Jump to content

Rémi

Members
  • Posts

    16
  • Joined

  • Last visited

Posts posted by Rémi

  1. I did some more testing, so I have to add that the entire workdevapp.com domain seems blacklisted by eset.

    https://www.virustotal.com/fr/url/cd5a6ae2fa40f7a16aa606e828db50446ded4e333ae09b2480cda80491bc2e31/analysis/

    But that the js file itself does not trigger eset. But it does trigger zonealarm and Kaspersky as an adware.

    https://www.virustotal.com/fr/file/cec906f1fc42b843aaa4aaa12db15767882547e5e247b4e0489f76313b14da45/analysis/1539006038/

  2. Hi,

    one of my customers suddenly had an eset warning when trying to browse her own wordpress-powered website.

    If I test the website on virustotal, there is no detection. But I inspected the source for the home page, and found a series of suspicious urls to a remote js file:

    workdevapp.com/1deb3dd710d8d90c20.js

    This url do trigger eset on virustotal. But only eset, all other antivirus are green...

    How do I know if it's really a virus ?

    Thanks,

    --

    Rémi

  3. Hello,

    I have a new ERA server with latest versions of the server and web console.

    I installed the agent on two client machines, both Win7, and from there deployed Eset Endpoint Security, latest version. Default configuration, no policy applied yet, I'm only «toying» with it to get a grasp.

    During the initial scan, EES discovered a few low level threats (Potentially Unwanted Applications), and says «action selection postponed until scan completion».

    The problem is that the initial scan is now over, and I still cannot find how I could act on those files. I'd like to simply delete them, but there is no way to select any action.

    Can you help ?

    Thanks

  4. Hello,

    I installed a new era server on a linux machine. All went well, the web console is working properly, and I imported a first licence in it.

    For the sake of completeness, I must add that the era server and console are on a vm with a private ip address, but port 2222 is forwarded from my public host to the private server, and ports 80 and 443 are properly handled by an apache reverse proxy. I don't think that this is the source of the problem, but I had to mention it.

    First thing I did was to revoke the default certificates and CA, and create new ones for my company.

    Then I created an all in one installer, installed it on a win7 machine, but that machine never appeared on the web console.

    I then created an agent live installer, uninstalled the agent and security endpoint previously installed, and reinstalled the agent alone, but again it doesn't appear on the console.

    In the agent log, I have an error:

    CAgentSecurityModule [Thread 1208]: No such node (result.strIssuer)

    google tells me that this ought to be a certificate issue, password related, but why ? I chose an «agent» certificate to create the installers, the password is right otherwise the installers are not created...

    Can you help me ?

    Thanks,

    --

    Rémi

  5. using the MySQL repositories could be an option, but it adds a level of complexity to the deployment and management, especially if one uses a configuration management system based on ansible or saltstack. Adding official repository support to an existing infrastructure management system is a lot more involved than just using the integrated tools. Not rocket science, but still one level of complexity that I could do without.

    Furthermore it also adds complexity and uncertainty when one wants to upgrade the system. I know that debian's upgrade system is integrated, tested, mostly works well, and is documented, especially when problems arise. I know I can trust it to do the right thing. OTOH I have no idea how Oracle manages the official repo. Oracle's history track is far from perfect, I know I can't trust them, so I'll have to double check everything. Again, probably not rocket science, but still something I could do without.

    Last but not least: I don't know the details, but there is probably a strong reason why most linux distributions took the expensive decision to switch from mysql to mariadb. It cost them development time, support time, and probably many quirks everywhere since it is not a complete drop in replacement. I'll use mysql if I really have to (actually I'm using it since I installed a jessie vm just for era), but it would be much more comfortable and (and IMO) future proof to switch to mariadb.

    Oh, one last thing: I don't see the odbc connector in the apt repo, is it somewhere else ?

×
×
  • Create New...