DaveB-Opt

I guess that covers secure browser as well?

I can't see that option in the client GUI I'm afraid.

Hi Marcos. Have PM'd you regarding the log files See my other comment regarding the rule I've created. Apologies I forgot to quote your post in the reply

I've configured a basic block rule for blocking webmail. According to the server it's being applied to my machine. Can't see those settings under the client GUI. I'm also able to reach gmail.com from my machine. Will upload the logs shortly

I've created some web control & secure browser policies (enforced) yet my clients don't seem to be picking up the settings. When opening the client GUI, web control or secure browser isn't present under the settings. ESET Endpoint Antivirus + File Security (licensing) ESET PROTECT (Server), Version 8.0 (8.0.2216.0)ESET PROTECT (Web Console), Version 8.0 (8.0.175.0)Copyright (c) 1992-2020 ESET, spol. s r.o. All Rights Reserved. Endpoints are using AV version 8.0.2028.0

Ok that makes sense. Thanks for the help!

Thanks Marcos. I thought that was the case. I'm just confused at why I cannot replicate in Chrome on a machine without ESET

I'm getting an SSL error for all machines with ESET installed (see below error). Windows 10 - Chrome/FireFox/Edge. We've tested from multiple internet connections. However the page loads ok on a Windows 10 machine without ESET installed. I suspect there is an issue with the cert, but as SSL/TLS filtering is disabled for our endpoints, which component (if any) of ESET is causing the error? I've tried disabling all web & network protection to test but I'm still unable to bypass this error. Any thoughts? Your connection is not private Attackers might be trying to steal your information from consult.zanducare.com (for example, passwords, messages or credit cards). Learn more NET::ERR_CERT_REVOKED

Thanks Marcos. So it's normal for ESET to scan the same files over and over (even if they haven't changed) ?

These are old files in my downloads folder and not required by the operating system. Why does ESET re-scan them on every login? Basically we need all profile files to have the timestamps retained for our retention policies.

Whilst this works for most of the files, ESET is still scanning some files upon login (and therefore changing the timestamp). I logged in at 9:48 I can't see an option to preserve under the start-up options. Is there a way of getting around this?

Thanks found it now!

Thanks Marcos. I haven't come across per-profile policies yet. Where would I configure one in ESMC console? Tried Googling also

Hi - our last access date timestamps in Windows 10 always show as today's date. I'm guessing this is due to the real time protection from ESET? I can't seem to find an option for preserving these timestamps in the ESMC console. Googling and searching on this forum have yielded no results. Is there a way to achieve this?

Actually I spoke too soon. The only affected machine is an internal server which always resides behind our firewall

Good point - silly me! Thanks Marcos

We have a threat notification for the following. However we have blocked all connections coming from 185.202.0.0/16 at the firewall level, and I'm unable to see any incoming traffic from that IP address in the last week (from the firewall logs also). I'm not sure what triggers this alert in ESET but I'm also unsure as to how the firewall didn't pick up the connection attempt? Can anyone shed some light on this detection. Process name System Rule name Rule ID Source address 185.202.1.204 Source port 320 Target address 192.168.8.43 Target port 80 Protocol TCP Occurrences per minute 1

We're getting lots of blocked notifications which are showing as unresolved. 1. Is this normal behaviour? 2. Lots of them are going to one domain name. What can we do to mitigate? See messages below More details Hash A57DF2FDEBBCE21F5E1913B73797DF0B50BFA03E Uniform Resource Identifier (URI) https://hardyload.com Process name C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Event An attempt to connect to URL Rule Blocked by internal blacklist Scanner HTTP filter Target address 172.64.205.27

Thanks! - appreciate your advice. This may not be one of our company devices so I may not be able to use it.

Unfortunately this machine is often connected to a shared Wi-Fi connection outside of our network.

Thanks Marcos

What's the best practise for these notifications? They don't say 'blocked' or 'resolved' so I'm unsure what they're telling me. Thanks

Will do - might not be until next week though

Thanks Marcos. What's the easiest way to find out what's causing the performance issues? Most computers are ok but a handful are really sluggish unless the real-time scanner is disabled. All are using the same policy. All are of a similar spec

Are there any security implications from excluding ESET from scanning itself? The real-time scanner appears to be taking a toll on performance recently. We have the latest AV endpoint installed and we're using the balanced policy 'out of the box'