FTL
-
Posts
66 -
Joined
-
Last visited
Kudos
-
FTL gave kudos to Marcos in Exclude AV scan of drive letters only on certain servers
You will need to put the servers to different static groups and apply different policies with exclusions.
-
FTL received kudos from syselek in inserting "External sender - be CAUTIOUS, particularly with links and attachments" into mailbody of every external inbound email
Not ESET related but thought id share with you what we use
Its an Exchange Rule as Marcos has said:
Apply this rule if: sender is located "Outside the Organisation"
Do the following: Prepend the disclaimer
and fall back to action Ignore if the disclaimer can't be inserted.
<table border=0 cellspacing=0 cellpadding=0 align="left" width="100%"> <tr> <td style="background:#ff0505;padding:5pt 5pt 5pt 5pt"></td> <td width="100%" cellpadding="7px 6px 7px 15px" style="background:#fc5858;padding:5pt 4pt 5pt 12pt;word-wrap:break-word"> <div style="color:#ffffff;"> <span style="color:#fff; font-weight:bold;">Caution:</span> ENTER YOUR MESSAGE HERE </div> </td> </tr> </table> <br> <br> <br /> Mine has colours in but you can amend as you see fit
-
FTL gave kudos to Gregecslo in Malicious file PHP/TrojanDownloader.Agent.CZ was detected
If somebody does POST request with malicious file inside POST request PHP will process it (execution is done in PHP TMP folder) and that is where detection comes from.
This also happens to me on server where nothing is installed but apache + php...
Deleted ESET, SAME post request came, no files were dropped (but file was naturally in PHP).
Problem would be if you find XXXX.php file which was dropped in webserver folder...
-
FTL gave kudos to Gregecslo in Malicious file PHP/TrojanDownloader.Agent.CZ was detected
Something like this:
https://octobercms.com/forum/post/being-attacked-please-help?page=1#post-37387
-
FTL received kudos from st3fan in Outlook really slow to open with ESET Endpoint Antivirus 9.1.2051.0
Any news on this please Marcos?
9.1.2160 is still a real PITA with Outlook and shared mailboxes - makes them hang, crash, slow down to a complete crawl.
Still having to put some clients back to 9.0.2046 which is the last known good working version with Outlook
Thanks
-
FTL gave kudos to Marcos in EMSX Blocked Exchange Outbound connections
The detection is correct, the only issue is that the source and target IP addresses are swapped in the log.