-
Posts
27 -
Joined
Everything posted by mathisbilgi
-
Hi All, I have discovered that Ecos does not scan attachments in tar archives that contain a .bat trojan downloader. While I understand it's challenging for Ecos to scan every type of archive, I noticed it also does not submit these for analysis via Liveguard. Consequently, an email with such an attachment was delivered to the user's mailbox without detection. Could we consider enhancing this aspect to improve security?
-
Marcos, you missed the key point. If you upgrade Apache HTTP Proxy, ESET Protect setup has started to clean files under C:\programdata\apache http proxy 2.4.53\cache\ directory. while eset protect setup doing this delete operation, it uses the del command and deletes thousands cache files one by one. So think that there is thousands cache file under C:\programdata\apache http proxy\cache\ folder and think that del command will delete one by one and it will write console output for every file. like this del C:\programdata\apache http proxy 2.4.53\cache\xyz deleted C:\programdata\apache http proxy 2.4.53\cache\xyq deleted It takes massive time. if you haven't heard 1-2 hours installation time, I could send the anydesk record of protect upgrade.
-
ESET Protect setup is deleting apache http proxy cache from disk while upgrading apache http proxy. the problem is that method it uses to delete files is tooo slow. sometimes it takes 1-2 hours to remove files if disk there is iops bottleneck. This situation has been causing pain for 5 years. except this one, eset protect is perfect product.
-
Hello, It seems ESET has becoming detect Dahua Webplugin as PUA. It is very old file and it is detected by only ESET. I would like to know if could be a FP ? If not, could i have information about its PUA behaviour? Thank you The sample is attached. webplugin.exe » NSIS » npPlugin.dll - a variant of Win32/WebPlugin.A potentially unwanted application - retained webplugin.exe » NSIS » webActiveX.exe - a variant of Win32/WebPlugin.A potentially unwanted application - retained webplugin.rar
-
11. Did you get accurate answers to your forum queries for the last year? I don't know why but some forum posts were never answered.
-
ESET PCU function
mathisbilgi replied to John Agics's topic in ESET PROTECT On-prem (Remote Management)
Hi Marcos, Is it possible to distribute Pcu update via Mirror? -
ESET Endpoint 8.1 will not Activate in isolate Network
mathisbilgi replied to kamiran.asia's topic in ESET Endpoint Products
Thank for your reply @labynko. I have activated as you described. Any official fix yet ? -
ESET Endpoint 8.1 will not Activate in isolate Network
mathisbilgi replied to kamiran.asia's topic in ESET Endpoint Products
+1 same isssue. Cannot activate 8.1 with ESET Protect task but endpoint activated locally with offline license. if you need remote connection to inspect problem. please pm me. this topic is posted in 4 july, today is 13 july. still no any official response. i am in amazement -
Hi All, There is a phishing URL coming with a spam email. the url is hxxps://ssde345sdfgyju.ru . I see that ESET Endpoint Security web filter detects the URL as malicious but the spam email that contains the URL classified as Clean by EMSX. Does EMSX not check URL in mail body against blacklist? Is that possible? I have checked common things. EMSX database updated. Livegrid and EDTD is accesible. I have confirmed the email scanned by EMSX.
-
Hi All, Has the retro rule feature been removed from ETI ? If yes, how can I access old data matching the yara rule?
-
Best Practices For Caching Proxy?
mathisbilgi replied to mathisbilgi's topic in ESET PROTECT On-prem (Remote Management)
I think Apache HTTP Proxy is a very clever solution that simplifies the structure in ESMC architecture. But since the first release of ERA 6, the most problematic component has been "Apache HTTP Proxy". It still is. Apache HTTP Proxy causes a lot of problem when you deploy ESET packages. ESMC Agent cannot download properly files via Apache Http Proxy and deployments failing. You should try again and again. It is cannot properly handle EDTD requests when the networks is is large. It is problematic when multiple agents make request for uncached file at the same time. So I would like to know if there is more stable way to use apache http proxy. -
ESET Endpoint Security 8 BETA signup
mathisbilgi replied to Peter Randziak's topic in ESET Beta Products for Business Users
I am waiting your PM -
About Task Trigger Delay
mathisbilgi replied to mathisbilgi's topic in ESET PROTECT On-prem (Remote Management)
when you install with AIO installer. ESET agent installing first then antivirus installation starts. within this time frame, eset agent sending the "unprotected endpoint" information to ESMC. that's why this problem occuring. Dynamic group expression configured with "managed product mask". -
Hi All, How can I be sure that a email arriving in the exchange mailbox has been scanned by EMSX? If your answer is "X-ESET header", second question is "If this tag is missing in the header, does it mean it has not been scanned for sure?" Thank you.
-
Hi All, I need a advice about ESMC Client Task trigger. Could you please help? Scenario: I have created a dynamic group to grouping ESET Clients which hasn't AV. Then assign a AV Installation task with "joined dynamic group" trigger. the problem starts here. Think that a technician installs ESET to an endpoint with AIO installer. First, the AIO installer installs the ESET Agent and the client comes to ESMC and joining mentioned dynamic group(ESET Clients which hasn't AV.). As expected, ESMC triggers the av installation task on client and while this is happening, AIO installer has already installed antivirus. So, av installation task triggered by ESMC install AV again to same client. What can you suggest to avoid this situation? Thank you.
-
Hi All, I have deployed the 7.3 with following command. (there are some reasons why I have deployed with this command. Could this be the cause of the problem?) msiexec -i hxxp://localhttpserver/eea_nt64.msi PRODUCT_LANG=1055 PRODUCT_LANG_CODE=tr-tr SKIP_PENDING_REBOOT_CHECK=1 /qn REBOOT=ReallySuppress /l*xv msi.log Now, I have about 100 clients having missing MSI registry keys. Old version of EEA running properly but It does not appear in the list of installed programs. I have tried run Instfix with -fix MMR parameters but unfortunately gives following error. Before, I copied the appropriate eea_nt64.msi file to %systemroot%\installer directory. Fixing Missing MSI Registry ... Product lookup ... info: Found product: ESET Endpoint Antivirus 7.1.2045.5 fatal error: Failed to locate the Installer package in the MSI cache. InstFix.exe - ESET Installation Fixer 1.5.2.0 Copyright (c) ESET, spol. s r.o. 1992-2018. All rights reserved. Could you please help about this? Example MSI log attached. Password: clean Please note that msi.rar
-
Future changes to ESET Endpoint programs
mathisbilgi replied to Aryeh Goretsky's topic in ESET Endpoint Products
I know the endpoint policy options you have mentioned but what if you upgrade ESET from older version? some important modules do not work without rebooting. Broadcom AV has this feature. Please see screenshot below. https://help.symantec.com/cs/SAEP/SAEP/v128843728_v123284638/Restart-type-and-settings-for-client-installation-packagessepe_client_installation_settings_advanced_restart?locale=EN_US -
Future changes to ESET Endpoint programs
mathisbilgi replied to Aryeh Goretsky's topic in ESET Endpoint Products
Description: System Restart Required Prompt Problem: Endpoint product update process could be challenging since eset product update requires restarting the computer. I have managing a network contains 10000 ESET Clients. After deploying the ESET product update, ESET requires a restart. I cannot force system restart because there is always users actively using their pcs. Some users shutdowns their pcs end of day, some users leaves running for days. Even if the user shutdown pc at end of day, the hybrid sleep or hibernation may be open. Finally, a lot of red ESET clients gives system restart required warning. Solution/Feature: A window like following windows update dialog. The administrator will set a postpone limit, for example up to 5 hours. ESET will prompt system restart window but allow users to postpone. Then It will automatically restart the system when it reaches the postpone limit. The first versions of Deslock I used had this feature.(maybe still have) -
ESMC Web Console Errors
mathisbilgi replied to mathisbilgi's topic in ESET PROTECT On-prem (Remote Management)
Thank you Martin. worked like magic!