Jump to content


  • Posts

  • Joined

Everything posted by Lockbits

  1. Thanks MichalJ, When installing the new server it was possible to activate using the same license, but when adding the new user did not receive the message to enroll. What could be the problem? Regards, Francisco.
  2. Hello, Is it possible to install 2 consoles whith the same license, but respecting the number of contracted users? Example: total users 20, in console A have 17 users and in console B have 3 users. Regards, Francisco.
  3. Hi, Same issue here with our console and also one customer reported this to us.
  4. Thank you very much for the information, @dmaasland
  5. Hello guys, Can you help us? We're trying to create an EEI rule to block any executable that triggers the following rules: Filecoder behavior [M0601] Filecoder behavior [Z0601] And others. Thank you.
  6. Hello, I finally asked the customer to send all extensions located at C:\Users\[login_name]\AppData\Local\Google\Chrome\User Data\Default\Extensions to us. I checked one by one using extension's ID and visiting https://chrome.google.com/webstore/detail/extension_id (replace /extension id with valid extension id) until I found three suspicious and discarded others. One of the three was indeed confirmed as malicious by ESET Labs: The detection for this threat will be included in the next update of detection engine, expected version: 23400. 2.9_0.crx - JS/ExtenBro.Agent.EE trojan In case anyone need to report suspicious extensions that's a good approach.
  7. Hello guys, I'm writing because we have a customer with a Chrome extension that is causing many connections to malicious websites. How can we determine which extension is the cause of those connections so we can send it to ESET's Labs in order to add a detection? This customer is also using EEI but the executable is Chrome.exe and we can't find which extension is causing this behavior. Regards.
  8. Hello guys, One customer is asking us why its EPV8 is using 25% of CPU although there're no idle scanning nor module updates and so on. I created an ESET Log Collector with this setting turned on: advanced oper. system logging under tools -> diagnostics Can you forward this ESET Log Collector to developers? https://www.dropbox.com/s/kdivw66n0moco52/Uso excesivo CPU logs.rar?dl=0 For safety concerns I encrypted them with a password. Please ask me the password via inbox. Thank you.
  9. Nevermind, I found this calculator: https://help.eset.com/eei/1.5/en-US/?hardware_requirements.html
  10. Hi @JamesR! You right, it seems one of those random coincides of life. The server RAM is ok (8 GB of 24) but disk is in its limit. Currently there're 14 GB available of about 149 GB. I deleted some files and now there're 15 GB available and computers started reporting again. How many free space do you need for EEI? There're about 140 computers reporting to EEI. Thank you.
  11. Hello guys, Several months ago we reported a bug that caused the endpoints to stop reporting to EEI due to a change in time in Chile. More on this issue: On Saturday, April 3, the clock was back by one hour. The time zone was changed from GMT -3 to GMT -4 and it started failing again. The customer is using latest version that supposedly fixed this bug (1.5.1512) but it's failing again with this message: 1-04-07 16:59:39 015b4 Error: The disk usage or memory limit reached. Can't accept more data. (Device name) 2021-04-07 16:59:39 015b4 Error: HTTP error 503 while processing request for "PUT":"/EVENTS/V2/Device name:256e302d-f515-469b-bb40-1400411834c4 How can we fix this? No endpoint nor servers are being able to communicate with EEI server. Thanks. EIServer-2021-04-07.log
  12. You should use an older version or another Java distribution supported by console. 16 is not supported. We had the same issue as you.
  13. Hi @Kstainton, Thank you. What does it mean that console is in legacy mode? Why this appeared if no change was made? We want to upgrade console to latest version. Is it safe considering this issue?
  14. Hello guys, We've a customer were DESlock console stopped working with this message: Initially we pressed next button: But that didn't resolver the issue as the same wizard appeared again and again as a loop. We moved the content of the backup folder of the path where console is installed to another place and restarted service of console and it started working again but, why this happen? We didn't modified anything. Thanks.
  15. Hi MichalJ, Thank you. We're planing to use GPO. Will it work? The idea is to send a GPO to upgrade ERA 6.5 agent to EPC agent 8. André
  16. Hello guys, We've a customer that have about 1000 seats and they're using ERA 6.5 because it's installed on Server 2003 and there's no possibility to upgrade such Windows and so the console. As they don't have server they're evaluating to migrate to EPC. Is there any way to migrate at least connections from ERA 6.5 to EPC? Thank you.
  17. Hi, Thank you for this tip. It solved some alerts that were caused by Fortinet VPN client (fcdblog.exe) and I couldn't fixed with basic exclusion wizard.
  18. Hello guys, I've two suggestions: 1) The option to apply exclusions for web control detections or "Detected by ESET Endpoint Security product" alerts. We've a customer that is using web control and we configured the product so all blocked websites are logged in EPC console setting the verbosity accordingly. The problem is that this information is also sent to EEI console and this add a ton of unnecessary data and difficult the detection of valuable data. We can disable the verbose level but this will also affect the blocked website being logged and reported to ESMC. I mean this: 2) The possibility to add granular exclusions for some rules like MS Office application has saved executable [D0806]. We get about 5 daily alerts of this type and all are benign. Apparently Office creates a lot of temporal with .com extension like this: Currently I can create an exclusion to this rule but I prefer to don't do this because in case a real malware creates a .com or .exe I'll miss this alert. Maybe an option to exclude per folder? So I can exclude the path that always start with the same pattern. Of course that if I do this in this folder I can miss a real malware being written to such path but the possibility is quite less that creating an entire exclusion for this rule or modifying the rule to not include .com extension. Thanks.
  19. Hi Marcos, just for curiosity. Why this signature is WinGo and not Win32/64? Thank you
  20. Hello guys, I hope everyone has a great 2021! We're using EPC and since then the only agent 7 that was reported outdated and was updated from there was the Agent for my macOS. All the Windows agents are reported as updated so if I send an update task nothing happens. The only solution I found so far is to generate a new all in one and to apply the update using this method but it's not ideal. We're using Spanish LA version and never the Japanese. If you need anything else please let me know. Thank you.
  21. Hello guys, The ability to add other type of hashes like SHA256 in order to block them and not only SHA1. Thanks.
  22. Hello guys, Is there any way to migrate from ECA to on-premise ESMC? I think this should apply https://support.eset.com/en/kb6729-certificate-migration-in-eset-security-management-center-7x but I'm not sure as I don't know if it's possible to obtain a copy of ECA's certification authority and agent certificate. Thank you.
  23. Hello guys, I've a friend that has an iPhone running iOS 14.1. Twenty SMS charges sent to telephones located in Taiwan and Germany appeared on his phone account. When checking the messaging application, those 20 messages were indeed sent from the iPhone, however, the user did not send them nor he knows those numbers. Could it have been an SMS Trojan? How to know which application sent these messages? There's one message pointing to 20 numbers. I know that there're many SMS Trojan for Android but for iOS AFAIK it's the first case. The iPhone is not jailbroken. I want to determine which application is responsible for this and thus I can send it to ESET's Laboratory. Thanks.
  24. Hello guys, Thank you for the help. Customer is updating to latest version of EEA and EEI and moving their computers to ECA in order to have maximum visibility. They also know that need to install updates ASAP.
  • Create New...