Jump to content

Nono

Members
  • Content Count

    40
  • Joined

Everything posted by Nono

  1. Thanks Marcos, So, going back to my original question : What could make it works on one computer and not another ?
  2. Is there an "officially supported" way to do this for HIPS rules ?
  3. I'm not sure I fully understand, but I have a working rule which is like : C:\Users\\AppData\Local\Temp\\soft.exe (aka with 2 \\) and still work like a charm. So, I agree this is maybe not "officially" supported, but why it works on SOME machines, but not the others ? Is there a way to check this ?
  4. Hi MArcos, I'm aware that we can't use "*" but "nothing" works on the majority of our endpoint ! Only some aren't working anymore (they use to work before agent/security upgrade).
  5. Hi there, I'm using ESMC / Eset endpoint security version: ESET Security Management Center (Server), Version 7.0 (7.0.451.0) ESET Security Management Center (Web Console), Version 7.0 (7.0.413.0) ESET Management Agent 7.0.577.0 ESET Endpoint Security 7.1.2045.5 When I configure some HIPS rules, I've a strange behavior depending of the endpoint (on same version of either ESET and Windows 10) : Some "generic" rules like C:\Users\\AppData\app.exe works on majority of computer (note the empty folder to replace any users) But some doesn't and need to enter the specific user account (eg. C:\Users\dummyUser\AppData\app.exe) Is there a way to debug/understand why such behavior ?
  6. Yeah, that's right. Actually, on endpoint, on the log files "Event" section, I was able to see that's the error are coming from the HIPS rules (I wasn't even sure, as the popup didn't specify it).
  7. Description : Having more detail about the "invalid data" Detail: Currently, when we apply some "invalid" rules, despite working partially (I guess to "good rules" are working, but not the "invalid" one), we get the notification popup "User rules file contains invalid data". It's not really helpful to locate which entry may be faulty and which one are not. Would that be possible to get a log files stating which rules (name?) is faulty and even better : why ? It would also help to locate which "data" it's referring to. For instance, "User rules" could lead to several subsection into the rules admin panel (Antivirus, Update, Firewall, etc ...)
×
×
  • Create New...