CCross

Hi guys, I'm going to take advantage of this open topic to throw my question. Is there a way to avoid ESET to mark a threat as resolved even when it blocked, deleted or cleaned the infection? How can I distingish threats marked as resolved by ESET from threats marked as resolved by Administrator? I'm asking you this because as SOC personnel sometimes we need to do further investigation on a particular event even when it was already taken care by ESET itself, we have found diffilculties to track our progress on the Console Threat section cause the filters available let you have a view on resolved vs unresolved threats but do not differentiate between the ones marked as resolved by ESET and the ones marked as resolved by a person. Hope I'm making myself clear. Thanks in advance,

Hello, Last night we had a weird incident, for some unknown reason ESET all of sudden, blocked access to web.whatsapp.com in all computers, we do not have that website in either of our blacklist settings however when users tried to access it they got an ESET pop advising that the access was being blocked. The weird fact is that when we checked the logs at web control level whatsapp.com was not listed there nor in Filter web site section. At end of the story the site was unblocked without requiring to do a thing which made the incident even more strange. We suspect that probably the site was added in some sort of category that is not managed by us. Any ideas about what could cause this? Are there logs that reflect what sites are being blocked by categoy? Thanks in advance. Product: ESET Remote Administrator 6.6.

Hello there, do you have more suggestions?

Yes we do..

Hi Marcos, The workaround suggested works only for a while. Ex: I access drive.google.com by typing it directly in the URL address Field, ESET blocks it but as soon as I log on to gmail.com and access Google Drive by using the shortcut available there, My drive is displayed with no problem, so since a session is establish next time I access drive.google.com, I got access too. I'm using the URL Management and adding drive.google.com/* to the Block Sites list.

Hi We were dealing with this since last year, had to put it on hold but now wee need to figure out how to make it work. We need to block the access to Youtube and Google Drive web sites, our Web Control Policy seems to work fine when those sites are accessed via Internet Exporer, however; If Chrome or Firefore is used instead, the web control policy is by passed allowing the access. Have tried to block them in serveral ways such as adding these sites to a block list in a web control and URL Management Access section, create a rule for denying UDP port 443 traffic in the Firewall. module but it is always the same, Chrome and Firefox always allow the access to the Youtube and Goolge Drive, we don't want to block other Google Sites just these two. Product: ESET Remote Admisnitration Console 6.5. Thanks in advance,

Thank you.

Hello there, There are news spread about a malware that is using facebook messenger as a vector to infect victims with Digmine, here you have some links as reference: https://gbhackers.com/digmine-facebook-messenger-cryptocurrency/ https://www.scmagazineuk.com/digmine-cryptocurrency-botnet-spreading-through-facebook-messenger/article/720550/ https://thehackernews.com/2017/12/cryptocurrency-hack-facebook.html?m=1 I checked the ESET Database latest definition Update 16617 and there's a Win64/CoinMiner listed there, I just would like to know if this update covers this new malware detection. Thanks in advance.

I'm experiencing the same issue with the web control in Chrome, did anybody get the solution for this?

Thanks for your reply Marcos. I tried that but got same results, the Chrome version I'm using is Version 62.0.3202.94 (Official Build) (64-bit). I don't even have problems to block other Web sites in Chrome, but youtube.com and drive.google.com go straight forward as if no policy exists.

Hello there, I'm experiencing problems to block sites such as youtube.com and drive.google.com on Chrome web browser. My rules work fine in IE but when Chrome is used, the browser seems to bypass the web control settings. I read past forums with users experiencing same symptoms, however I could see a concret solution. I'm using the ESET Remote Administration Console. Thanks in advance.

Hi there, Do we have updates regarding this topic? Should it be considered a false positive?