Lockbits
-
Posts
137 -
Joined
-
Days Won
1
Posts posted by Lockbits
-
-
Hi guys,
Is it possible to add IoC to ECOS like addresses? For example, if CSIRT tell us that X address is being used as phishing, can you add the URL to a list so if ECOS detect the address the email is quarantined?
If not, it's a good suggestion to a wish list.
Thank you.
-
Hi guys,
We've a customer with this problem. They're using cloud version.
It happens only in one computer. We tried creating a new installer from cloud with same result.
Do you know how can we fix this?
Regards.
-
Hi guys,
One customer is trying to block web sites using web control in macOS and EES 6.X.
To be able to block some social networks we added port 443 to HTTP protocol scanning and it worked. Is there any problem adding 443 port to this list?
I mean this:
In the other hand, we successfully blocked Twitter and TikTok but Facebook and Instagram were impossible to block. Can this issue be related with browser and cache?
Thank you.
-
Hello guys,
I’m posting because I installed EFDE in my new ARM MBP and it’s full of alerts regarding encryption.
When I installed EFDE the SSD was already encrypted by FileVault. AFAIK EFDE in macOS only manages native encryption in contrast with Windows where ESET has its own encryption technology that replaces BitLocker.
Is this a bug? Because if FileVault is already enabled when EFDE is installed, why it’s not informing that all is OK regarding encryption? How can I resolve those alerts?
This also happens in some of our customers that use macOS.
Thank you, guys.
-
Hi guys,
It's possible to connect about 50 computers without internet access to EPC using ESET Bridge installed in one PC of the network that have internet connection?
Thank you.
-
Hello guys,
Where can I disable this alert?
I can't found this status in EPC policy:
Thank you.
-
Hello guys,
We've a customer that needs to deploy at least 1000 agents and endpoints remotely in macOS environment.
They're using an MDM called Kandji and we want to know if someone from ESET or any person of this forum have experience with Kandji and remote deployment of ESET.
In Kandji's KB I found instructions for another AV but not ESET.
Thank you.
-
Just now, Lockbits said:
Hi,
Yes, that data is what we're looking for, however for audit purpose it's important to be able to export information and also apply some filter to pinpoint particular users.
Can you add these features to the request list? Maybe a report template considering this data is useful in the Reporting section.
Thank you.
I forgot to mention that this customer also asked for MFA to the users that have access to ESET Endpoint Encryption Server console and AFAIK it's not possible. Is this feature in the roadmap?
Thank you.
-
37 minutes ago, Kstainton said:
Hi @Lockbits,
However, to add to this, I wonder if the Category 'Console Authentication Event' within the EEE Server->Control Panel->Organization->Events would help do what you are looking for, it logs EEE Server Logins as well as which user it was?
Just click 'Filter' and select 'Console Authentication Event' under Categories.
Thank you,
Kieran
Hi,
Yes, that data is what we're looking for, however for audit purpose it's important to be able to export information and also apply some filter to pinpoint particular users.
Can you add these features to the request list? Maybe a report template considering this data is useful in the Reporting section.
Thank you.
-
14 minutes ago, Kstainton said:
Hi @Lockbits,
It seems that this is a feature being worked on for a future release of the EEE Server. It shouldn't be showing under the Events->Filter->Categories Drop Down box at this time and I thank you for bringing this to our attention. We shall rectify this in a future release of the EEE Server.
Thank you,
Kieran
Hi,
Thank you for the reply.
Do you know when approximately it’s going to be added? I ask because our customer is a company ISO 27001 certified and they need this login audit feature.Regards.
-
Hello guys,
How can I see a login audit in ESET Endpoint Encryption Server?
It's empty and it's impossible:
Is there anything I'm missing?
Thank you.
-
On 12/28/2022 at 10:39 AM, Marcos said:
A gradual roll-out of EI Cloud 9.1 has been done in a few waves: on 22nd and 23rd of December, 2nd and 3rd of January 2023.
Hi Marcos,
Is there any new ETA for deployment? I still see 1.8 in some cloud instances.
-
Hello guys,
Some days ago I saw a message that cloud instances are going to be upgraded to console version 1.9. Indeed agent is at 1.9 version but we have two cloud instances and in both they're still at 1.8.
When this upgrade is going to be applied to all instances?
Thank you.
-
5 hours ago, emilota said:
Hello @Lockbits,
In EPC, you can use the Rename Computers task to rename computers to FQDN.
In EBA, you can change the seat name but not the device name (name of the device as viewed by the installed operating system). Device name is not FQDN.
Could you please explain, why it is important for you to have FQDN in EBA as well as update of FQDN?
Greetings.
Hi emilota,
It's a request of three customer we have. They change FQDN and also computer name and want to see this change in EBA and not only in EPC.
Thank you.
-
Hello guys,
Is it possible to run a task to update FQDN registered in EBA. I know it's possible in EPC but not sure about EBA.
Thank you.
-
21 hours ago, vanroy said:
Hello,
How have you resolved this?
"Detected by ESET Endpoint Security product" alerts
best.
Hi,
You can change this behavior in EP. You can modify the policy of web control in EP and regarding the category or URL you're blocking, set the severity to always:
-
Hello guys,
We want to upgrade EI MySQL instance from 5.7 to 8.
I ran the command util.checkForServerUpgrade and no critical errors were found, only some warnings.
Do you know if I upgrade the instance if there's going to be some issue with EI?
Thank you.
-
Hello guys,
We are having problems installing Elastic Search in the same server were ESA is installed. We installed the Java SE Development Kit 8u321 and defined the PATH variable but installation still fails.
Do you have any clue regarding this issue? It's mandatory to have reports from ESA.
Thanks.
-
Hello guys,
We're experiencing a similar issue with one of our customers that is using EEI and we had created a lot of exclusions and some of them aren't working, for example, this:
We tried to create this exclusion several times without success and we also changed the variables and everyday the same alert appears. This started from latest version 1.6.1764.
-
Hi community.
Is it possible to deploy the installation of specific windows updates, using an ESET Protect task? is to install necessary updates to use ESET 9 in Windows 7.
It is necessary to install only those KB since there are locations with a limited internet connection.
Regards,
-
On 11/21/2021 at 4:47 AM, Nightowl said:
Hello,
https://www.virustotal.com/gui/file/faa55ba4b50f6eebbbaddf029f97e0324fd9dc1d606fed18935d999460dfd361?nocache=1
https://www.virustotal.com/gui/file/57b485a86929cca59150579b362ac8812a67a3e464a7663a5d3d39d4cdf1e0e9?nocache=1
https://www.virustotal.com/gui/file/c960dd553a71f676a30c93a5f6f3aa6a6363cff6547aa1bd07e2d53c1fd240cb?nocache=1Those are PUP for some application that is called ChronoSpeedUp or PCAcceleratePro , even if you uninstall it , it will come back from AutoRun after restart, need to be disabled from AutoRun also
Not detected by ESET , had to clean it manually.
And unfortunately I don't have the files anymore as I've deleted them , PC was scanned with Online Scanner as ESET isn't running on it.
I know I have to send to samples email , but I don't have the sample anymore.
Fortinet helped catch it because it blocked all it's traffic from Web Filter as Malicious Websites
Those are them
Two of these samples are detected by ESET as "a variant of Win32/Adware.PCAcceleratePro.T.gen application".
-
Hello guys,
We've two customers that are facing the same issue with EEI. In Chile we changed the hour to summer but this change was made in September so I'm not sure if it's related or not but I remember that some time ago we reported a bug that was resolved in 1.5 and that time change was the cause.
The message we are getting now is this:
2021-11-05
started: 00:00, duration: 1 minerror: Database cleanup failed on the following SQL error: Sql error 1292. 22007 Incorrect datetime value: '2021-09-05 00:00:00' for column 'l_first_partition_until' at row 1. Failing statement: 'CALL procOnRotateEvent( UTC_TIMESTAMP(), ?, ?, ?, ?, ?)'
They're using 1.6.1755 and not all cleanup task fails, only some. And server has at least 100 GB of space.
Details:
EEI 1.6.1755 running in Server 2016 Standard.
MySQL 5.7.35 running in the same server as EEI.
Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz x8 | 24 GB RAM | At least 100 GB available on HDD.
Thank you.
-
Hello guys,
We've some customers with legacy OS like Server 2003, 2008 and so on. Unfortunately it's not possible at this time to migrate them to a newer OS so it's not a solution.
We know that it's impossible to use Agent 8.1 on those machines but we also know that older agents like 7.X works with legacy OS and also EP Cloud.
Is it possible to get host name from a machine that is currently connecting to cloud from status.html log and use that data to manually install an older agent version?
For example, use XXXXXXXXXXXXXXXXXXXX.a.ecaserver.eset.com and EBA admin account when installing older agent version.
PS: we migrated a legacy 2003 server with agent 7.2 to cloud from an on-premise instance and it works like a charm. This question is for a server that is not connecting to on-premise so this path is not possible.
Thanks.
-
On 9/14/2021 at 11:26 AM, Marcos said:
The fix won't be included in the upcoming Endpoint 8.1 service release yet, however, we will be able to provide you with a fixed dll. Also we should be able to provide you with newer installers that you could install via a software install task to upgrade existing clients. However, this version will not undergo QA tests and we'll be able to test it just briefly before giving it out to particular users. A drawback of using an unofficial version is that it cannot be upgraded via the so-called uPCU in the future and you will need to use a software install task. The fix will be included in Endpoint v9 available later this year as well as in possible futrther service release of Endpoint v8.1 that may be released after v9 too.
Hi Marcos, can you share with us this fix? We've a customer with sync issues and even disabling Outlook integration doesn't work. Outlook is stuck at updating mailboxes.
Thanks.
Inspect for Windows ARM
in ESET Inspect
Posted
Hi guys,
Is there any estimate of when ESET Inspect is going to be compatible with Windows 11 ARM?
Regards,