Jump to content

carmik

Members
  • Posts

    206
  • Joined

  • Last visited

Everything posted by carmik

  1. I'm running ESET Protect on-premises for some years now. The server is a VA, updated to the latest version over time. Over the last months I'm having the exact same problem as described in the following thread (unfortunately closed). Studying the thread, I can see that our Apache version is probably affected: # httpd -v Server version: Apache/2.4.6 (CentOS) How can we upgrade apache alone, without breaking the VA?
  2. (bump) Anyone from ESET care to discuss this?
  3. Using an ESET VA for years now. We've got a x.y.64.0/22 private address reserved for our clients, with the gateway residing on x.y.64.1. Obviously, the range of this network is x.y.64.0 - x.y.67.255. We've got a rule Network gateways . IP gateway ≠ (not equal) x.y.64.1 and a dynamic group based on it. Still, we see some (not all) systems in this dynamic group having ip addresses like x.y.65.z, x.y.66.z, x.y.67.z, for which we have confirmed that the gateway is x.y.64.1 and, hence, should not appear in this dynamic group. We presume that the rule actually somehow involves an assumption for a /24 mask (which is not the case here) which explains why there are no systems having addresses like x.y.64.z. We reported the issue to the local ESET distributor, insisting to file this as a bug, but only mitigations have been provided (ie specify subnets, instead of the gateway address). This is a very low priority issue for us, so we have not taken any mitigating actions, but we'd appreciate if you investigated this issue and, possibly, fixed it in a future version.
  4. Addendum: reporting the issue to the organization IT HQ did not help a lot. I've been asked to insert the ESET root certificate via the MMC and not using the installer. Two things: 1) where can I get the certificate itself to try that out? 2) I presume that the installer simply calls a cert management command to get the job done, which is not contrary to Microsoft recommendations, correct? In other words, can someone from ESET verify that the certification installation is done per MS guidelines? Even better, by which way (I'm definitely going to be asked about that).
  5. I'm working as the IT responsible for an organization in a large WAN. ESET endpoint security is installed and TLS filtering is enabled mainly to scan secure HTTP/POP-3 traffic. Things worked just fine, until some changes in the WAN infrastructure took place. Specifically, the WAN traffic is now intercepted and scanned for malware/DLP. In order for that to be done, the IT department handling centrally the WAN has provided a root CA to be installed on all client systems, in order for them to be able to access the internet. We've installed that with a group policy and most of the time things just work as they did: if I try to see the certificate of a page, I'm informed that the root certficate is the ESET one. However, now on occasion trying to access a page throws a certificate error in the browser. Doing a refresh seems to work just fine. Additionally, some site utilizing templatres/code from other sites behave in a funny way: for example JS code does not seem to be working. Finally, we've seen a case where the same https site shows not only the ESET cert, but also a Digicom one or the cert corresponding to the central WAN. I'm figuring here that there are two certificates trying to prevail which one is going to do MITM decryption. Are the above mentioned issues expected in a setup like ours?
  6. (bump) I should add that almost all of my (Windows) endpoints are at versions 9.1.2600.0/9.1.2603.0.
  7. This is related to the following thread, posted half a year ago: .. in which it was mentioned that "... regarding security products, auto-updates are not enabled yet to my (@MartinK) knowledge, as there has been an hotfix release very recently to target issues that prevented global deployment. I've been encountering a similar situation. Server has been at the latest version for some time now. Agents have been gradually been automatically updated to 10.x, but not the security products themselves. Is the auto-update issue regarding security products still unsolved?
  8. I'm feeling I'm running around hoops here, this should be an easy and fast procedure, regardless of where you've purchased the software. I'm frankly considering switching to the either the free Bitdefender or the equivalent product to NOD32 (ie no internet security/total security bloat). Thanks for your help though mate, you really tried to help me out here.
  9. I did not say I was unable to login. I said that I am unable to get an upgrade quote. On PC after logging in there was a button under the right part of the page, close to the auto renewal button. Pressing that threw the error in my previous post. Edit: I'd paste a screenshot from my mobile, but I receive an error when trying to login.
  10. Thank you for doing that. Unfortunately, I'm still not offered an upgrade quote, citing the fact that I've bought the license from a partner yada yada yada...
  11. I'm using a spam-ready email address for forums and such ID: 3AS-H4H-PWN
  12. Under which category in web control do windows updates fall?
  13. Yep, that did the trick! EDIT: Come to think of it, this a solution to a different problem. Ie having a block all web policy and nothing else (either no allow pages or a very small number). @Marcos's response is more on par with the OP problem. EDIT2: Approach seems to be blocking windows upates. Dang!
  14. Just got time to re-visit this. Before going on I've stumbled into a passage of text in https://help.eset.com/ees/9/en-US/idh_page_setting_parental.html stating that: [quote]In case you want to block all webpages and leave only certain available, use URL address management.[/quote] The answer is in https://help.eset.com/ees/9/en-US/idh_config_epfw_scan_http_address_list.html and I must say this is an elegant one (but rather hidden in an obscure place). Will try it and get back.
  15. Apart from my job function where I am the admin for around 160 endpoint security licenses with liveguard (out of the 2000 for the entire organization) I'm personally been buying eset for my family systems. Mostly 5-user/1yr Internet Security licenses, bought from Amazon.de https://www.amazon.de/-/en/dp/B07H5XLB29/ref=dsvrt_myd_asin_block The price of the package has become ludicrous to be honest, rising to around 50 euros for the package, considering I used to be able to buy it at 28-33 euros tops... Buying from reputable sources is a must, considering the scams that are ongoing (ebay etc). So I've been trying to find better prices. Even though I'm buying licenses from the German ebay, I'm using them in Greece. I tried to get a quote for a renewal, after visiting the relevant Greek ESET page at https://shop.esetgr.com/renew/?lang=el and received the following message (translated from Greek): "Incorrect data. Please try again. The information you entered does not match a license. Please go back to the previous step and check the details of the license you have entered." IIRC I had contacted the Greek support for the license and they told me that they could not "see" it. Do note that the license is happily entered on my.eset.com. Trying to ask for a renewal for the same license on the German ESET renewal page at https://buy.eset.com/de/cart/login I received a (translated) "partners mismatch dialog content" countdown from 5 to 0 and then the same again from the start. How the heck am I supposed to be able to find where I should ask for a quote? Are there other mechanisms in place?
  16. Can't make this step happen, that's the problem. I've created a single rule (which is a block-all one) like this one: ΅What am I missing?
  17. On our Endpoint Security 9.1 clients we wish to have all outbound web traffic blocked by default, with only certain URLs/groups allows. How can I implement a default block-all rule in web control?
  18. My apologies, missed this part. Does this mean that security updates are auto-updateable at this point?
  19. Hello again, something's definitely off. More than 2 weeks have passed since our discussion. During that interval I've seen that agent installations seem to have auto-updated, whereas the actual endpoint software did not. Up to yesterday, all 120 endpoint installations that were in the waiting state remained there (with the exception of some manual updates that I did). Today, all these installations changed state to legacy suddenly. Which would be the next steps to find a solution? PS: For the record, our Eset protect server resides in a network DMZ. The eset protect server is disallowed from reaching our LAN clients. Only our clients can contact it, on ports http/https/ssh/2222 and 2223/8080/3128. I'm stating this in case the update mechanism uses a server push (which won't work) instead of a client push. Even though I believe that everything is handled by communication initiated by the agent, which should work at all times.
×
×
  • Create New...