Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


pronto last won the day on March 21

pronto had the most liked content!

1 Follower

About pronto

  • Rank

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Servus Marcos, so I found the task scheduler now but only in the GUI of the client itself, not in the policy in the Protect console. They are also all activated and really only took a blink of an eye. Another thing I noticed is that the long Smart Scan only becomes active when I open the Smart Scan dialog in the client GUI. Maybe it only starts when I open the dialog. At least only then the circling radar bar in the ESET icon becomes visible. By the way, you can start this scan several times, which actually makes no sense (See screenshot). At this point I suspect a bug and if it is possible that it runs in the background but if it does not, it is probably not the cause of our issue. Anyway, I have now uninstalled the virus scanner on the acutely affected client and asked the colleague to work without the virus scanner for a day to find out whether the system can then be used normally again. This will at least tell me whether it was the virus scanner at all, or whether another issue is responsible for the poor performance. Basically, all users with Big Sur on the Minis with hardware revision 2014 have issues with performance, but not to the level discussed here. This Mac was no longer usable. Thx & Bye Tom
  2. Servus Community, I am experiencing annoying performance issues when switching our Mac Minis to Big Sur and I believe the virus scanner is responsible. On the last machine the issues were so significant that I uninstalled the virus scanner and since then the system has been running quite stable and fast. Users report that this slowly disappears after a while and the system can be used halfway normally. But until then they are quite frustrated. I looked at the whole issue for a while and noticed that the virus scanner runs a system smart check after every startup, which can take up to two hours. In the policy I have not found the place where we can disable it and I do not know this from older versions, at least not with Windows. The question now would be on the one hand, where I can turn off this daily check of the system files and on the other hand, whether there are other tweaks to increase the system performance? I can't really leave it like this and completely without a virus scanner is not recommendable either. Thx & Bye Tom
  3. I've taken a closer look at the this issue with my colleague now and we have some answers but also a few questions. We have two Exchange servers (MTA-1 and MTA-2) and only one (MTA-1) accepts mails from external. While analyzing the ESET logfiles we noticed that the second server (MTA-2) has had an empty logfile for over a week. Obviously, nothing was filtered here, which didn't worry us at first, because everything has to pass through the filter of the first server (MTA-1). Furthermore, we took a closer look at the spam mails that were passed through and noticed that there are no ESET X-tags in the headers of these e-mails. This worried us, because it is obvious that some mails did not pass the filter at all. Days ago we restarted the ESET services on both servers and today we restarted both servers. Now the filters on both servers are working again and since then no spam mail has arrived at least in my mailbox. However, since this time, five to ten unrecognized spam mails would be expected. This is a good sign. This would also answer the question why some spam mails were filtered and others not because the filter on only one server was working. But the question that arises now is, why is the filter on the second server necessary at all, if everything should go through the filter of the other server first? Is there any documentation on how the ESET filters work in an Exchange DAG, or a short explanation that does not go beyond the scope of this post? After all, this final question is on the edge of beeing off topic but the answer would help us at least to understand the issue... Thx & Bye Tom
  4. If you haven't changed anything on the network layout, I don't think that's the reason. We haven't changed anything and it was working fine until a week ago. I'm on vacation right now but I'll pass this on to my colleague to check. Thx & Bye Tom
  5. Servus Community, For a week now we have been flooded by a spam tsunami and we don't know why. The spam filter on our Exchange servers filters out spam, as we can see from the logs, but there is still a lot of spam arriving in the users' mailboxes. We have already sent over a hundred samples to ESET, but the storm continues. There are mails that should be clearly identified as spam, but the filter lets them through. At first we thought that this would fix by itself in a few days, when ESET reacts with new patterns, but now it takes so long that we have to assume that the problem is in our setup. What actions can we take to get the problem under control? The matter is getting more and more serious, we have users who get over a hundred spam mails per day and there might be serious threats among them. Thank you in advance for your attention Bye Tom
  6. I have now uninstalled ESET Endpoint Antivirus and reinstalled it with user defined settings. In the user defined settings I disabled web- and email-protection, then the proxy adapter is not installed. The actual issue has been escalated to the next instance by first level support. Thx & Bye Tom
  7. Now I have the same issue with the next Mac Mini. It works after installing ESET until I reboot the system, then the proxy adapter won't connect to whatever or whoever and the network connection is down. Not basically everything, because a ping still works or the definition update from ESET but nothing else anymore. The only Mac Mini with Big Sur that doesn't have this issue is a brand new M1 Mini, the other two, where it doesn't work, are Intel Minis with a hardware revision from 2014. The systems are compatible with Big Sur according to the compatibility matrix. I opened a support ticket the day before yesterday and got a message today that I would have to wait until next week for an answer, which wouldn't be an issue if the second Mini didn't have these issue as well. So if anyone can say anything about it, now would be a really good time to do so... 😉 Thx & Bye Tom
  8. If I follow these instructions [1], I lose the network connection. All other macOS systems do not have this problem. Another Big Sur installation has not connected this proxy adapter, but also does not have the warning that the web and email protection does not work. So either I get rid of this warning on unconnected proxy or the proxy adapter is kind enough to stop blocking my network connection. [1] https://support.eset.com/en/kb7698-web-and-email-protection-did-not-start-in-eset-products-for-mac-on-macos-big-sur Thx & Bye Tom
  9. Servus Community, with a disabled ESET proxy network adapter I don't get the warning that some features don't work away and with an enabled proxy network adapter the internet doesn't work anymore. The localhost is entered as proxy address. What am I doing wrong? Thx & Bye Tom
  10. Servus Marcos, the protection status is red but it only indicates that a restart is required. No further indication that the protection status is impaired or out of function. Anyway, since the matter is unclear, I have now restarted the system. However, your development department should take a look at this. With a regular update, this request to restart always comes and even the users do not necessarily register this alert from ESET, or simply ignore it and postpone the restart until the end of work. They are then only advised that a restart is required. In the meantime, it must be clear that the virus protection is still working, - or if not, all alarm lights should go on. A message that a restart is required is than not enough. With Windows updates, postponing the restart is also common practice. Thx & Bye Tom
  11. Servus Community, I accidentally updated the ESET engine on an Exchange server, it was already up to date. Now the server wants to have a restart and for this I would like to wait until office hours are over. Is the protection still granted until then? Thx & Bye Tom
  12. Servus Community, somehow during the installation of ESET Antivirus on macOS 11.5 I got a network interface for a proxy server installed, which probably happened accidentally. I then had no network connection on the Mac and first had to disable this interface in the network settings. How do I get rid of this proxy interface...? Thx & Bye Tom
  13. I think it's time to seriously consider a reverse proxy server. We used to have one when Microsoft had a TMG server in their portfolio, but after that was discontinued, our Exchange servers are connected directly to the Internet. Not having one was already not an advantage with the hafnium exploit issue a few month ago. We had to reinstall all the Exchange servers at this time. Btw: Our Exchangers are not fully patched. We have installed the CU20, but there were three security updates that are still missing. At least Microsoft states that CU20 is sufficient, there was no mention of security patches. A technician from our service provider also said that CU20 should be sufficient and Thor may have only registered the HTTP request. Tomorrow I will install the last security patch and in two weeks the current CU21. In the meantime I'll get busy looking for signs of a successful exploit but to do that I need to know what to be looking for first. Until then, I hope ESET keeps its eyes open and I still don't get any negative feedback. If anyone has any concrete leads on what to be looking for already, that information would be helpful. Thx & Bye Tom
  14. This happens all the time, day in and day out. What should I do with this information? But if it should be brute force attempts, then it probably does not concern the security vulnerability mentioned here. The question is also whether ESET detects this at all or only becomes active when dangerous files are installed on the system. The backdoor of the Hafnium exploit was found by ESET but only a few hours later. Whether ESET would have detected the exploit at a later time, even before the backdoor was installed, I don't know. Unfortunately, I know too less about the impact of this vulnerability. Thx & Bye Tom
  15. It doesn't really say anything useful. The really important information, e.g. which security vulnerability is being tried to be exploited, is unfortunately missing. Translated it says: Thx & Bye Tom
  • Create New...