tmuster2k

anyone on the cloning question?

Currently running ESET Protect Cloud. For a VDI non-persistent disk environment would I be following these specific steps >> https://support.eset.com/en/kb7864-cloning-computers-in-eset-protect-match-with-the-existing-computer-every-time ? And if that is the correct information going forward and once the question is resolved from status overview, that will stay so every time the machine is rebooted and user receives fresh image we will not need to go back to Status Overview and keep answering the question to get the agent to check in with its unique identifier ?

anyone?

Have several mac Machines in ESET Protect Cloud that were successfully applied the EFDE but when going to the computer in ESET PROTECT Cloud and Overview and doing option for Recovery password it gives error below. I confirmed machine is actively checking in and other MAC machines (not all) will give the correct recovery password.

Customer has his own web site where he directs end users to download a connectwise Screen connect client which is an .exe file. This file is analyzed by EDTD it appears and shows in EVENT logs >> User5/10/2021 3:26:24 PM;ESET Kernel;chrome.exe tried to access a file (companyX.ScreenConnect.Client (27).exe) which is being analyzed for malware. This can take several minutes.You will be notified when the file is ready.;BTB-RPRO-8\Karen Time;Component;Event;User5/10/2021 3:26:25 PM;ESET Kernel;A suspicious file was sent to the ESET Virus Lab for analysis.;SYSTEM and last one is >> ScreenConnect.Client (27).exe) was analyzed and is safe to be opened.;BTB-RPRO-8\Karen the problem is, there is a burned in 5 minute delay to analyze so file will only run in that time frame. Each detection in ESET Protect shows a different hash each time its detected and when doing the "create exclusion" this is the only option. We cannot do a EDTD exclusion as we don't want to exclude the users download folder where these files are being downloaded to. Are there any other options to make this process go faster for customer when trying to do remote sessions?

confirmed that EDTD is activated and running on machine and samples are even showing. When going to system in ESET PROTECT >> show details >> Overview there is a box that is always present for EDTD with an "ENBALE" button in blue even through EDTD is already activated. This can be somewhat confusing to customer. In future ESET PROTECT console, can we at least grey this button out once the machine has been confirmed to have EDTD activated and has EDTC applied policy?

@Marcos Please reference this web page >> https://helpdesk.egnyte.com/hc/en-us/articles/218926917 NOTE: customer did process exclusions for EgnyteClient.exe, EgnyteDrive.exe, EgnyteSyncService.exe, EgnyteUpdate.exe in the policy but the article is suggesting exclusion of the whole drive letter for Egnyte drive letter. I am not familiar with this program as it is something the customer implemented a while back. This link has info on what it does >> https://www.egnyte.com/blog/2021/02/12780evaluating-mysql-recursive-cte-at-scale/?_ga=2.213699793.418197318.1618429060-2050841226.1618429060 Based on what this program does, do the process exclusion should suffice?

I have a drive letter that I need to exclude from scanning. I wanted to add for example e:\* but when i do this in my Policy for Performance exclusions it doesn't like it and shows in red. If I do e:\*. then it will go through. Will this wildcard make sure that no files will get scanned in real time?

I have noticed many detections in ESET PROTECT for detections in emails where the Uniform Resource Identifier has a random number like >> 6d61696c746f3a3f66726f6d3d46696c6d747261636b207c2050686f6e6526746f3d476c65 And then other email detections will show more information like the Mailto;From information. Why are some of these detections, not clearly define the Uniform Resource Identifier? Also if an email detection action is "Retained" does that meant the attachment was deleted from email but body of email retained?

Marcos. If saving to share on another server for example would this be correct format >> //server/share or \\server\share or \\server\c$\share? can you provide example of correct format?

I tried it on different environment using ESET PROTECT CLOUD and still fails. I even set share to "everyone". Nothing in trace log showing any details of failure to upload.

Trying to run the Upload quarantined object task but keeps failing. (ESET PROTECT 8.x) 1. Can this only be run when on Domain or will it work on Workgroup using Local Admin credentials? 2. Can you save this file locally on the Upload Path. example. c:\quarantine 3. If saving to share on another server for example would this be correct format >> //server/share or \\server\share or \\server\c$\share? 4. Would the target for this task be the machine where the quarantined object is currently housed?

When setting up ESET PROTECT Mobile Device connector and only using IPAD only devices. 1. Is it compatible with iPASOS 14.x ? I saw online guide mention that "iPadOS 13 is not supported by ESET PROTECT MDM" but when you go to this site at the bottom >> https://help.eset.com/protect_install/80/en-US/operating_systems.html?mobile.html but if you look at the list towards top of URL it says it is compatible. Very conflicting info on the same URL. 2. To setup MDC for IPAD only devices do you need your own 3rd party PFX cert (Example from GO DADDY) for these devices to connect to EP MDC or can you go through normal setup process like you would do for Android per >> https://support.eset.com/en/kb6368-eset-mobile-device-management-for-apple-ios-65-and-later 3. Can you use a Dynamic DNS name for this setup or it has to be domain you own?

anyone?

When clicking on computer that is actively checking in with 7.2 agent on ESMC 7.2 server and going to "Show details" >> "Overview" on the IP Address field is showing N/A (not applicable). The machine in question is a desktop that always stays with hardwired ethernet connection (DHCP). Other machines are showing fine as its about 30% that show N/A. Agent was just installed 2 days ago and nothing has changed in the environment.

Noticing a trend where computers with ESET installed (Home consumer or Endpoint) , is causing issue with Drop box sync to fail (Can't establish connection". Doing full disable of Protocol Filtering resolves the issue and then drop box starts syncing again. only disable of SSL/TLS filtering does not resolve issue. I assume doing a Protocol Filtering exclusion for drop box should not be applied correct? if so then how would you exclude PF from scanning drop box ?

Do you have any details on how to do this export/import option?

ESMC was not working so I performed full reinstall of all components. I had backed up the server cert and CA and policies via "Export". After install, I imported CA and server cert and machines are checking in like before but they are all going into the LOST AND FOUND Static Group instead of their respective MSP groups that are synced over from license management. Is there any way to get these machines back into their respective groups without have to manually drag and drop them over?

@MartinK I know the easy way is through the GUI but per my post I mentioned there are some instances of ERA 6.5 OVA that do not have this and it is likely because the previous version they had (example OVA 6.2) never came with this and when they did components upgrade it did not bring it over. Also I would like to know this command because the OVA MDC Appliance also does not have option to backup database and I was wondering if there is easy command to accomplish this.

Wanting to do a Database Backup and Restore to new ESMC OVA. The ERA 6.5 I am trying to backup does not have the "Backup Database" option on the console window. This was likely a 6.2 or 6.3 appliance that got upgraded but none of the other items that should be there for ERA 6.5 OVA. Is there a way to backup the current database via terminal window to a file and then I will move it over to the new Appliance. If I move it to /root/era-backup.sql when I do the Database restore will it see it and bring in the raw data to new ESMC OVA?

can this be added to feature request for next version?

I want to be able to use the built in report in ESMC called "Outdated applications" but need to know what users are currently logged in that are on that version. When I go to Data or filter there is no option to add USER >> User Name. Is there something missing or this is not possible to do with the report and can only filter by Static Group Name?

Thank you so much.

Wanting to run the Windows Update task in ESMC to run on the 2nd and 16th of each month. Any help on setting up this trigger would be helpful.

Why is a duplicate ip address detection being flagged as >> Rule/worm name;Application;SHA1;User?