Jump to content

tmuster2k

Members
  • Content Count

    343
  • Joined

  • Last visited

  • Days Won

    1

tmuster2k last won the day on June 30 2016

tmuster2k had the most liked content!

Profile Information

  • Location
    USA

Recent Profile Visitors

2,982 profile views
  1. Customer has his own web site where he directs end users to download a connectwise Screen connect client which is an .exe file. This file is analyzed by EDTD it appears and shows in EVENT logs >> User5/10/2021 3:26:24 PM;ESET Kernel;chrome.exe tried to access a file (companyX.ScreenConnect.Client (27).exe) which is being analyzed for malware. This can take several minutes.You will be notified when the file is ready.;BTB-RPRO-8\Karen Time;Component;Event;User5/10/2021 3:26:25 PM;ESET Kernel;A suspicious file was sent to the ESET Virus Lab for analysis.;SYSTEM and la
  2. confirmed that EDTD is activated and running on machine and samples are even showing. When going to system in ESET PROTECT >> show details >> Overview there is a box that is always present for EDTD with an "ENBALE" button in blue even through EDTD is already activated. This can be somewhat confusing to customer. In future ESET PROTECT console, can we at least grey this button out once the machine has been confirmed to have EDTD activated and has EDTC applied policy?
  3. @Marcos Please reference this web page >> https://helpdesk.egnyte.com/hc/en-us/articles/218926917 NOTE: customer did process exclusions for EgnyteClient.exe, EgnyteDrive.exe, EgnyteSyncService.exe, EgnyteUpdate.exe in the policy but the article is suggesting exclusion of the whole drive letter for Egnyte drive letter. I am not familiar with this program as it is something the customer implemented a while back. This link has info on what it does >> https://www.egnyte.com/blog/2021/02/12780evaluating-mysql-recursive-cte-at-scale/?_ga=2.213699793.418197318.1618429060-2050841226.
  4. I have a drive letter that I need to exclude from scanning. I wanted to add for example e:\* but when i do this in my Policy for Performance exclusions it doesn't like it and shows in red. If I do e:\*. then it will go through. Will this wildcard make sure that no files will get scanned in real time?
  5. I have noticed many detections in ESET PROTECT for detections in emails where the Uniform Resource Identifier has a random number like >> 6d61696c746f3a3f66726f6d3d46696c6d747261636b207c2050686f6e6526746f3d476c65 And then other email detections will show more information like the Mailto;From information. Why are some of these detections, not clearly define the Uniform Resource Identifier? Also if an email detection action is "Retained" does that meant the attachment was deleted from email but body of email retained?
  6. Marcos. If saving to share on another server for example would this be correct format >> //server/share or \\server\share or \\server\c$\share? can you provide example of correct format?
  7. I tried it on different environment using ESET PROTECT CLOUD and still fails. I even set share to "everyone". Nothing in trace log showing any details of failure to upload.
  8. Trying to run the Upload quarantined object task but keeps failing. (ESET PROTECT 8.x) 1. Can this only be run when on Domain or will it work on Workgroup using Local Admin credentials? 2. Can you save this file locally on the Upload Path. example. c:\quarantine 3. If saving to share on another server for example would this be correct format >> //server/share or \\server\share or \\server\c$\share? 4. Would the target for this task be the machine where the quarantined object is currently housed?
  9. When setting up ESET PROTECT Mobile Device connector and only using IPAD only devices. 1. Is it compatible with iPASOS 14.x ? I saw online guide mention that "iPadOS 13 is not supported by ESET PROTECT MDM" but when you go to this site at the bottom >> https://help.eset.com/protect_install/80/en-US/operating_systems.html?mobile.html but if you look at the list towards top of URL it says it is compatible. Very conflicting info on the same URL. 2. To setup MDC for IPAD only devices do you need your own 3rd party PFX cert (Example from GO DADDY) for these devices to connect t
  10. When clicking on computer that is actively checking in with 7.2 agent on ESMC 7.2 server and going to "Show details" >> "Overview" on the IP Address field is showing N/A (not applicable). The machine in question is a desktop that always stays with hardwired ethernet connection (DHCP). Other machines are showing fine as its about 30% that show N/A. Agent was just installed 2 days ago and nothing has changed in the environment.
  11. Noticing a trend where computers with ESET installed (Home consumer or Endpoint) , is causing issue with Drop box sync to fail (Can't establish connection". Doing full disable of Protocol Filtering resolves the issue and then drop box starts syncing again. only disable of SSL/TLS filtering does not resolve issue. I assume doing a Protocol Filtering exclusion for drop box should not be applied correct? if so then how would you exclude PF from scanning drop box ?
  12. Do you have any details on how to do this export/import option?
  13. ESMC was not working so I performed full reinstall of all components. I had backed up the server cert and CA and policies via "Export". After install, I imported CA and server cert and machines are checking in like before but they are all going into the LOST AND FOUND Static Group instead of their respective MSP groups that are synced over from license management. Is there any way to get these machines back into their respective groups without have to manually drag and drop them over?
  14. @MartinK I know the easy way is through the GUI but per my post I mentioned there are some instances of ERA 6.5 OVA that do not have this and it is likely because the previous version they had (example OVA 6.2) never came with this and when they did components upgrade it did not bring it over. Also I would like to know this command because the OVA MDC Appliance also does not have option to backup database and I was wondering if there is easy command to accomplish this.
×
×
  • Create New...