Jump to content

Christian Stück

  • Posts

  • Joined

About Christian Stück

  • Rank

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Okay, customer is testing intunes now. So you think protect on-prem will be left behind Protect-Cloud over time?
  2. Hello Mirek, can confirm this is working with ASM so maybe will work with ABM also. MDM-URL is https://your-emdc:9980/dep Got some fatal errors in AC2 and on the ipad but in the end the ipad appeared in ASM and PROTECT.
  3. Thanks for the info. Support told me ASM and Configurator 2 aren't officially supported but work somehow. Do you know if thats on the roadmap? Ipads in Schools are getting quite big right now and it would be great if we could cover that with ESET.....
  4. Actually Support helped me to get one step ahead by using Apple Configurator 2 with URL https://mdm-server:9980/dep some error-messages but certificates are shown Using Admin-Login for ESMC, not shure if this is needed? ipad booted twice, fatal error message but - success. Ipad shows up in ASM Some Minutes Later ipad shows up in ESMC as an unmanaged Mobile Device. Looks like Profile-Install has to be started manually? So far so good, i can even install VPP-Apps over Apple Configurator, which is of course not as nice as doing it with MDM 😉 Bad thing: this is still not working with an ipad that ist allready in ASM, but as Mirek said ASM (School Manager) is not officially supported by ESET so i'm happy with what we got.
  5. Hello all, is anyone successfully using ESET MDM with Apple School Manager? My MDM-Server ist registered in ASM, but Devices are not enrolled at activation. Shouldn't that happen automatically? I want to add devices to ASM with Apple Configurator, but for that i need an URL. Does anyone know the Enrollment-URL for ESET? MDM solution preferences in Apple Configurator 2 - Apple Support Is ESET MDM capable of deploying apps? Thanks in Advance! Christian
  6. Hello Forum, i am setting up ESA for ADFS with AD and an additional ldap-realm. ldap-sync works, realm example.com is added and user gets mobile-push app. Whenever i try to log in via adfs there is an error "Could not find user with UPN 'user@example.com' in forest. Why does it even try to find user in forest, when it exists as ldap-synced-user? Is there a way to change the search order or did i get something wrong? Thanks in Advance! P.S.: Whats the easiest way to test the auth for an ldap-user without any other components?
  7. Hi Forum! We use squid proxy in our dmz for remote users to talk to esmc without vpn. log files show, the service is attacked very often (no surprise opening that port in the internet). Anyone got any ideas hardening the proxy eg 1. by using a different port 2. by using the Agent-Certificate to authenticate against the proxy service? Could the not be done by just adding the CA-cert to squid? Thanks in advance! Christian
  8. Hello Forum, my AV-sceptic Colleagues brought up a Problem with ERAAgent i found on some Machines: ERAAgent opens TCP-Connections up to the OS-Limit so no more connections e.g. for DNS or other services are left. Example: ERAAgent 7.0.577.0 on Windows Server 2012 R2 Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Select -Property Count, Name, @{Name="ProcessName";Expression={(Get-Process -PID ($_.Name.Split(',')[-1].Trim(' '))).Name}}, Group | Sort Count -Descending Count Name ProcessName Group ----- ---- ----------- ----- 16374 Bound, 2404 ERAAgent {MSFT_NetTCPConnection (InstanceID = "::??65535??::??0"), MSFT_NetTCPConnection (InstanceID = "::??65534??::?... 8 Listen, 3520 vmms {MSFT_NetTCPConnection (InstanceID = "fe80::c5e5:78b5:ee3c:3191%15??6600??::?...), MSFT_NetTCPConnection (Ins... 6 Established, 3440 dsm_om_connsvc64 {MSFT_NetTCPConnection (InstanceID = ""), MSFT_NetTCPConnection (InstanceID... 5 Listen, 4 System {MSFT_NetTCPConnection (InstanceID = "::??47001??::??0"), MSFT_NetTCPConnection (InstanceID = "::??5985??::??... 4 Listen, 1732 lsass {MSFT_NetTCPConnection (InstanceID = "::??49670??::??0"), MSFT_NetTCPConnection (InstanceID = "::??49667??::?... 3 Bound, 3440 dsm_om_connsvc64 {MSFT_NetTCPConnection (InstanceID = "::??49683??::??0"), MSFT_NetTCPConnection (InstanceID = "::??49681??::?... 2 Listen, 1864 svchost {MSFT_NetTCPConnection (InstanceID = "::??3389??::??0"), MSFT_NetTCPConnection (InstanceID = " 2 Listen, 1904 svchost {MSFT_NetTCPConnection (InstanceID = "::??135??::??0"), MSFT_NetTCPConnection (InstanceID = " 2 Listen, 1808 svchost {MSFT_NetTCPConnection (InstanceID = "::??49666??::??0"), MSFT_NetTCPConnection (InstanceID = " 2 Listen, 1724 services {MSFT_NetTCPConnection (InstanceID = Any Ideas what ERAAgent is doing or how i could stop it? Thanks in Advance!
  9. Hello Forum, something everybody knows i think: Customer says Application XY runs slower since Installation of ESET... With Realtime-Scanner it was quite easy so see which files it touched. Is there a way do do something similar with hips, network protection and so on? On Example is an application that uses a webserver and local database and i want to find out what might be affected by eset. customer dreams of a report like "everything eset touched on that system today". Thanks for any ideas! Christian
  10. Hi everyone, i am doing ESETv7 Workshops withs Admins from time to time and want to show them how to troubleshoot / react to security issues. For Antivirus i use EICAR for demonstration. Are there any ways to do this for HIPS, Ransomware-Shield, Network-Protection and other v7-Features? Thanks in Advance! Christian
  11. Hello Nates, i don't want to outsmart ESET and this is a bit dirty but it worked for me once going from ESMC1 (VA) to ESMC2 (Windows) My old database crashed, so it was not a bit loss anyway. Export Certs on ESMC1 Setup ESMC2 from Scratch (with new ip / hostname) Import Certs from ESMC1 in ESMC2 Set ESMC2 to use old Server Cert from ESMC1 (in Server Settings) Resetup Policies in ESMC2 (or maybe export/import), set groups etc. Create Policy on ESMC1 with ESMC2 as Server Address Clients will connect to ESMC2 When alle clients know ESMC2 shutdown ESMC1 Create Client Policy to use new Agent Cert (created at installation) Set Server to use new Cert from ESMC2 (created at installation) For some reason it works with both certs crossed for some time (as long as anybody knows both CAs?) I even tried once to set up ESMC2 with the old ip Export Certs on ESMC1 Shutdown ESMC1 Setup ESMC2 from Scratch (with old ip / hostname) Import Certs from ESMC1 in ESMC2 Set ESMC2 to use old Server Cert from ESMC1 (in Server Settings) Resetup Policies in ESMC2 (or maybe export/import), set groups etc. Clients will connect to ESMC2 Create Client Policy to use new Agent Cert (created at installation) Set Server to use new Cert from ESMC2 (created at installation)
  12. Hey Forums, i am planning to migrate ERA6 to ESMC on a new Server with different ip (kb) i did similar things before but now kb says to set all clients to new ESMC first and then migrate database to new server. i have quite a big environment and would prefer to run ERA and ESMC side by side for some weeks while switching over the clients in blocks. Are there any thoughts why this could be a bad idea? Thanks in advance! Christian
  13. Hmm, i would think if you do "clean install with same ip" it should work. Of course thats more a manual move than a migration because you have to reconfigure everything like polices etc. Did this once for a customer who wanted to move from VA to Windows and ist was less effort than i thougth. By my experience its easier to keep all clients when you choose "same ip, same certs".
  14. Support helped: There seems to be a bug in ESA when the realm in radius client settings is set to anything except "Current AD Domain". When set to "current AD Domain", the radius auth is working.
  15. Hello Forum, i have two Installations with Sonicwall and ESA using Radius. One is working fine, the other Sonicwall keeps telling me "Failed to decode RADIUS reply (check the shared secret)". There is not that much you can do wrong with the Shared Secret so i'm a bit out of ideas. If i remove the Sonicwall as a client, ESA Radius logs "INFO EIP.Radius.EsaRadiusServer Invalid Auth. packet received from :" and Sonicwall gets a timeout. If i have the client, ESA Radius logs nothing. Is anyone using this or has any ideas for RADIUS? Thanks in advance.
  • Create New...