Jump to content

tmuster2k

Members
  • Posts

    345
  • Joined

  • Last visited

  • Days Won

    1

tmuster2k last won the day on June 30 2016

tmuster2k had the most liked content!

About tmuster2k

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA

Recent Profile Visitors

3,095 profile views
  1. Have several mac Machines in ESET Protect Cloud that were successfully applied the EFDE but when going to the computer in ESET PROTECT Cloud and Overview and doing option for Recovery password it gives error below. I confirmed machine is actively checking in and other MAC machines (not all) will give the correct recovery password.
  2. Customer has his own web site where he directs end users to download a connectwise Screen connect client which is an .exe file. This file is analyzed by EDTD it appears and shows in EVENT logs >> User5/10/2021 3:26:24 PM;ESET Kernel;chrome.exe tried to access a file (companyX.ScreenConnect.Client (27).exe) which is being analyzed for malware. This can take several minutes.You will be notified when the file is ready.;BTB-RPRO-8\Karen Time;Component;Event;User5/10/2021 3:26:25 PM;ESET Kernel;A suspicious file was sent to the ESET Virus Lab for analysis.;SYSTEM and last one is >> ScreenConnect.Client (27).exe) was analyzed and is safe to be opened.;BTB-RPRO-8\Karen the problem is, there is a burned in 5 minute delay to analyze so file will only run in that time frame. Each detection in ESET Protect shows a different hash each time its detected and when doing the "create exclusion" this is the only option. We cannot do a EDTD exclusion as we don't want to exclude the users download folder where these files are being downloaded to. Are there any other options to make this process go faster for customer when trying to do remote sessions?
  3. confirmed that EDTD is activated and running on machine and samples are even showing. When going to system in ESET PROTECT >> show details >> Overview there is a box that is always present for EDTD with an "ENBALE" button in blue even through EDTD is already activated. This can be somewhat confusing to customer. In future ESET PROTECT console, can we at least grey this button out once the machine has been confirmed to have EDTD activated and has EDTC applied policy?
  4. @Marcos Please reference this web page >> https://helpdesk.egnyte.com/hc/en-us/articles/218926917 NOTE: customer did process exclusions for EgnyteClient.exe, EgnyteDrive.exe, EgnyteSyncService.exe, EgnyteUpdate.exe in the policy but the article is suggesting exclusion of the whole drive letter for Egnyte drive letter. I am not familiar with this program as it is something the customer implemented a while back. This link has info on what it does >> https://www.egnyte.com/blog/2021/02/12780evaluating-mysql-recursive-cte-at-scale/?_ga=2.213699793.418197318.1618429060-2050841226.1618429060 Based on what this program does, do the process exclusion should suffice?
  5. I have a drive letter that I need to exclude from scanning. I wanted to add for example e:\* but when i do this in my Policy for Performance exclusions it doesn't like it and shows in red. If I do e:\*. then it will go through. Will this wildcard make sure that no files will get scanned in real time?
  6. I have noticed many detections in ESET PROTECT for detections in emails where the Uniform Resource Identifier has a random number like >> 6d61696c746f3a3f66726f6d3d46696c6d747261636b207c2050686f6e6526746f3d476c65 And then other email detections will show more information like the Mailto;From information. Why are some of these detections, not clearly define the Uniform Resource Identifier? Also if an email detection action is "Retained" does that meant the attachment was deleted from email but body of email retained?
  7. Marcos. If saving to share on another server for example would this be correct format >> //server/share or \\server\share or \\server\c$\share? can you provide example of correct format?
  8. I tried it on different environment using ESET PROTECT CLOUD and still fails. I even set share to "everyone". Nothing in trace log showing any details of failure to upload.
  9. Trying to run the Upload quarantined object task but keeps failing. (ESET PROTECT 8.x) 1. Can this only be run when on Domain or will it work on Workgroup using Local Admin credentials? 2. Can you save this file locally on the Upload Path. example. c:\quarantine 3. If saving to share on another server for example would this be correct format >> //server/share or \\server\share or \\server\c$\share? 4. Would the target for this task be the machine where the quarantined object is currently housed?
  10. When setting up ESET PROTECT Mobile Device connector and only using IPAD only devices. 1. Is it compatible with iPASOS 14.x ? I saw online guide mention that "iPadOS 13 is not supported by ESET PROTECT MDM" but when you go to this site at the bottom >> https://help.eset.com/protect_install/80/en-US/operating_systems.html?mobile.html but if you look at the list towards top of URL it says it is compatible. Very conflicting info on the same URL. 2. To setup MDC for IPAD only devices do you need your own 3rd party PFX cert (Example from GO DADDY) for these devices to connect to EP MDC or can you go through normal setup process like you would do for Android per >> https://support.eset.com/en/kb6368-eset-mobile-device-management-for-apple-ios-65-and-later 3. Can you use a Dynamic DNS name for this setup or it has to be domain you own?
  11. When clicking on computer that is actively checking in with 7.2 agent on ESMC 7.2 server and going to "Show details" >> "Overview" on the IP Address field is showing N/A (not applicable). The machine in question is a desktop that always stays with hardwired ethernet connection (DHCP). Other machines are showing fine as its about 30% that show N/A. Agent was just installed 2 days ago and nothing has changed in the environment.
  12. Noticing a trend where computers with ESET installed (Home consumer or Endpoint) , is causing issue with Drop box sync to fail (Can't establish connection". Doing full disable of Protocol Filtering resolves the issue and then drop box starts syncing again. only disable of SSL/TLS filtering does not resolve issue. I assume doing a Protocol Filtering exclusion for drop box should not be applied correct? if so then how would you exclude PF from scanning drop box ?
  13. Do you have any details on how to do this export/import option?
×
×
  • Create New...