pronto
Members-
Posts
165 -
Joined
-
Last visited
-
Days Won
2
pronto last won the day on March 21 2021
pronto had the most liked content!
About pronto
-
Rank
Newbie
Profile Information
-
Location
Germany
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Yes, we are testing the OpenVAS scanner from Greenbone and I thought that was obvious as we tried to whitelist the IP of the scanner but without success. https://www.openvas.org/
-
Hi Marcos, what's wrong with you? Aren't you usually spot on? I already wrote in my first post that we are testing a vulnerability scanner. All the answers were somehow off-topic. What can I do better to avoid such misunderstandings? I'm worried... Bye Pronto
-
In principle, these were false positives. We had initially configured the IDS of the client policy by mistake, now we have the server security policy and the false detections are now gone. Thank you.
-
Is there anything else I can do? The (remote) scanner does not use a local module, but authenticates itself with an admin user on the system. What else has been changed is that remote access to the registry has been allowed for this user.
-
No, the scanner does not search for fixes nor does it patch vulnerabilities automatically. What I am looking for is a setting within ESET that prevents connections from the scanner's IP address from being blocked by default. The message in ESET reads: "Attempt to exploit a vulnerability".
-
pronto started following Next Level Security , Exclusion for vulnerability scanner , Update Microsoft SQL Express Server and 2 others
-
Servus Community, currently, we are evaluating a Vulnerability Scanner and have noticed that a significant number of connections originating from the scanner's IP are being blocked on a Windows Server test system. Even though we have whitelisted the scanner's IP in the "SECURITY Sensor Settings" under network access protection (Exclude from IDS), this policy does not appear to be effective. Is there another option for configuring this? Thanks & Bye Tom
-
Okay, since it just failed again and then after a few more attempts seems to be successful, I took a look at the other servers and it's the same there. Pretty much every server logs several failed attempts throughout the day. I would even estimate that on average every second update attempt fails. I'll open a ticket now and attach the logcollector logfiles. Should I give you the ticket number?
-
Servus Marcos, Pcap Log with Wireshark? Taken from the server that can not be updated? Is it possible that there is a fallback to another update server after a certain time? For example direct download from ESET server instead of our on premise server? Or vice versa? Bye
-
After about an hour the problem seems to have resolved itself. The server now shows no errors and also in the ESET Protect console it is displayed without errors. No idea why this did not work the first few attempts to update the modules?
-
Servus Community, after updating the ESET Protect application from version 10 to version 10.1, I am notified that the Microsoft Express Server 2014 application can be updated. Can ESET handle the latest version of Express Server 2014 (SP3 CU4) or is there a recommendation to use an older version? Currently SP1 is installed, so the version change is quite significant. A backup of the database is made daily with the following command. Is that enough or should further actions be taken before a database update? %APP_PATH%\SQLCMD -S VM-NET-SRV-2\ERASQL -d ERA_DB -E -Q "BACKUP DATABASE ERA_DB TO DISK = N'%LOCAL_PATH%\ESET_DB_%DATUM%.bak'" Thx & Bye Tom
-
Servus Community, i have built a new installer for Windows Server in ESET Protect GUI 10.1 and after installation i get an error that the module update failed because no connection could be established to the server. However, in the ESET Protect GUI the server is present, but is also displayed there with error. Any suggestions how to get this work?
-
Servus Community, we have rented a terminal server for two users (three incl. admin) from a cloud service provider. Furthermore, we have an ESET Protect infrastructure with numerous licences here locally at the site. May I use a licence from our local Protect infrastructure for the server rented in the cloud? A report of the events to our site would not be required. Furthermore, how many licences do I need for a terminal server? Is this licensed per user or per device? Thx in advance & Bye Tom
-
Next Level Security
pronto replied to pronto's topic in ESET Inspect On-prem (Detection and Response)
Servus Marcos, thank you for your comments. A test setup will certainly be the best option. Can we remove it from the Protect console without leaving any remaining traces if we decide not to use it? Thx & Bye Tom -
Servus Community, since the hafnium vulnerability, we have been using a Yara Rule Scanner, which also searches for patterns of different attack vectors in log files and reports matches. The application we currently use for this is freeware, now we are considering upgrading to the full version. With the upgrade more modules, rules and scanners will be unlocked. This may also include an EDR system to actively respond to threats. Depending on the upgrade level. ESET apparently offers something similar with the ESET Inspect module, which would be much cheaper in terms of price. This prompts the question where is the difference, which is supposed to be worth several thousand euros per year? For example, can ESET Inspect search for anomalies in log files? Both in Windows event logs, as well as in text log files, such as IIS logs? Can it be actively reacted to? Detect and block encryption Trojans; detect lateral propagation in the network of intruders and report suspicious activity; central GUI for reporting and configuration (e.g. false positive configuration)? All these things that a normal virus scanner cannot do. FYI: We already use ESET Protect on our endpoints. Thx & Bye Tom
-
Servus Community, I have deployed two new Mac Minis with M2 CPU and macOS Ventura and saved both to an organization unit with their own policy. One of them shows me a green status and the other one shows that the web and email protection is not configured. That should be set via policy and both should be configured the same, shouldn't it? Where is the problem? Furthermore, the application on the client is very reduced. For example, I can't access any settings there and change them if necessary. Is this the case with the client 7.2.1600.0 or have I done something else wrong? Thx & Bye Tom