Jump to content

mathisbilgi

Members
  • Posts

    27
  • Joined

Everything posted by mathisbilgi

  1. Hi All, I have discovered that Ecos does not scan attachments in tar archives that contain a .bat trojan downloader. While I understand it's challenging for Ecos to scan every type of archive, I noticed it also does not submit these for analysis via Liveguard. Consequently, an email with such an attachment was delivered to the user's mailbox without detection. Could we consider enhancing this aspect to improve security?
  2. Marcos, you missed the key point. If you upgrade Apache HTTP Proxy, ESET Protect setup has started to clean files under C:\programdata\apache http proxy 2.4.53\cache\ directory. while eset protect setup doing this delete operation, it uses the del command and deletes thousands cache files one by one. So think that there is thousands cache file under C:\programdata\apache http proxy\cache\ folder and think that del command will delete one by one and it will write console output for every file. like this del C:\programdata\apache http proxy 2.4.53\cache\xyz deleted C:\programdata\apache http proxy 2.4.53\cache\xyq deleted It takes massive time. if you haven't heard 1-2 hours installation time, I could send the anydesk record of protect upgrade.
  3. ESET Protect setup is deleting apache http proxy cache from disk while upgrading apache http proxy. the problem is that method it uses to delete files is tooo slow. sometimes it takes 1-2 hours to remove files if disk there is iops bottleneck. This situation has been causing pain for 5 years. except this one, eset protect is perfect product.
  4. Hi All, I see that the uPCU update starts only when update is triggered via egui. the update that triggered via task scheduler, esmc update task, ermm do not start uPCU update, just signature update. All update methods pointing same update profile. Is this a known behaviour? How can I solve it?
  5. @Marcos, I am using EFSW to download mirror. For months, there is no any uPCU files downloaded Mirror folder. Is there anything additional I need to know to download uPCU files over EFSW?
  6. Hello, It seems ESET has becoming detect Dahua Webplugin as PUA. It is very old file and it is detected by only ESET. I would like to know if could be a FP ? If not, could i have information about its PUA behaviour? Thank you The sample is attached. webplugin.exe » NSIS » npPlugin.dll - a variant of Win32/WebPlugin.A potentially unwanted application - retained webplugin.exe » NSIS » webActiveX.exe - a variant of Win32/WebPlugin.A potentially unwanted application - retained webplugin.rar
  7. 11. Did you get accurate answers to your forum queries for the last year? I don't know why but some forum posts were never answered.
  8. I don't understand why this question is not answered. I really need this information and I couldn't find it in the docs. @Marcos please help.
  9. Hi Marcos, Is it possible to distribute Pcu update via Mirror?
  10. Thank for your reply @labynko. I have activated as you described. Any official fix yet ?
  11. +1 same isssue. Cannot activate 8.1 with ESET Protect task but endpoint activated locally with offline license. if you need remote connection to inspect problem. please pm me. this topic is posted in 4 july, today is 13 july. still no any official response. i am in amazement
  12. Hi All, There is a phishing URL coming with a spam email. the url is hxxps://ssde345sdfgyju.ru . I see that ESET Endpoint Security web filter detects the URL as malicious but the spam email that contains the URL classified as Clean by EMSX. Does EMSX not check URL in mail body against blacklist? Is that possible? I have checked common things. EMSX database updated. Livegrid and EDTD is accesible. I have confirmed the email scanned by EMSX.
  13. Hi All, Has the retro rule feature been removed from ETI ? If yes, how can I access old data matching the yara rule?
  14. I think Apache HTTP Proxy is a very clever solution that simplifies the structure in ESMC architecture. But since the first release of ERA 6, the most problematic component has been "Apache HTTP Proxy". It still is. Apache HTTP Proxy causes a lot of problem when you deploy ESET packages. ESMC Agent cannot download properly files via Apache Http Proxy and deployments failing. You should try again and again. It is cannot properly handle EDTD requests when the networks is is large. It is problematic when multiple agents make request for uncached file at the same time. So I would like to know if there is more stable way to use apache http proxy.
  15. Hi All, Could you please tell me which is best method for http caching proxy? Apache or squid on windows? apache or squid on linux? For 10k+ ESET Client.
  16. when you install with AIO installer. ESET agent installing first then antivirus installation starts. within this time frame, eset agent sending the "unprotected endpoint" information to ESMC. that's why this problem occuring. Dynamic group expression configured with "managed product mask".
  17. Hi All, How can I be sure that a email arriving in the exchange mailbox has been scanned by EMSX? If your answer is "X-ESET header", second question is "If this tag is missing in the header, does it mean it has not been scanned for sure?" Thank you.
  18. Hi All, I need a advice about ESMC Client Task trigger. Could you please help? Scenario: I have created a dynamic group to grouping ESET Clients which hasn't AV. Then assign a AV Installation task with "joined dynamic group" trigger. the problem starts here. Think that a technician installs ESET to an endpoint with AIO installer. First, the AIO installer installs the ESET Agent and the client comes to ESMC and joining mentioned dynamic group(ESET Clients which hasn't AV.). As expected, ESMC triggers the av installation task on client and while this is happening, AIO installer has already installed antivirus. So, av installation task triggered by ESMC install AV again to same client. What can you suggest to avoid this situation? Thank you.
  19. Hi All, I have deployed the 7.3 with following command. (there are some reasons why I have deployed with this command. Could this be the cause of the problem?) msiexec -i hxxp://localhttpserver/eea_nt64.msi PRODUCT_LANG=1055 PRODUCT_LANG_CODE=tr-tr SKIP_PENDING_REBOOT_CHECK=1 /qn REBOOT=ReallySuppress /l*xv msi.log Now, I have about 100 clients having missing MSI registry keys. Old version of EEA running properly but It does not appear in the list of installed programs. I have tried run Instfix with -fix MMR parameters but unfortunately gives following error. Before, I copied the appropriate eea_nt64.msi file to %systemroot%\installer directory. Fixing Missing MSI Registry ... Product lookup ... info: Found product: ESET Endpoint Antivirus 7.1.2045.5 fatal error: Failed to locate the Installer package in the MSI cache. InstFix.exe - ESET Installation Fixer 1.5.2.0 Copyright (c) ESET, spol. s r.o. 1992-2018. All rights reserved. Could you please help about this? Example MSI log attached. Password: clean Please note that msi.rar
  20. I know the endpoint policy options you have mentioned but what if you upgrade ESET from older version? some important modules do not work without rebooting. Broadcom AV has this feature. Please see screenshot below. https://help.symantec.com/cs/SAEP/SAEP/v128843728_v123284638/Restart-type-and-settings-for-client-installation-packagessepe_client_installation_settings_advanced_restart?locale=EN_US
  21. Description: System Restart Required Prompt Problem: Endpoint product update process could be challenging since eset product update requires restarting the computer. I have managing a network contains 10000 ESET Clients. After deploying the ESET product update, ESET requires a restart. I cannot force system restart because there is always users actively using their pcs. Some users shutdowns their pcs end of day, some users leaves running for days. Even if the user shutdown pc at end of day, the hybrid sleep or hibernation may be open. Finally, a lot of red ESET clients gives system restart required warning. Solution/Feature: A window like following windows update dialog. The administrator will set a postpone limit, for example up to 5 hours. ESET will prompt system restart window but allow users to postpone. Then It will automatically restart the system when it reaches the postpone limit. The first versions of Deslock I used had this feature.(maybe still have)
  22. Hi all, My customer has 10,000 device(windows client and windows servers) managed by ESMC. Each device fetch updates from single Apache Http Proxy. However, Apache Http Proxy downloads 80 GB from eset update servers per day. Is there a recommendation for apache config? or anyting else? Thank you
×
×
  • Create New...