machines and the EAF protection in EMET alerts on all browsers blocking their use,

Also noticed splash screen has come back

Thanks
Tim