Jump to content


  • Posts

  • Joined

  • Last visited

About Rémi

  • Rank

Profile Information

  • Location
  1. I did some more testing, so I have to add that the entire workdevapp.com domain seems blacklisted by eset. https://www.virustotal.com/fr/url/cd5a6ae2fa40f7a16aa606e828db50446ded4e333ae09b2480cda80491bc2e31/analysis/ But that the js file itself does not trigger eset. But it does trigger zonealarm and Kaspersky as an adware. https://www.virustotal.com/fr/file/cec906f1fc42b843aaa4aaa12db15767882547e5e247b4e0489f76313b14da45/analysis/1539006038/
  2. Hi, one of my customers suddenly had an eset warning when trying to browse her own wordpress-powered website. If I test the website on virustotal, there is no detection. But I inspected the source for the home page, and found a series of suspicious urls to a remote js file: workdevapp.com/1deb3dd710d8d90c20.js This url do trigger eset on virustotal. But only eset, all other antivirus are green... How do I know if it's really a virus ? Thanks, -- Rémi
  3. what is the use for the «agent certificate for server assisted installation» ?
  4. you mean that I can't clean those files without doing a complete new scan of the machine ??? There is no way to target specific files ?
  5. yep, that's where I see the threats. But I can only see the details of those detections, not act on them.
  6. Hi, is there an official channel to report such bugs or is the forum enough ?
  7. Hello, I have a new ERA server with latest versions of the server and web console. I installed the agent on two client machines, both Win7, and from there deployed Eset Endpoint Security, latest version. Default configuration, no policy applied yet, I'm only «toying» with it to get a grasp. During the initial scan, EES discovered a few low level threats (Potentially Unwanted Applications), and says «action selection postponed until scan completion». The problem is that the initial scan is now over, and I still cannot find how I could act on those files. I'd like to simply delete them, but there is no way to select any action. Can you help ? Thanks
  8. urgh, I can't believe it, but the agent has problems with strong passwords: I created a test agent certificate with a weak password (only letters and numbers), and there it works !!! my previous password had a ], a ", and the last char was a ?. Amazingly, one of these poses problems, even though ERA let's me use it.
  9. question: I use an automated password generator and copy/paste them, so my passwords are strong and very random. Could it be a problem with some characters in the password ? For example the last character is a '?'. Could that be a problem ?
  10. ok found it. I exported the agent certificate, the CA key, copy pasted the certificate password, and launched a repair. Same problem. Then I completely uninstalled the agent, rebooted, relaunched the install in offline mode, same certificate, key, and password, and same result :-(
  11. no there was no policy applied in installer. In era I can only create an all in one, or agent live installer. I can download the agent installer from the eset website, but how do I apply the right certificate in that one ?
  12. And to be completely complete, here are the installed versions :-) ESET Remote Administrator (Server), Version 6.5 (6.5.417.0) ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)
  13. Hello, I installed a new era server on a linux machine. All went well, the web console is working properly, and I imported a first licence in it. For the sake of completeness, I must add that the era server and console are on a vm with a private ip address, but port 2222 is forwarded from my public host to the private server, and ports 80 and 443 are properly handled by an apache reverse proxy. I don't think that this is the source of the problem, but I had to mention it. First thing I did was to revoke the default certificates and CA, and create new ones for my company. Then I created an all in one installer, installed it on a win7 machine, but that machine never appeared on the web console. I then created an agent live installer, uninstalled the agent and security endpoint previously installed, and reinstalled the agent alone, but again it doesn't appear on the console. In the agent log, I have an error: CAgentSecurityModule [Thread 1208]: No such node (result.strIssuer) google tells me that this ought to be a certificate issue, password related, but why ? I chose an «agent» certificate to create the installers, the password is right otherwise the installers are not created... Can you help me ? Thanks, -- Rémi
  14. using the MySQL repositories could be an option, but it adds a level of complexity to the deployment and management, especially if one uses a configuration management system based on ansible or saltstack. Adding official repository support to an existing infrastructure management system is a lot more involved than just using the integrated tools. Not rocket science, but still one level of complexity that I could do without. Furthermore it also adds complexity and uncertainty when one wants to upgrade the system. I know that debian's upgrade system is integrated, tested, mostly works well, and is documented, especially when problems arise. I know I can trust it to do the right thing. OTOH I have no idea how Oracle manages the official repo. Oracle's history track is far from perfect, I know I can't trust them, so I'll have to double check everything. Again, probably not rocket science, but still something I could do without. Last but not least: I don't know the details, but there is probably a strong reason why most linux distributions took the expensive decision to switch from mysql to mariadb. It cost them development time, support time, and probably many quirks everywhere since it is not a complete drop in replacement. I'll use mysql if I really have to (actually I'm using it since I installed a jessie vm just for era), but it would be much more comfortable and (and IMO) future proof to switch to mariadb. Oh, one last thing: I don't see the odbc connector in the apt repo, is it somewhere else ?
  15. @MichalJ This unfortunately makes the install a lot more convoluted on any recent linux server... For example it's only possible to install it on debian oldstable (jessie), not on current or future stable... And debian is definitely not a fast mover, so the situation is probably worse elsewhere. Thanks anyway for your answer.
  • Create New...