FTL

Not ESET related but thought id share with you what we use Its an Exchange Rule as Marcos has said: Apply this rule if: sender is located "Outside the Organisation" Do the following: Prepend the disclaimer and fall back to action Ignore if the disclaimer can't be inserted. <table border=0 cellspacing=0 cellpadding=0 align="left" width="100%"> <tr> <td style="background:#ff0505;padding:5pt 5pt 5pt 5pt"></td> <td width="100%" cellpadding="7px 6px 7px 15px" style="background:#fc5858;padding:5pt 4pt 5pt 12pt;word-wrap:break-word"> <div style="color:#ffffff;"> <span style="color:#fff; font-weight:bold;">Caution:</span> ENTER YOUR MESSAGE HERE </div> </td> </tr> </table> <br> <br> <br /> Mine has colours in but you can amend as you see fit

Not sure as it wont migrate the tags - would be handy if we could create the tags the same on cloud protect that the migration wizard would detect that and auto tag the devices again. When i migrated from on prem to cloud, once machines started talking to cloud protect i deleted them from on prem protect so when devices ended up in L+F which i didnt immediately recognise (our machine naming policy helps me with this) then yes i cross referenced against on prem and did a quick search on that to see where it belonged, but as the machines diminished on prem then it wasnt that much of a ball ache

Makes no sense to want to migrate multiple clinets in 1 go - just causing a headache for yourself. The process is quick enough to not have to worry about doing it customer by customer - you need to manually reassign the policies you have imported anyway. However - I believe if you recreate the folder structure of on-prem in cloud protect and you migrate multiple customers at once then they will end up in the correct place and not L+F - however this is not officially supported so dont expect much sympathy from tech support if it goes belly up.

Hi, ECOS is stripping out emails from one of our suppliers. They have recently rebranded companies and to be fair their domain redirects to some random website - so im guessing this is why its been blacklisted? Is this domain genuinly blacklisted for reasons known to ESET? Thanks URL (prosourceteam.co.uk) found on cloud blacklist

I have run an instant recovery of a physical server from Veeam backup to a VM to do some troubleshooting on it without doing it on the live server, before i repeat the steps on the live server. Now Protect has flagged a question, as the agent on the instant boot from backup obv has the same ID etc as the live server The Instant VM has been killed and the original physical server is the one thats remaining Which option do i choose so the original server entry in Protect is unaffected, as none of them really fit? Thanks

I have an Exchange 2019 to patch this morning, while im rebooting it i may as well update ESMX Its currently got the Dec 2023 CU on it (Server 2019) Running v10.0.10016 ESMX Am i ok to try an upgrade this to the latest v10.1.10014 or is this Azure thing going to bite me? Thanks

Thanks Marcos

Recommended or should i upgrade to v9 and then to v10?

Hi Is it ok to do a direct in place upgrade from v8 to v10 please? Any gotcha's or pitfalls? Cheers

My laptop 5 is still under warranty so when it first happened couple of weeks back it was from a round of surface updates which included said BIOS update that killed it when it rebooted from them. Flashing windows logo on surface is a failed SSD in most cases so whipped it out put a new one in, booted fine so got Microsoft to repair it under warranty assuming it was a failed SSD. They sent it back as fixed - spent all day updating Windows as it come back with W10 21H2 on it, all my apps etc, inc FDE, all was good - then applied surface updates last and bang gone again - assumed dodgy BIOS update again. Back onto MS who sent out an advanced replacement device which i recieved today, thought sod it im going to install Surface updates on it first - all was good so at that point knew today at least it wasnt a dodgy update, installed all apps etc then lastly FDE and bang, dead - found the culprit. Spoke to support and the guy who answered knew straight away what the problem was - I disabled Secure Code and viola was back in and running. Just hope MS Support and service centre dont read this 🙂

In the absense of an official KB article at the mo ill just put it here incase it trips anybody else up and google brings them here. New BIOS update on the Surface (Laptop 5 in my case) with FDE installed turns it into a brick - all you will see is a flashing white Microsoft Logo and it will not boot They have added a new setting into the UEFI bios called Secure Code - you need to turn this off and then your surface device will boot again.

Hi Marcos I use Nginx rather than Apache, both are on the latest stable versions i believe nginx version: nginx/1.24.0 PHP 8.2.11 (cli) (built: Oct 6 2023 09:47:18) (NTS)

So 4 times had this file created and RTS deleted now All on different sites - but they are all up to date for both Wordpress and all plugins Server is up to date too Same pesky IP aswell so thats blocked now but not the answer i know Site 1 95.214.27.5 - - [21/Oct/2023:18:32:22 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 400 11 "-" "Mozilla/6.4 (Windows NT 11.1) Gecko/2010102 Firefox/99.0" Site 2 95.214.27.5 - - [22/Oct/2023:16:25:54 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 400 11 "-" "Mozilla/6.4 (Windows NT 11.1) Gecko/2010102 Firefox/99.0" Site 3 95.214.27.5 - - [24/Oct/2023:22:26:34 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 400 11 "-" "Mozilla/6.4 (Windows NT 11.1) Gecko/2010102 Firefox/99.0" Site 4 95.214.27.5 - - [26/Oct/2023:08:18:28 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 400 11 "-" "Mozilla/6.4 (Windows NT 11.1) Gecko/2010102 Firefox/99.0" How is this PITA managing to continually drop malicious PHP files onto the tmp folder on server? In Depth scan of the server is clean

Huh, I didnt hide it? All i did was mark your answer as the solution

Ah Marcos - you have just rejogged my memory! SSL/TLS filtering is disabled for me as it was interfering with SSL certificates for stuff we were testing internally for our developers once upon a time. Just enabled it and I get same behaviour as the client now - site blocked Its infected then so the web hosting company will just have to do their job