Jump to content

CNNS

Members
  • Posts

    13
  • Joined

  • Last visited

About CNNS

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Germany

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi there, one of my customers used the ESET PROTECT tasks to update a Mail Security for Microsoft Exchange and as a side effect the local Quarantine has been cleared. Two Questions: Is this supposed to happen? Can the quarantine be restored from Backups (Veeam)? System Information: ESET PROTECT (Server), Version 8.0 (8.0.2216.0) ESET PROTECT (Web Console), Version 8.0 (8.0.175.0) ESET Mail Security 7.3.10011.0 Thanks in advance
  2. DNS ... after looking through the log files in /var/log/eset/RemoteAdministrator/Server/trace.log I found: 2020-05-25 14:02:48 Error: CRepositoryModule [Thread 7fe8d37e6700]: GetFile: Host 'repository.eset.com' not found [error code: 20002] a few months ago we retired an old DC, that was the only DNS server for ESMC. Problem is fixed by updating /etc/resolv.conf with new DNS Servers ty for your help Marcos and sorry topic can be closed
  3. Well there is no error on creating New Tasks but i cannot select anything
  4. Hi There, a customer Installation shows errors when editing Client Tasks or Trying to Update the SMC. ESET Security Management Center (Server), Version 7.0 (7.0.471.0) ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) CentOS (64-bit), Version 7.6.1810 Status Overview -> Invalid Objects -> Client tasks containing inaccessible Objects: 3 -> Client tasks that use repository are highlightet and show tooltip: "The referenced repository package is not available" Help -> Update Product -> Accept License Terms -> ERROR: "Failed to create task: The referenced repository package is not available" New Client Task -> Software Install -> Install package from Repository <Choose Package> -> (No Filters are set) shows: NO DATA AVAILABLE Server Settings Repository Server is set to AUTOSELECT I already tried changing it according to https://support.eset.com/kb6749/, but no improvement. Tried rebooting the Appliance and no improvement. I am Happy for any help on this. ty
  5. Solution to this Problem came from eset support: first we had to edit the noticiation to show additional information, here the computername secondly we had to reinstall the eset agent on the computer in the notification
  6. thanks for your reply. BTW: we are getting a report every hour, so the condition that activates this notification still seems active. If I get your question right you want to know where we already did look for those threats. So here are some reports (translated from the german installation we have): Threats of the last 30 days grouped for action taken Group by (Action) Count(Action) deleted 37 7 blocked 6 Detected 3 connection terminated 2 cleaned by deleting 1 When I change this report to show a whole year I can get this to a total of 95. Even when changing the filter to show two years, we get only 95 entries. In the Computers view of SMC there are no Threats shown. A few have been marked as resolved in the past days. In the Threats view of SMC there are no current Threats shown. I have to change the filter to show resolved. Then there are 13 entries. If i change this to show 365 days i get the 95 incidents again. Heading over to the Mailsecurity on our Exchange we have the following data in the logs: Mail-Server-Protection (filtered to show the last 24hours): 302 total, evenly distributed, so like 15 events an hour, containing spam and rules for mail-attachments, this is a normal amount, we usually have like 400 a day
  7. Hi there, we received the following Notification (multiple times) from ESET SMC: Malware outbreak alert (count per time criteria) Warnung zu Schadsoftwareausbruch (Anzahl über Zeit) This Notification is on its default settings (100 Occurences in a 10 Minute Timeframe) Upon checking in with ESET SMC we cannot see any actives Threats that correspond to this. Is this a false positive? Where should we investigate further? System/Network Information: Small Business with local Exchange and Fileserver. 20 Windows Clients. ESET Security Management Center (Server), Version 7.0 (7.0.471.0)ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) CentOS (64-bit), Version 7.6.1810
  8. Hello MartinK, with the disk completely full the htcacheclean status didnt report anything. i removed some log files from /var/log/http to free up a little and the service is now running [root@ESET-SMC httpd]# service htcacheclean status Redirecting to /bin/systemctl status htcacheclean.service ● htcacheclean.service - Disk Cache Cleaning Daemon for Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/htcacheclean.service; static; vendor preset: disabled) Active: active (running) since Tue 2019-02-19 09:57:46 CET; 2min 25s ago Docs: man:htcacheclean(8) Process: 404 ExecStart=/usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d $INTERVAL -p $CACHE_ROOT -l $LIMIT $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 405 (htcacheclean) CGroup: /system.slice/htcacheclean.service └─405 /usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d 60 -p /var/cache/httpd/proxy -l 10000M -i -n -t -L12000 Feb 19 09:57:45 ESET-SMC systemd[1]: Starting Disk Cache Cleaning Daemon for Apache HTTP Server... Feb 19 09:57:46 ESET-SMC systemd[1]: Started Disk Cache Cleaning Daemon for Apache HTTP Server. After 10 Minutes of runtime there has been no additional space cleaned. Checking back after 4 hours there are now 35G free again. So this part worked. [root@ESET-SMC Server]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos_ba--eraappl--v-root 41G 5.1G 35G 13% / This Installation has been migrated from a Remote Administrator and iirc the http proxy was indeed enabled after initial setup. Are there any settings that i need to check? Trace logs seem to not have been written recently. [root@ESET-SMC Server]# ls -l total 300 -rw-r-----. 1 root root 31976 Feb 9 00:16 status.html -rw-r-----. 1 root root 256 Feb 12 13:39 trace.log -rw-r-----. 1 root root 73728 Feb 8 21:22 trace.log.0 -rw-r-----. 1 root root 192512 Feb 8 17:22 trace.log.1 Are there any fruther steps i have to do or configurations to check for the future?
  9. Hi there, i got a ESET SMC Virtual Appliance that ran out of disc space. I managed to find the culprit but have no idea what caused this and how to fix it. Just clearing the directory and restarting the service does not seem to work. Please advice. Server version: 7.0.451.0 Agent Version: 7.0.451.0 [root@ESET-SMC ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos_ba--eraappl--v-root 41G 41G 28K 100% / devtmpfs 1.9G 0 1.9G 0% /dev tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 1.9G 8.6M 1.9G 1% /run tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/sda1 497M 126M 372M 26% /boot /dev/mapper/centos_ba--eraappl--v-home 20G 33M 20G 1% /home tmpfs 380M 0 380M 0% /run/user/0 Total disc space used: [root@ESET-SMC ~]# du -hsx /var/cache/httpd/* | sort -rh | head -10 36G /var/cache/httpd/proxy 0 /var/cache/httpd/ssl Total number of files in Cache directory [root@ESET-SMC proxy]# cd /var/cache/httpd/proxy/ [root@ESET-SMC proxy]# find . -type f -print | wc -l 273262
  10. Hi there again (and a happy new year), I see that the Autoreject has been altered to hard-fails. Which is nice. May I ask if there is a schedule for the upcoming rules feature? As in: Thanks in advance
  11. Neat, awesome timing. Thank you for this, will have a look at coming updates.
  12. Hi there, i too have configured some ESET Mailsecurity Installations with rules to test for SPF records. To mitigate this issue i am for the moment running a SPF-exception rule before the SPF-failure-to-quarantine rule to allow certain domains from being checked. This however covers only regularly incoming mails and requires a certain amount of management to release others from quarantine. Please advise how to improve this solution. Do we have to sign up for a feature request on this? greetings
×
×
  • Create New...