CNNS
-
Posts
13 -
Joined
-
Last visited
Posts posted by CNNS
-
-
DNS ...
after looking through the log files in /var/log/eset/RemoteAdministrator/Server/trace.log I found:
2020-05-25 14:02:48 Error: CRepositoryModule [Thread 7fe8d37e6700]: GetFile: Host 'repository.eset.com' not found [error code: 20002]
a few months ago we retired an old DC, that was the only DNS server for ESMC. Problem is fixed by updating /etc/resolv.conf with new DNS Servers
ty for your help Marcos and sorry
topic can be closed
-
Well there is no error on creating New Tasks but i cannot select anything
8 minutes ago, CNNS said:New Client Task -> Software Install -> Install package from Repository <Choose Package> -> (No Filters are set) shows: NO DATA AVAILABLE
-
Hi There,
a customer Installation shows errors when editing Client Tasks or Trying to Update the SMC.
ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)
CentOS (64-bit), Version 7.6.1810Status Overview -> Invalid Objects -> Client tasks containing inaccessible Objects: 3 -> Client tasks that use repository are highlightet and show tooltip: "The referenced repository package is not available"Help -> Update Product -> Accept License Terms -> ERROR: "Failed to create task: The referenced repository package is not available"New Client Task -> Software Install -> Install package from Repository <Choose Package> -> (No Filters are set) shows: NO DATA AVAILABLEServer Settings Repository Server is set to AUTOSELECT
I already tried changing it according to https://support.eset.com/kb6749/, but no improvement.
Tried rebooting the Appliance and no improvement.
I am Happy for any help on this. ty
-
Solution to this Problem came from eset support:
first we had to edit the noticiation to show additional information, here the computername
secondly we had to reinstall the eset agent on the computer in the notification
-
okay, will do that.
thank you MartinK
-
thanks for your reply.
BTW: we are getting a report every hour, so the condition that activates this notification still seems active.
29 minutes ago, MartinK said:Could you specify how you filter those threats?
If I get your question right you want to know where we already did look for those threats.
So here are some reports (translated from the german installation we have):
Threats of the last 30 days grouped for action taken
Group by (Action) Count(Action) deleted 37 7 blocked 6 Detected 3 connection terminated 2 cleaned by deleting 1 When I change this report to show a whole year I can get this to a total of 95. Even when changing the filter to show two years, we get only 95 entries.
In the Computers view of SMC there are no Threats shown. A few have been marked as resolved in the past days.
In the Threats view of SMC there are no current Threats shown. I have to change the filter to show resolved. Then there are 13 entries. If i change this to show 365 days i get the 95 incidents again.
Heading over to the Mailsecurity on our Exchange we have the following data in the logs:
Mail-Server-Protection (filtered to show the last 24hours): 302 total, evenly distributed, so like 15 events an hour, containing spam and rules for mail-attachments, this is a normal amount, we usually have like 400 a day
-
Hi there,
we received the following Notification (multiple times) from ESET SMC:
Malware outbreak alert (count per time criteria)
Warnung zu Schadsoftwareausbruch (Anzahl über Zeit)
This Notification is on its default settings (100 Occurences in a 10 Minute Timeframe)
Upon checking in with ESET SMC we cannot see any actives Threats that correspond to this.
Is this a false positive? Where should we investigate further?
System/Network Information:
Small Business with local Exchange and Fileserver. 20 Windows Clients.
ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)CentOS (64-bit), Version 7.6.1810
-
Hello MartinK,
with the disk completely full the htcacheclean status didnt report anything. i removed some log files from /var/log/http to free up a little and the service is now running
[root@ESET-SMC httpd]# service htcacheclean status
Redirecting to /bin/systemctl status htcacheclean.service
● htcacheclean.service - Disk Cache Cleaning Daemon for Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/htcacheclean.service; static; vendor preset: disabled)
Active: active (running) since Tue 2019-02-19 09:57:46 CET; 2min 25s ago
Docs: man:htcacheclean(8)
Process: 404 ExecStart=/usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d $INTERVAL -p $CACHE_ROOT -l $LIMIT $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 405 (htcacheclean)
CGroup: /system.slice/htcacheclean.service
└─405 /usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d 60 -p /var/cache/httpd/proxy -l 10000M -i -n -t -L12000
Feb 19 09:57:45 ESET-SMC systemd[1]: Starting Disk Cache Cleaning Daemon for Apache HTTP Server...
Feb 19 09:57:46 ESET-SMC systemd[1]: Started Disk Cache Cleaning Daemon for Apache HTTP Server.
After 10 Minutes of runtime there has been no additional space cleaned.
Checking back after 4 hours there are now 35G free again. So this part worked.
[root@ESET-SMC Server]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos_ba--eraappl--v-root 41G 5.1G 35G 13% /
This Installation has been migrated from a Remote Administrator and iirc the http proxy was indeed enabled after initial setup. Are there any settings that i need to check?
Trace logs seem to not have been written recently.
[root@ESET-SMC Server]# ls -l
total 300
-rw-r-----. 1 root root 31976 Feb 9 00:16 status.html
-rw-r-----. 1 root root 256 Feb 12 13:39 trace.log
-rw-r-----. 1 root root 73728 Feb 8 21:22 trace.log.0
-rw-r-----. 1 root root 192512 Feb 8 17:22 trace.log.1Are there any fruther steps i have to do or configurations to check for the future?
-
Hi there,
i got a ESET SMC Virtual Appliance that ran out of disc space.
I managed to find the culprit but have no idea what caused this and how to fix it. Just clearing the directory and restarting the service does not seem to work. Please advice.
Server version: 7.0.451.0
Agent Version: 7.0.451.0
[root@ESET-SMC ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos_ba--eraappl--v-root 41G 41G 28K 100% /
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.6M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/sda1 497M 126M 372M 26% /boot
/dev/mapper/centos_ba--eraappl--v-home 20G 33M 20G 1% /home
tmpfs 380M 0 380M 0% /run/user/0
Total disc space used:
[root@ESET-SMC ~]# du -hsx /var/cache/httpd/* | sort -rh | head -10
36G /var/cache/httpd/proxy
0 /var/cache/httpd/ssl
Total number of files in Cache directory
[root@ESET-SMC proxy]# cd /var/cache/httpd/proxy/
[root@ESET-SMC proxy]# find . -type f -print | wc -l
273262
-
Hi there again (and a happy new year),
I see that the Autoreject has been altered to hard-fails. Which is nice.
May I ask if there is a schedule for the upcoming rules feature?
As in:
On 12/12/2018 at 5:30 PM, Marcos said:In the future we plan to introduce a new condition in rules, enabling to differentiate hard-failed and soft-failed messages.
Thanks in advance
-
Neat, awesome timing.
Thank you for this, will have a look at coming updates.
-
Hi there,
i too have configured some ESET Mailsecurity Installations with rules to test for SPF records.
To mitigate this issue i am for the moment running a SPF-exception rule before the SPF-failure-to-quarantine rule to allow certain domains from being checked. This however covers only regularly incoming mails and requires a certain amount of management to release others from quarantine.
Please advise how to improve this solution.
Do we have to sign up for a feature request on this?
greetings
Mail Security Update clears local quarantine?
in ESET Products for Windows Servers
Posted
Hi there,
one of my customers used the ESET PROTECT tasks to update a Mail Security for Microsoft Exchange and as a side effect the local Quarantine has been cleared.
Two Questions:
Is this supposed to happen?
Can the quarantine be restored from Backups (Veeam)?
System Information:
ESET PROTECT (Server), Version 8.0 (8.0.2216.0)
ESET PROTECT (Web Console), Version 8.0 (8.0.175.0)
ESET Mail Security 7.3.10011.0
Thanks in advance