Jump to content

User21000

Members
  • Content Count

    9
  • Joined

  • Last visited

Profile Information

  • Location
    Afghanistan
  1. For anyone on this post, see this other post with more responses and more details from forum users: https://forum.eset.com/topic/22788-eset-is-blocking-chrome-installer-and-google-chrome/
  2. I second jnsjns's question. Can your team provide more details on the false positive? It was extremely concerning to receive a "Malware outbreak alert!" warning this morning for something that was a false positive.
  3. Interesting thread. Wish ESET would open up that list of theirs. Thanks for your help.
  4. Interesting theory, thanks for trying I appreciate it. Turns out the dev was forwarding from his edge at home and that subnet is what he uses on his internal LAN so the event was triggered locally and reported back to the ESMC server when he reconnected to the production network at our office. So, it looks like ESET is basing this on the fact that the traffic came from known botnet IP space? Is that it? I'm not implying I think that it's inaccurate I'm just trying to make sure I understand the classification of the event.
  5. Folks, as others have talked about recently there is an uptick in detections of this definition Botnet.CnC.Generic. I have a dev who has a couple of these events triggered on his machine which I have seen in my logs. Some questions: 1. If the Action = "Detected" and Inbound = "Yes" does that mean that the endpoint thinks the dev's machine is a C2 server and that it detected (but allowed) an inbound connection matching such a profile? 2. How can the target address make sense? Source is 45.141.87.11 (russian ip space) and target address is a 10.0.0.0/24 address (RFC1918) but on a subne
  6. I did end up leaving the passphrase field empty, and it would then let me download the installers. What are the possible security ramifications of not having a passphrase for the certificate? I'm actually not sure why there needs to be a passphrase for the cert, why have one in the first place?
  7. When I try creating an all-in-one installer, I go through all the configuration choices. When I'm done and ready to download the installer for Windows clients I get this error message "Failed to download installer: Invalid certificate or certificate password provided." Why am I getting this error? I entered the passphrase that I entered when I first deployed the Virtual Appliance and also tried using a different passphrase but neither will work.
  8. I would just like to know what the purpose of linking the ERA Virtual Appliance to an Active Directory Domain would be. Would that be used so I can sign in to the VA with domain credentials? Is there some sort of feature to synchronize endpoints with AD users? Will joining the VA create a Computer Account in the AD? To be clear, I'm using the ESET Remote Administrator Server Appliance. Any information is appreciated, thanks.
×
×
  • Create New...