Christian Stück
-
Posts
48 -
Joined
Posts posted by Christian Stück
-
-
Hi Forum,
i'm a bit stuck here trying to set up Apache http proxy with authentication.
Apache proxy is st up to forward Protect Agent Replication from WAN to protect server.
It works as long as i don't enable Password auth
I followed this Doc: Apache HTTP Proxy installation - Linux | ESET PROTECT | ESET Online Help
9.Optional basic authenticationcurl test works
curl --proxy proxyserver:3128 -U esetproxy:............ https://protectserver:2222 logfile: 127.0.1.1:3128 10.95.215.65 - esetproxy [25/Oct/2022:14:43:50 +0000] "CONNECT erafix.intern.woelfel.de:2222 HTTP/1.1" 200 1611 "-" "curl/7.68.0"
Agent-Communication does not work:
127.0.1.1:3128 10.95.215.25 - - [25/Oct/2022:14:44:09 +0000] "CONNECT protectserver:2222 HTTP/1.0" 407 760 "-" "grpc-httpcli/0.0"
Error: Replication connection problem: failed to connect to all addresses (code: 14) for request
Agent got the right policy with username/password set.
Any ideas how i can further investigate?
Thanks in advance!
-
-
Hey Forum,
is the Data of ESET Secure Authentication Part of the icloud Backup?
If i restore an icloud backup on a new phone do i have to set up all my 2fa- accounts again?
Thanks !
-
Hello Marcos,
thank you for your help - so we will have to wait for automatic upgrades on versions 9.1
Until then i'm trying to semi-automate this and buiilt a dynamic group, but i can't find the status.
In "Installed Applications" the "Version Check Status" is "Outdated Version"
Is this searchable in dynamic group templates?
Thanks!
-
Hey Forum,
we have some clients that apparently not get automatic updates.
Installed Version is 9.0.2046.0.
Automatic update is activated.If i get Documentation right the client should update itself at reboot.
I restarted several times old version is still there.Is there any logging on that feature to find out why automatic product update is not working?
Thanks in Advance!
-
Hey Forum,
a colleaque just told me he often runs into "wrong password" issues at his Lenovo Thinkpad P14 because he can't change the keyboard layout.
He changes the keyboard-layout at login-screen to german but he still can't log in.
Are there any known issues with that?
Thanks in Advance,
Christian
-
Hey Forum,
are there any known issues with ESET Full Disk Encryption and Firefox Certificate Store?
A customer reported several occurences where firefox reported a broken certificate store after setting or changing the encryption password in FDE. Said it never happened before installing FDE.
Maybe it's a coincidence with installing Endpoint Security at the same time? (Which should not affect certificate stroe as well?)
Thanks in advance!
Christian
-
Hello @Peter Randziak
i am running tests on two intel macs and until now it works as expected.
A customer just asked for native ARM built, is there any release date for native M1 support?
Thanks!
Christian
-
1 minute ago, Peter Randziak said:
Hello @Christian Stück,
normally I would, but the version is now available for general public in ESET Repository, see https://forum.eset.com/topic/31774-eset-endpoint-antivirus-for-macos-version-7073000-has-been-released/ for details...
PeterEven better! Thanks and sorry for not getting it by myself. Have a nice day!
-
-
Hello Forum
we just deployed the v9 MDC-VA three times from scratch but still have the same Problem:
The Hostname is configured as the local ip-address.
Config-Screen: Set Hostname = host.name.com
VM-Console: Shows Hostname = host.name.com
ssh shell: hostname says host.name.comSSL-Cert-Deployment (with DNS-Name host.name.com) days: Hostname mismatch
Retrieve mdc-Server-config via PROTECT-Console: Hostname = local-IP-AdressHow can i change the hostname in MDC-Config? I only found it in the database.
Would it help to get ssl-cert with IP-Adress SAN?
Thanks in Advance!
Christian
-
Hello Forum,
we would like to block unwanted remote-access-tools and so we set potential unsafe applications to "agressive".
Should'nt this setting block something like teamviewerqs.exe or similar tools? I just tested this and it was running without report or block....
Am i getting somiething wrong here?
Thanks in advance!
Christian
-
Hey Forum,
we didn't tidy up and had an "Restart Computer task" from November 2020 with checked "invoke ASAP if event missed".
The task did not run on all computers, a couple of updates nothing went wrong but after update to protect 9.0.10 the missing computers just restartet. Zombie-Tasks in Spooktober!
So don't forget to tidy up triggers before upgrading!
@ESET - any ideas why this trigger fired again after this upgrade and not the ones before?
Regards,
Christian
-
On 1/27/2021 at 1:31 PM, Mirek S. said:
Currently no,
And as we now have cloud MDM, there is not much of chance this will ever happen with on premises version.
Okay, customer is testing intunes now.
So you think protect on-prem will be left behind Protect-Cloud over time? -
7 hours ago, Mirek S. said:
Thanks,
We will definitely checks this. Seems like information on our side is outdated and Apple now supports adding devices not purchased via ABM/ASM into ABM/ASM.
This actually helps us as well as we have multiple devices not purchased via ABM not usable for ABM testing...
Hello Mirek,
can confirm this is working with ASM so maybe will work with ABM also.
MDM-URL is https://your-emdc:9980/depGot some fatal errors in AC2 and on the ipad but in the end the ipad appeared in ASM and PROTECT.
-
On 1/25/2021 at 10:47 PM, Mirek S. said:
Hello,
We currently do not support ASM, only ABM is supported.
IIRC main reason was EP is device centric while ASM is user centric but I might be wrong on that one.
M.
Thanks for the info. Support told me ASM and Configurator 2 aren't officially supported but work somehow.
Do you know if thats on the roadmap? Ipads in Schools are getting quite big right now and it would be great if we could cover that with ESET.....
-
Actually Support helped me to get one step ahead by
- using Apple Configurator 2 with URL https://mdm-server:9980/dep
- some error-messages but certificates are shown
- Using Admin-Login for ESMC, not shure if this is needed?
- ipad booted twice, fatal error message but - success. Ipad shows up in ASM
-
Some Minutes Later ipad shows up in ESMC as an unmanaged Mobile Device.
Looks like Profile-Install has to be started manually?
So far so good, i can even install VPP-Apps over Apple Configurator, which is of course not as nice as doing it with MDM 😉
Bad thing: this is still not working with an ipad that ist allready in ASM, but as Mirek said ASM (School Manager) is not officially supported by ESET so i'm happy with what we got.
-
Hello all,
is anyone successfully using ESET MDM with Apple School Manager?
My MDM-Server ist registered in ASM, but Devices are not enrolled at activation. Shouldn't that happen automatically?
I want to add devices to ASM with Apple Configurator, but for that i need an URL. Does anyone know the Enrollment-URL for ESET?
MDM solution preferences in Apple Configurator 2 - Apple Support
Is ESET MDM capable of deploying apps?
Thanks in Advance!
Christian
-
Hello Forum,
i am setting up ESA for ADFS with AD and an additional ldap-realm.
ldap-sync works, realm example.com is added and user gets mobile-push app.
Whenever i try to log in via adfs there is an error "Could not find user with UPN 'user@example.com' in forest.
Why does it even try to find user in forest, when it exists as ldap-synced-user? Is there a way to change the search order or did i get something wrong?
Thanks in Advance!
P.S.: Whats the easiest way to test the auth for an ldap-user without any other components?
-
Hi Forum!
We use squid proxy in our dmz for remote users to talk to esmc without vpn.
log files show, the service is attacked very often (no surprise opening that port in the internet).
Anyone got any ideas hardening the proxy eg
1. by using a different port
2. by using the Agent-Certificate to authenticate against the proxy service? Could the not be done by just adding the CA-cert to squid?
Thanks in advance!
Christian
-
Hello Forum,
my AV-sceptic Colleagues brought up a Problem with ERAAgent i found on some Machines:
ERAAgent opens TCP-Connections up to the OS-Limit so no more connections e.g. for DNS or other services are left.
Example: ERAAgent 7.0.577.0 on Windows Server 2012 R2
Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Select -Property Count, Name, @{Name="ProcessName";Expression={(Get-Process -PID ($_.Name.Split(',')[-1].Trim(' '))).Name}}, Group | Sort Count -DescendingCount Name ProcessName Group ----- ---- ----------- ----- 16374 Bound, 2404 ERAAgent {MSFT_NetTCPConnection (InstanceID = "::??65535??::??0"), MSFT_NetTCPConnection (InstanceID = "::??65534??::?... 8 Listen, 3520 vmms {MSFT_NetTCPConnection (InstanceID = "fe80::c5e5:78b5:ee3c:3191%15??6600??::?...), MSFT_NetTCPConnection (Ins... 6 Established, 3440 dsm_om_connsvc64 {MSFT_NetTCPConnection (InstanceID = "127.0.0.1??49683??127.0.0.1??49682"), MSFT_NetTCPConnection (InstanceID... 5 Listen, 4 System {MSFT_NetTCPConnection (InstanceID = "::??47001??::??0"), MSFT_NetTCPConnection (InstanceID = "::??5985??::??... 4 Listen, 1732 lsass {MSFT_NetTCPConnection (InstanceID = "::??49670??::??0"), MSFT_NetTCPConnection (InstanceID = "::??49667??::?... 3 Bound, 3440 dsm_om_connsvc64 {MSFT_NetTCPConnection (InstanceID = "::??49683??::??0"), MSFT_NetTCPConnection (InstanceID = "::??49681??::?... 2 Listen, 1864 svchost {MSFT_NetTCPConnection (InstanceID = "::??3389??::??0"), MSFT_NetTCPConnection (InstanceID = "0.0.0.0??3389??... 2 Listen, 1904 svchost {MSFT_NetTCPConnection (InstanceID = "::??135??::??0"), MSFT_NetTCPConnection (InstanceID = "0.0.0.0??135??0.... 2 Listen, 1808 svchost {MSFT_NetTCPConnection (InstanceID = "::??49666??::??0"), MSFT_NetTCPConnection (InstanceID = "0.0.0.0??49666... 2 Listen, 1724 services {MSFT_NetTCPConnection (InstanceID =Any Ideas what ERAAgent is doing or how i could stop it?
Thanks in Advance!
-
Hello Forum,
something everybody knows i think: Customer says Application XY runs slower since Installation of ESET...
With Realtime-Scanner it was quite easy so see which files it touched. Is there a way do do something similar with hips, network protection and so on? On Example is an application that uses a webserver and local database and i want to find out what might be affected by eset.
customer dreams of a report like "everything eset touched on that system today".
Thanks for any ideas!
Christian
-
Hi everyone,
i am doing ESETv7 Workshops withs Admins from time to time and want to show them how to troubleshoot / react to security issues.
For Antivirus i use EICAR for demonstration.
Are there any ways to do this for HIPS, Ransomware-Shield, Network-Protection and other v7-Features?
Thanks in Advance!
Christian
-
Hello Nates,
i don't want to outsmart ESET and this is a bit dirty but it worked for me once going from ESMC1 (VA) to ESMC2 (Windows)
My old database crashed, so it was not a bit loss anyway.
- Export Certs on ESMC1
- Setup ESMC2 from Scratch (with new ip / hostname)
- Import Certs from ESMC1 in ESMC2
- Set ESMC2 to use old Server Cert from ESMC1 (in Server Settings)
- Resetup Policies in ESMC2 (or maybe export/import), set groups etc.
- Create Policy on ESMC1 with ESMC2 as Server Address
- Clients will connect to ESMC2
- When alle clients know ESMC2 shutdown ESMC1
- Create Client Policy to use new Agent Cert (created at installation)
- Set Server to use new Cert from ESMC2 (created at installation)
- For some reason it works with both certs crossed for some time (as long as anybody knows both CAs?)
I even tried once to set up ESMC2 with the old ip
- Export Certs on ESMC1
- Shutdown ESMC1
- Setup ESMC2 from Scratch (with old ip / hostname)
- Import Certs from ESMC1 in ESMC2
- Set ESMC2 to use old Server Cert from ESMC1 (in Server Settings)
- Resetup Policies in ESMC2 (or maybe export/import), set groups etc.
- Clients will connect to ESMC2
- Create Client Policy to use new Agent Cert (created at installation)
- Set Server to use new Cert from ESMC2 (created at installation)
PROTECT in MacOS and homebrew or installomator
in ESET PROTECT On-prem (Remote Management)
Posted
Hi Forum,
has anyone tried using a "run Command" Task to call homebrew or installomator?
This would really help to have a simple install and update tool for basic software.
homebrew might have problems when not running in user-context. installomator is developed for usage in mdm-software so this might work.
Thanks in advance!
Christian