pronto
-
Posts
165 -
Joined
-
Last visited
-
Days Won
2
Posts posted by pronto
-
-
Hi Marcos,
what's wrong with you? Aren't you usually spot on? I already wrote in my first post that we are testing a vulnerability scanner. All the answers were somehow off-topic. What can I do better to avoid such misunderstandings? I'm worried...
Bye Pronto
-
In principle, these were false positives. We had initially configured the IDS of the client policy by mistake, now we have the server security policy and the false detections are now gone. Thank you.
-
Is there anything else I can do? The (remote) scanner does not use a local module, but authenticates itself with an admin user on the system. What else has been changed is that remote access to the registry has been allowed for this user.
-
No, the scanner does not search for fixes nor does it patch vulnerabilities automatically. What I am looking for is a setting within ESET that prevents connections from the scanner's IP address from being blocked by default. The message in ESET reads: "Attempt to exploit a vulnerability".
-
Servus Community,
currently, we are evaluating a Vulnerability Scanner and have noticed that a significant number of connections originating from the scanner's IP are being blocked on a Windows Server test system. Even though we have whitelisted the scanner's IP in the "SECURITY Sensor Settings" under network access protection (Exclude from IDS), this policy does not appear to be effective. Is there another option for configuring this?
Thanks & Bye Tom
-
Okay, since it just failed again and then after a few more attempts seems to be successful, I took a look at the other servers and it's the same there. Pretty much every server logs several failed attempts throughout the day. I would even estimate that on average every second update attempt fails. I'll open a ticket now and attach the logcollector logfiles. Should I give you the ticket number?
-
Servus Marcos,
Pcap Log with Wireshark? Taken from the server that can not be updated? Is it possible that there is a fallback to another update server after a certain time? For example direct download from ESET server instead of our on premise server? Or vice versa?
Bye
-
After about an hour the problem seems to have resolved itself. The server now shows no errors and also in the ESET Protect console it is displayed without errors. No idea why this did not work the first few attempts to update the modules?
-
Servus Community,
after updating the ESET Protect application from version 10 to version 10.1, I am notified that the Microsoft Express Server 2014 application can be updated. Can ESET handle the latest version of Express Server 2014 (SP3 CU4) or is there a recommendation to use an older version? Currently SP1 is installed, so the version change is quite significant.
A backup of the database is made daily with the following command. Is that enough or should further actions be taken before a database update?
%APP_PATH%\SQLCMD -S VM-NET-SRV-2\ERASQL -d ERA_DB -E -Q "BACKUP DATABASE ERA_DB TO DISK = N'%LOCAL_PATH%\ESET_DB_%DATUM%.bak'"Thx & Bye Tom
-
Servus Community,
i have built a new installer for Windows Server in ESET Protect GUI 10.1 and after installation i get an error that the module update failed because no connection could be established to the server. However, in the ESET Protect GUI the server is present, but is also displayed there with error.
Any suggestions how to get this work?
-
Servus Community,
we have rented a terminal server for two users (three incl. admin) from a cloud service provider. Furthermore, we have an ESET Protect infrastructure with numerous licences here locally at the site. May I use a licence from our local Protect infrastructure for the server rented in the cloud? A report of the events to our site would not be required.
Furthermore, how many licences do I need for a terminal server? Is this licensed per user or per device?
Thx in advance & Bye Tom
-
Servus Marcos,
thank you for your comments. A test setup will certainly be the best option. Can we remove it from the Protect console without leaving any remaining traces if we decide not to use it?
Thx & Bye Tom
-
Servus Community,
since the hafnium vulnerability, we have been using a Yara Rule Scanner, which also searches for patterns of different attack vectors in log files and reports matches. The application we currently use for this is freeware, now we are considering upgrading to the full version. With the upgrade more modules, rules and scanners will be unlocked. This may also include an EDR system to actively respond to threats. Depending on the upgrade level.
ESET apparently offers something similar with the ESET Inspect module, which would be much cheaper in terms of price. This prompts the question where is the difference, which is supposed to be worth several thousand euros per year? For example, can ESET Inspect search for anomalies in log files? Both in Windows event logs, as well as in text log files, such as IIS logs? Can it be actively reacted to? Detect and block encryption Trojans; detect lateral propagation in the network of intruders and report suspicious activity; central GUI for reporting and configuration (e.g. false positive configuration)? All these things that a normal virus scanner cannot do.
FYI: We already use ESET Protect on our endpoints.
Thx & Bye Tom
-
Servus Community,
I have deployed two new Mac Minis with M2 CPU and macOS Ventura and saved both to an organization unit with their own policy. One of them shows me a green status and the other one shows that the web and email protection is not configured. That should be set via policy and both should be configured the same, shouldn't it? Where is the problem?
Furthermore, the application on the client is very reduced. For example, I can't access any settings there and change them if necessary. Is this the case with the client 7.2.1600.0 or have I done something else wrong?
Thx & Bye Tom
-
Hi Marcos,
okay, I have now created a new policy based on a template for version 7. Do you have any possibility to take over the settings from another policy as far as possible? This has now taken me an hour to set up from scratch. Or have I simply overlooked this? I have also found no way to disable the firewall. Is that no longer possible or does it no longer exist?
Then I have the question, if I can place both policies on one folder (e.g. our default macOS organizational unit)? Do the clients then search for the policy that applies to them or do I have to create a new OU for this?
Thx & Bye Tom
-
Hi Marcos,
I have now found and installed version 7.2. You have hidden it well. However, I am still not much further. That the web protection is disabled has taken over the version 7 from the version 6 but I can not activate it in the version 7 now. The interface of version 7 does not have the possibility to display or change settings. With deactivated email and webprotection it worked in version 6.
But now I have a big fat red warning in the Protect console that the webprotection is disabled for the client. However, the web protection is also disabled in the policy. This should not trigger a warning and the clients with version 6, which have the same policy, do not get a warning either.
Some questions:
- Can version 7 no longer be configured on the client?
- How do I get rid of the critical warning in the Protect console?
- Do I need a new policy for version 7?
Thx & Bye Tom
-
5 minutes ago, Marcos said:
Is there any reason why you are using an old version of ESET Endpoint Antivirus v6 and not the latest v7?
No, the only reason I installed this version is that Google brought me to this page:
https://www.eset.com/de/business/download/endpoint-antivirus-mac/
This version was newer than the one we have been using, so I thought I was on the latest update channel. I did not know about a version 7. I'll take care of it tomorrow and let you know.
-
Servus Community
I am just starting up the first Mac Mini with M2 processor and macOS Ventura and have installed ESET Antivirus version 6.11.606.0 and have now basically the same problem as when I started up the first M1 Macs with Big Sur or Monterey, that after the installation no internet worked anymore.
If I remember correctly, the problem at that time was an additional network adapter used by ESET to analyze traffic. Disabling the email and web protection then suppressed the problem until a bug fix was available from ESET. Now I have the same problem again but by the way no additional network adapter is created. I have now all options except the real-time protection deactivated and the network works again but a big red warning in the toolbar indicates the problem, what surly triggers some support tickets.
Will there be another bugfix or is the problem different? Ventura is not a new macOS anymore, if it is a bug a bug fix it should have been released long ago.
Thx & Bye Tom
-
1 minute ago, Peter Randziak said:
Hello @pronto,
As you speak of Windows servers I assume that you have the ESET Server Security for Microsoft Windows Server deployed.
The latest 9.0.12017.0 has “IMPROVED: Protected antimalware service will not time out any longer during boot when Windows updates keep the file-system busy” so I recommend them to upgrade to it as they face the issue…
Peter
Servus Peter,
yes it affects the Server Security App. I have also just installed the first version 9.0.12017.0 on a server and restarted, then the virus scanner ran afterwards automatically. But I have not installed any updates before the restart.
Sorry for the new thread I opened with this.
Thx & Bye Tom
-
Servus Community,
since one or two months the ESET virus scanner does not start by itself after a reboot on any Windows server system. Neither on 2016 nor on 2019 or virtual machine or installed on metal sheet. A start of the service afterwards by hand goes without problems but when overlook this after a server reboot, there is no longer a virus scanner running.
The issue came suddenly out of the blue and affects all Windows server operating systems. Thank god no clients are affected. Does anyone know where this comes from and possible any fixes?
Thx & Bye Tom
-
I thought so but informing didn't cost anything and better safe than sorry.... 🤠
-
Servus Administrators,
FYI: I would like to bring to the attention of the administrators of this forum on two suspicious messages in my user account (See screenshot).
Thx & Bye Tom
-
35 minutes ago, Marcos said:
When creating a new account, the value is the number of days after which the password will expire and will have to be changed. Ticking the box will enforce immediate password change after the next log in.
Ah okay, then it's all understandable. Then it does what it is supposed to do...
-
2 minutes ago, Marcos said:
The checkbox is unrelated to the password expiration age.
I don't understand. If a password change is not required, what does the 1,500 days still matter?
Exclusion for vulnerability scanner
in ESET PROTECT
Posted
Yes, we are testing the OpenVAS scanner from Greenbone and I thought that was obvious as we tried to whitelist the IP of the scanner but without success.
https://www.openvas.org/