Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


pronto last won the day on March 21

pronto had the most liked content!

1 Follower

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Servus Community, I created a path exclusion for the volume belonging to the local Time Machine backup but I get many of detections on this volume on my personal Mac (10.15). ESET is apparently unable to delete the files it finds, which is why it repeatedly issues a plenty of Popus warnings at irregular intervals. I created the exclusion with a wildcard character (/Volumes/Time*) but according to the manual this should work. Can anyone see an error in the configuration? Thx in advance & Bye Tom
  2. Hi Marcos, the audit log says that the task was modified on 26.03 in the afternoon. On this day we have reinstalled our two Exchange servers with a service provider. Afterwards, we could not activate the two mail security instances, but this was simply due to the fact that the mail security license was not checked in the activation task. Probably the task was modified by mistake while searching for the problem. When installing system updates, the server was restarted and the problem took its course... Thx & Bye Tom
  3. I have now contacted the ESET hotline about this issue. The reason for the disappearance of the clients was an unplanned execution of the Static Group Synchronization server task. This task moved all AD clients into the AD Organisation Unit folder structure. Why this task was executed is unclear. I then had to manually move the clients back into the groups created for them, now hopefully everything is back in the place where it is supposed to be. Summary: In principle no software error, so also magically no fix available. Thx & Bye Tom
  4. Hi Community, today all the static groups we created are suddenly empty. Except for two groups, the Apple macOS devices are apparently still there and two Windows devices are still there but all others are not displayed in the ESET Protect console. I still see all computers in the dynamic group where all machines are and when I look at the properties of my workstation for example, none of our policies are applied. What happened? Thx & Bye Tom
  5. In my opinion, they tried to attach importance to their cloud products, but probably underestimated the dynamics of the situation. It seems like they have lost control in the meantime. With the implementation of Windows 10 and their Windows as a Service update strategy, one update after another is blowing up. Either they came too early or too late. The customer has not been the king anymore, rather they are being forced towards in the direction where Microsoft wants them to go. The other global players like Apple and Google are no exception. If Google decides that any standard is no longer us
  6. This is a pretty good tool, easy to use and each warning is commented with a link to an explanation. Really very good. I'm thinking about adding something like this to our general monitoring. Only the attacked server had anomalies, but those were the things we already knew. One issue with a compromised web.conf.bak is still open but there I remember darkly that I once created a backup of the file before I made changes to it. The file extension bak is typical for me. After that the exchange server will not have been interested in this file anymore and after a few updates the content does
  7. Hm, I thought I followed the link but the site looks quite different from the ones I remember. Somewhere I took apparently a wrong turn. Thanks for bringing this up again, I'll take a closer look tomorrow. Thx & Bye Tom
  8. ESET Mail Security is installed on our Exchange servers and we found evidence of two backdoors. On 10.03, we ran Microsoft's detection tool with a service provider and found evidence of an infection. The service provider had already opened the directory where the backdoor was installed and we could see the file. We then scanned the system with Windows Defender and exact at that point, ESET's real-time protection jumped in and detected and removed the file. Not a good sign, the file had a timestamp of 05.03. There was a second incident on 06.03 according to ESET, though here the file was detect
  9. Thanks for the list of patched files and the further information. My learning curve has increased rapidly over the last few days. I could have come up with the idea of looking at the file properties in the GUI earlier. Sorry for that but having the list is more valuable. The files have a valid signature and e.g. the owaauth.dll is also shown in the list with the exact size in bytes and version number, only the timestamp is exactly 8 hours before ours, which is probably due to the time zones. Tommorow I compare the other files but that helps to fall asleep. @schuetzdentalCB Have
  10. Servus Community, I am investigating the post exploit activity of the Hafnium attack and have come across several DDLs that have a creation date a few hours after the installation of the backdoor (05/06.03.21). I uploaded some of these DDLs to Virustotal and they were found to be unsuspicious. However, the temporal context makes me wonder. The creation date is (a few days) before the time when ESET detected and removed the backdoor. However, a manual scan of the files with ESET Mail Security, is also unsuspicious. Can anyone compare these files on their system? C:\Windows\sy
  11. Hi Community, is ESET File Security in Mail Security included or do I need to install File Security additionally to protect the Exchange server operting systems? Thx & Bye Tom
  12. Hi Guys, well, the upgrade process was really straight forward. The web console took a little longer, I could still log in to the old one, which generated some error messages, but after a few minutes that was done also. Upgrading the agents also went through without a problem on about 25 clients in an evaluation group (Windows 10 and Mac OSX). The Anti Virus application on Windows (EEA) was also updated to version 8 without any problems in this group. That the EEA application on Mac is still on version 6.x is intended? Summary: As far as I can see, everything seems to work
  13. Servus Marcos, okay, thanks. Is the upgrade process straight forward or is there major work for reconfiguration to expect? Looks the Webgui almost the same or is it like Microsoft and everything is renamed and puzzeld to anywhere...? 😉 Thx & Bye Tom
  14. Servus Marcos, is ESET PROTECT a regular update for ESMC or is this an upgrade to another product? Possibly subject to a charge? Thx & Bye Tom
  15. Servus Community, I'm lost in the jungle of the thousands of different modules which ESET offers. I'm doing some updates of the ESET infrastructure, including the server components and thought that I've running the latest version of ESMC. I took the version from the the help menu in the about section. There is a version 7.2.1278.0 shown. But when I compare this with the website of ESET where the current releases are listet, the current version of ESMC there is I'm confused. My question is, if I'm lokking on the wrong place to determine the current running version or is the
  • Create New...