cmit
-
Posts
92 -
Joined
-
Last visited
Posts posted by cmit
-
-
On 4/10/2018 at 9:56 PM, Marcos said:
Honestly, I can conceive how this should work. Imagine that some computers may be offline, on some scans may take very long, etc. so the question is how long would be long enough for ERA to wait before a report is sent even if scans were not completed. Also I'm not sure how possible threats from particular scans could be correlated to particular reports from technical point of view.
Could you please simplify your answer?
I just need to know: Does the current ERA v6 have a solution for this?
My scheduled scan is Smart Scan (not In-Depth), which I believe should take too long to complete all computers. If there are some computers (i.e. laptops) offline during the scan, the scheduled scan should just skip the offline computers and if found any threat(s) on scanned online computers, it will combine all threats notifications into one email. -
Is there a way for scheduled scan to quarantine any types of threats (including potentially unsafe/unwanted files) during a scheduled scan? Thanks.
-
I have a scheduled scan setup in one of my policies in ERA to scan all computer computers at nights.
Is there a way in ERA to setup an email notification that every time the scheduled scan is complete, ERA would send me just one email that details all the threats the scan finds?I checked this thread (https://support.eset.com/kb3629/) but it seems to only have an option to setup:
- Number of Ticks to Aggregate
- Triggered every no. of occurrences
But no option to group all "ticks" of the scheduled scan to just one report .Right now, we are receiving one email per threat (including potentially threat). And it becomes too many emails if the scheduled scan found 20+ 30+ threats per day.
Any suggestions? Thanks.
-
4 hours ago, Marcos said:
In order to automatically clean any PUA that is found, set cleaning mode to Strict cleaning in the on-demand scanner profile that is used for a scan, in this case "in-depth scan" profile.
If you don't want to take any action, run a scan in scan-only mode, ie. without cleaning.
In the case of my scheduled scan, did you mean I would need to disable the 'scan with cleaning' in the 'Task Detail' of my 2nd screenshot, and that's it?
-
I have scheduled in-depth scan running on all computers nightly. I want to make sure that if found 'potentially unsafe application' during the scan, the scan should not popup any warning asking to 'Clean', 'Delete', or 'No Action', and should "ignore" the found threat and continue finishing the scan. I don't want end-users to see any warning nor any popup cause they would get scared.
And I want if the scan found possible threat, ESET ERA should email me then i will check the logs later.I have already disabled the 'Display alerts' and disabled the 'Display notifications on desktop' these two features. But, the warning of 'potentially unsafe application' still pops up and just pause there without continuing scanning.
How do I make sure the scan automatically takes 'No Action' and continue the scan until complete?
Attached screenshots of my setting. Did I miss something?
-
49 minutes ago, Marcos said:
We are going to introduce ESET Enterprise Inspector (EEI) this year which is an EDR solution for monitoring the network for suspicious activities and responding to them accordingly. EEI will be interconnected with ESCM (ERAv7).
Will this EEI have something that shows visualization (not just list of tables) of how a virus/malware/ransomware comes through?
i.e. ComputerName -> explorer.exe -> iexplorer.exe -> cryptowall_xxx.exe -> explorer.exehttps://www.carbonblack.com/products/cb-defense/
-
Currently using ESET and got chance to see demo from Carbon Black.
Can ERA also have a feature to visualize the attack kill chain so can always know root cause and the scope of the attack? Not just blocking all types of attacks but also provide full visibility into the source and nature of each attach.
Thanks.
-
When our ESET ERA was in v5, the database name was called 'ESET' in our SQLEXPRESS instance (in SQL Server11.0.2100). This instance has other databases running.
After our ERA was upgraded to v6, the new database was created 'era_db' in another SQL Server instance call ERASQL (in SQL Server 12.0.2000). This instance only has only one database running (era_db).
So we have two SQL Server instances running in the same server, which takes up unnecessary CPU.
Questions:
1. Is the ESET database in my SQLEXPRESS still in use or can I take it ofline? (the last eventlog date was the date i upgraded my ERA from v5 to v6)
2. Is there a proper way to move the era_db database from the ERASQL instance to the SQLEXPRESS instance?
From this help link (https://help.eset.com/era_install/65/en-US/index.html?db_migration_sql.htm), if I understood correctly, this is not doable because the era_db cannot be moved to another instance that's lower version?
If not doable, that means I would probably need to move all other databases from the SQLEXPRESS instance (v11.0.2100) to the newer instance (ERASQL, v12.0.2000) in order to let my server only need to run one instance?
Thanks. -
Thanks for the recommendation. May I know?:
"proper exclusion rules" - Do you have example?"disable parts of the application" - Which application? the ERA Server? Did you mean for example using policy to disable something like HIPS, anti-phishing protection, etc one at a time?
-
Our resources monitor / performance tool for SQL Server indicating ESET ERA taking too much cpu on our live SQL Server. Is there a proper way to investigate this? or any right solution we can do something about it?
Our ESET ERA and its database (SQL Server) are on the same server. -
15 minutes ago, Marcos said:
There should be no need to start Windows in safe mode.
First of all, please check if you have a license file license.lf downloaded in C:\ProgramData\ESET\ESET Security\License. Then check the version of the Congiguration module used by ERA Agent C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat. If you view the file, you should have version 1526.10 installed (released for general public on Jan 25). If these two conditions are fulfilled, simply rebooting the machine should make things work.
Please let us know about your findings.
Again, doesn't matter what the issues are. This is only talking about If it's been concluded that the only solution left is to run the uninstaller in Safe Mode before reinstalling, it is necessary to create a solution to build an uninstaller that doesn't require to be run in Safe Mode.
-
On 2/1/2018 at 11:24 AM, MichalJ said:
If your machines were affected before 6.6.2072.0 was released, you will have to uninstall the client, and install the new one afterwards. New version is not able to "repair" what was already broken.
By 'uninstall the client' do you mean have to restart to 'Safe Mode with Networking' -> then run the uninstaller? Again, ESET developers have to come up with a right solution to create an uninstaller that doesn't require to run it in Safe Mode.
-
On 1/10/2018 at 11:19 PM, Marcos said:
If upgrade fails, the installer rolls back to the last installed version. A computer restart is necessary to complete upgrade since running new kernel with old drivers for a longer time can cause various issues.
I understand it's necessary to restart computer after the upgrade.
Regarding the ESET uninstallation and reinstallation, it is ESET developers' responsibility to come up with a right solution to remove the need of having to restart computer to 'Safe Mode with Networking'. Restarting to Safe Mode properly can only be done manually for domain computers. With many business workstations (especially remote computers) to manage, the need to manually restart to Safe Mode is unacceptable. If there's no solution for this, it may be time to look for another antivirus alternative before wasting more time.
-
Is there a way to automatically upgrade the EndPoint whenever there's a newer/latest version comes out? (like the way to set to automatically update Windows then restart the computer, or install the Windows update first then decide when to manually restart the computer)
For businesses with many workstations, having to manually select which group of workstations to schedule the push of install task of newer EndPoint version doesn't quite make sense. -
so the simplest solution that would guarantee 100% resolving this troublesome issue is to restart the Windows to Safe Mode with Networking, run the uninstaller to uninstall the ESET product (not the Agent), restart the Windows to normal mode, then install the ESET again. Is that correct?
-
ESET Support,
Could you create a solution that can uninstall or upgrade ESET WITHOUT having to RESTART the computer?
If the upgrade failed or a re-installation is necessary, having to restart to safe mode then run the uninstallation tool is simply not an option for many ESET customers.
How to auto quarantine (not delete) threat after scheduled scan?
in ESET PROTECT On-prem (Remote Management)
Posted
"always quarantined"? or does that depend on if the Cleaning Level is 'Strict cleaning' or 'Normal cleaning'?
Or does it depend on if the threat is "affected"?
I was using Eicar (testing virus) and the ESET deleted the files (not quarantine).
Which setting did I not configure properly?