Mitchell
-
Posts
30 -
Joined
-
Days Won
2
Kudos
-
Mitchell received kudos from Peter Randziak in ESET Inspect Cloud via ESET Bridge
This is possible, you just have to add the address and port to the allowed list in config.
Pick the address based on the location of your ESET Inspect Cloud Instance
eu01.agent.edr.eset.systems or IP 52.166.186.239
TCP/8093
ESET Inspect Cloud Connector Location: Europe
us01.agent.edr.eset.systems or IP
40.83.252.19
TCP/8093
ESET Inspect Cloud Connector Location: USA
jp01.agent.edr.eset.systems or IP
20.188.24.252
TCP/8093
ESET Inspect Cloud Connector Location: Japan
-
Mitchell received kudos from IggyPop in ESET Inspect Cloud via ESET Bridge
This is possible, you just have to add the address and port to the allowed list in config.
Pick the address based on the location of your ESET Inspect Cloud Instance
eu01.agent.edr.eset.systems or IP 52.166.186.239
TCP/8093
ESET Inspect Cloud Connector Location: Europe
us01.agent.edr.eset.systems or IP
40.83.252.19
TCP/8093
ESET Inspect Cloud Connector Location: USA
jp01.agent.edr.eset.systems or IP
20.188.24.252
TCP/8093
ESET Inspect Cloud Connector Location: Japan
-
Mitchell received kudos from thae in Update ESET Inspect Server
You can just download the latest version from the download page, run the installer and it will perform the upgrade for you. (fields such as database credentials and connection settings for ESET PROTECT should already be pre-filled)
-
Mitchell received kudos from Mohsen Ghaffari in Hash Blocked by ESET Inspect
The following buit-in rules have an action that can result in a blocked hash. (i'm not sure which of these are enabled by-default however):
<name>Process has started from Recycle Bin folder [A0412]</name> <name>Suspicious executable created in %startup% folder [A0127b]</name> <name>Regsvr32 has dropped a suspicious executable [A0311]</name> <name>Certutil has dropped a suspicious executable [A0313]</name> <name>Process executed from ADS [A0417]</name> <name>Process with mimikatz-like executable metadata executed [A0423]</name> <name>Ransomware-like data written to file [A0603]</name> <name>Multiple file writes from a compromised process [A0606]</name> <name>Multiple file renames from a compromised process [A0607]</name> <name>Remote execution using renamed PsExec service [A0905]</name> <name>Canary File was Triggered [D0334]</name> <name>Suspicious Nvidia Signed module was dropped [E0464]</name> <name>Suspicious Nvidia Signed module was loaded [E0465]</name> <name>Explorer.exe Loading Suspicious .Net Assembly [E0472]</name> <name>Suspicious Compromised Process Loading .Net CLR DLL [E0473]</name> <name>Rundll32 loaded DLL with unusual extension [F0461]</name> <name>Windows Print Spooler loaded suspicious DLL from remote folder [A0441] </name> <name>Suspicious LoLBaS Execution: Control.exe loading DLL from ADS (Alternate Data Streams) [E0437]</name> <name>Suspicious DLL loaded from Alternate Data Stream [E0438]</name> Most likely on of these rules triggered and the hash of the file is now added to the "blocked hashes" list in the Inspect Web Console under "More > Blocked Hashes"
-
Mitchell received kudos from j-gray in Download for EI Server 1.11.2878.0 is not available
You can download the MSI file from repository: [removed the link due to found issues, see post below]
As to why it is not available on download page & more info about the changelog, I'll leave that to one of the official ESET forum members
-
Mitchell received kudos from winstonsmith84 in The ekrn service failed to start / Patch Tuesday Windows Updates
You can create a dynamic group with the following condition:
and then create a "dynamic group changes" notification for that:
You could also trigger the previously mentioned "run command" task using a joined dynamic group trigger or scheduled trigger on that group to "auto heal" affected systems. (but as previously mentioned, A reboot is probably preferred)
-
Mitchell received kudos from INDUS_MH in The ekrn service failed to start / Patch Tuesday Windows Updates
You can create a dynamic group with the following condition:
and then create a "dynamic group changes" notification for that:
You could also trigger the previously mentioned "run command" task using a joined dynamic group trigger or scheduled trigger on that group to "auto heal" affected systems. (but as previously mentioned, A reboot is probably preferred)
-
Mitchell received kudos from IggyPop in EEI version 1.9 server upgrade fails with error
Could you share the full install log?
Note: It's probably better to contact your local ESET support.
-
Mitchell received kudos from j-gray in User synchronization task errors
The task is used to synchronize users from AD, mainly to show some additional info about the user triggering a detection, specifically the following fields when viewing a detection in INSPECT: (the fields in AD are empty in my case, so that's why the values are 'unkown')
A possible work-around is to delete all 'computer users' from ESET PROTECT (if you are not using this functionality) after that sync task should work again, but I have seen the issue come back.
If you don't care about the above information in the detection events, I would ignore the failing of the task, as it is not critical functionality.
-
Mitchell received kudos from Nightowl in Windows Server 2022 compatibility
I noticed the help page now lists "Microsoft Windows server 2022" as Supported OS:
https://help.eset.com/efsw/8.0/en-US/system_requirements.html
-
Mitchell received kudos from NeilFS in Microsoft Teams issues
Seems that creating the following rule is sufficient:
Name: Allow Teams Helper
App: /Applications/Microsoft Teams.app/Contents/Frameworks/Microsoft Teams Helper.app
Action: Allow
Direction: In
Protocol: TCP & UDP
Ports: Remote
Remote Port: All
Destination: Entire internet
-
Mitchell received kudos from Peter Randziak in Microsoft Teams issues
I haven't been able to reproduce the issue on the latest version of ESET Endpoint for mac OS (6.9.60), So upgrading seems to be the easiest fix.
Edit: I'm not sure if there is a newer version of ESET Cyber Security though.
-
Mitchell received kudos from Peter Randziak in Microsoft Teams issues
Seems that creating the following rule is sufficient:
Name: Allow Teams Helper
App: /Applications/Microsoft Teams.app/Contents/Frameworks/Microsoft Teams Helper.app
Action: Allow
Direction: In
Protocol: TCP & UDP
Ports: Remote
Remote Port: All
Destination: Entire internet