Jump to content

Lockbits

Members
  • Content Count

    78
  • Joined

  • Last visited

Profile Information

  • Location
    Chile

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello guys, Is there any way to migrate from ECA to on-premise ESMC? I think this should apply https://support.eset.com/en/kb6729-certificate-migration-in-eset-security-management-center-7x but I'm not sure as I don't know if it's possible to obtain a copy of ECA's certification authority and agent certificate. Thank you.
  2. Hello guys, I've a friend that has an iPhone running iOS 14.1. Twenty SMS charges sent to telephones located in Taiwan and Germany appeared on his phone account. When checking the messaging application, those 20 messages were indeed sent from the iPhone, however, the user did not send them nor he knows those numbers. Could it have been an SMS Trojan? How to know which application sent these messages? There's one message pointing to 20 numbers. I know that there're many SMS Trojan for Android but for iOS AFAIK it's the first case. The iPhone is not jailbroken. I want to determine
  3. Hello guys, Thank you for the help. Customer is updating to latest version of EEA and EEI and moving their computers to ECA in order to have maximum visibility. They also know that need to install updates ASAP.
  4. Hello guys, We've a case where a server is working normally but one shared resource was encrypted by a ransomware. We think it was another computer that was infected because the server doesn't have encrypted local data. In order to detect which computer was the culprit, we deleted all the networks and local users permissions over this shared resource and copied some files. As the data remained intact we starting adding one per one network user in order to see which is the culprit and so far so good. Our surprise was when we added the local administrator user to the shared resource the con
  5. Hi Mirek, I sent you a private message. Thank you.
  6. Hi Peter, In case we need to modify or change the certificate, it's necessary to enroll all devices again? Or the certificate can be changed without affecting connection to current smartphones?
  7. Hello guys, We have a customer with the following issue. There're two Android devices that were updated to EESA version 2.9.4.0 and these two devices are reporting the following alert to ESMC: I realized that version 2.9.4.0 has the following change: Improved: Certificate security - insecure certificate warning during enrollment + certificate hostname verification (a warning displayed during update or enrollment) How can we fix this certificate issue? The MDM was installed using the standard procedure. Thanks.
  8. Hello, In Chile we changed the hour from winter to summer time and that caused EEI to stop cleaning the MySQL DB correctly: 2020-10-23 00:00:00 03b64 Info: Database cleanup starting... 2020-10-23 00:00:00 03b64 Error: Database cleanup failed on the following SQL error: Sql error 1292. 22007 Incorrect datetime value: '2020-09-06 00:00:00' for column 'l_purge_events_until_upper_border' at row 1. Failing statement: 'CALL procOnRotateEvent( UTC_TIMESTAMP(), ?, ?, ?, ?, ?)' As DB is full no computer is able to connect to EEI anymore: 2020-10-23 14:17:23 00b00 Error: The di
  9. Hello guys, Our customer that is using the MDM with ESMC is having the following issue. In the graphic of the dashboard where you can see the devices that are updated and not, in Endpoint bar the ESMC is considering not only endpoints but also mobile phones. Is this by design or it's a bug? Because there's a graphic bar for mobile phones. Regarding this same graphic, is there any way to limit the information for a certain range of devices and not all devices? In this case it's because the customer wants to know the devices that are outdated but that are being used (home office)
  10. Hello guys, We've a customer that is using the MDM and when we send the task to update to a newer version of ESET Endpoint Security for Android the task fails hours later. How can we update this program remotely? Thanks.
  11. Hello guys, We've a customer where we installed the MDM with public IP address. The device is enrolled correctly and reporting to console however some hours later the Android device stops reporting back to console. If we open ESET for Android in the mobile then immediately it report back again but some hours later the same problem occurs again. It's like something in Android is restricting the connection to console when ESET is idle in the background. Re enrolling the device doesn't work because it said it's already connected. How can we avoid this behavior? Thank you.
  12. Hi MartinK, Apparently the problem is because old agent configuration was password protected. We are trying to make a custom bat for deployment but for the moment it's not working. I password protected my agent with the same password so I can test the bat without going to the customer but not luck. I tried to put the password with and without " and it's not working. If I look at the .ini created by the bat I can saw that password is within the file but agent is not reinstalled with new configuration. ESMCAgentInstaller2.1.rar
  13. Hi Martin, I double checked and indeed it's the problematic computer. We didn't found the ra-agent-install.log. We searched all the disk with an administrator account. As you suggested, we created a live installer (the .bat) and ran it in the problematic computer. The result was the same, PC doesn't connect and old settings and certificates are preserved. I deployed the agent using the server task to computers were no agent was installed before and those computers connected right away. Unfortunately this problem persist in 7.1 as configuration and certificates are not over
  14. Hi guys, The problem is within the certificate and that agent installation using server task is not overwriting the agent and configuration. For example, in task I specified the host name and not the IP and if I see the log I realized that even that parameter wasn't changed. I'm going to try with GPO. Logs.rar
  15. Hello guys, We've a customer that was using and instance of ESMC 7.1 along with 7.1 agents. The server got damaged so we've installed a new instance of ESMC 7.1. The server has the same hostname and IP address but computers are not connecting as the certificate is different (we don't have a backup of original certificate). We tried to deploy agent using a server task and although the task finished successfully, the computers are not connecting to new instance. Which parameter can we use so agent is reconfigured with the new certificate? If we deploy agent using GPO, will install
×
×
  • Create New...