Jump to content

Nono

Members
  • Content Count

    48
  • Joined

Profile Information

  • Location
    Switzerland

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. What's your suggestion then ? What should I tick on ESET Log Collector to give you the information ?
  2. One of my collegue have a "buggy" Detections section on the logs files section of ESET Endpoint Security (7.2.2055.0) : I don't have the same behavior. On the ESMC, I can see his detection fine, so it seems to be only a "display" issue.
  3. Thanks @MartinK, Could you then confirm it will always have the same pattern (for regex style whitelisting) ? C:\Windows\Temp\ra-run-command-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.bat where the X are following the pattern: group of 8, group of 4, group of 4, group of 4, group of 12 letters/digits ?
  4. Hi there, We're using ESMC (previously ERA from version 6.x or so), recently updated to : ESET Security Management Center (Server), Version 7.1 (7.1.503.0) ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0) and our client to : ESET Management Agent 7.1.717.0 ESET Endpoint Security 7.2.2055.0 It seems that since this update, the task "Run Command" is executing a file C:\Windows\Temp\ra-run-command-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.bat where the hash is not always the same (as per the random "xxx" part of the name I guess). As we have a Application whitelisting software aside ESET to block unkown hash/file, would it be possible to keep the same file as previously (ra-run-command.bat) without the random part in the name ?
  5. Yeah, that's right. Actually, on endpoint, on the log files "Event" section, I was able to see that's the error are coming from the HIPS rules (I wasn't even sure, as the popup didn't specify it).
  6. Description : Having more detail about the "invalid data" Detail: Currently, when we apply some "invalid" rules, despite working partially (I guess to "good rules" are working, but not the "invalid" one), we get the notification popup "User rules file contains invalid data". It's not really helpful to locate which entry may be faulty and which one are not. Would that be possible to get a log files stating which rules (name?) is faulty and even better : why ? It would also help to locate which "data" it's referring to. For instance, "User rules" could lead to several subsection into the rules admin panel (Antivirus, Update, Firewall, etc ...)
×
×
  • Create New...