Jump to content

derbärtigeFrytz

Members
  • Posts

    7
  • Joined

  • Last visited

About derbärtigeFrytz

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Germany
  1. We use ESET Protect 10.1.1291.0. A customer has not only a VPN tunnel to us, but also to another IT partner. This IT partner was individualy attacked and now provided an individual list of IOC hashes as well as a list of attacking IPs. For the moment, there is no indication, that the customers network had been compromized. Nevertheless, I would like to scan my network as well for signs of intrusion as I have no information, wether ths IT Partner reported anyway to update standard AV search databases. How could I extend the ESET databases for the full client file scan and the IDS/HIPS for all clients?
  2. Thank you. I did not look there, because the ESET Endpoint Antivirus GUI told me, everything is well (the management agent states, that it is connected and successfully replicated). I now found out, that even with disconnected network, this status is "connected" and "replicated". The trace log tells me, that eset cannot resolve the servers DNS name, which is true with VPN tunnel. So, the solution will hopefully be to set an entry to the clients /etc/hosts.
  3. Hello all. We use ESET Protect 10.1.1291.0. The Linux desktop uses management agent version 10.1.2272.0 an endpoint antivirus 10.2.2.0 Some of our clients (notebooks) jappear in changing subnets, regarding on how they join our network. There is one subnet for clients, that build up a VPN tunnel from remote and another for those that are connected directly to the LAN. It seems, ESET Protect can handle this (changing IP addresses), when it deals with a windows client. However we also have (Ubuntu 22.4.3 x64) Linux clients. Those are not member of the domain, however have DNS records für both IPs. For those clients, everything works well, when they are in the subnet, that they were in at Endpoint Antivirus installation time. If they are in the other net, the management agent states, that it is connected and successfully replicated. However ESET Protect still complains, that the client is not connected. It is not aware of the IP change. Am I missing something?
  4. Hello, same situation here. Upgrade Task claims to be successfull, however seems to do nothing. Maybe related to: repository.eset.com/v1/com/eset/apps/business/era/agent/v10/10.1.1292.0/agent_x64.msi.changelog.html Version 10.1.1292.0 Fixed: Agents lost connection after migration followed by an upgrade Fixed: Agent service fails to stop in time or system reboot takes longer takes expected Fixed: ESET Inspect connector version status and size not reported to ESET Protect on RHEL 9.2 Fixed: Agent for macOS is not properly fetching system build number and rapid response version code
  5. I faced the same problem today. I am working with ESET Endpoint Antivirus 9.0.5.0 and ESET Management Agent 9.0.2141.0 Both services failed to start, after I updated my Ubuntu Desktop 20.04 to 22.04. According to /var/log/syslog there was an error finding libssl.so.1.1 and libcrypto.so.1.1 I found them in /snap/gnome-3-34-1804/77/usr/lib/x86_64-linux-gnu/ Unfortunately there was no hint WHERE the services try to find this libraries. - Setting $LD_LIBRARY_PATH did not help. - Linking the libraries to /usr/lib64 did not help either. I solved this by linking them to each installation point of Endpoint Antivirus and Management Agent. # Endpoint Antivirus sudo ln -s /snap/gnome-3-34-1804/77/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 /opt/eset/eea/lib sudo ln -s /snap/gnome-3-34-1804/77/usr/lib/x86_64-linux-gnu/libssl.so.1.1 /opt/eset/eea/lib sudo systemctl start eea # Management Agent sudo ln -s /snap/gnome-3-34-1804/77/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 /opt/eset/RemoteAdministrator/Agent sudo ln -s /snap/gnome-3-34-1804/77/usr/lib/x86_64-linux-gnu/libssl.so.1.1 /opt/eset/RemoteAdministrator/Agent sudo systemctl start eraagent Hope, this will help.
  6. I am ashamed, how easy this was. Please close, or delete. Regards Frytz
  7. Hello Sirs. I am new to ESET ESMC and hope, you will help me with a problem. We want to nmap our network on a regular base to find new network devices or devices which have changed the profile of open ports. i.e. nmap -sT 10.10.10.0/24 One single server should be allowed to do that. The scan however is blocked by the clients ESET Firewall. I know, I need a ESMC network protection policy for that, however did not figure out, where to go next. Can anybody please point out, where I have to go next, or even better, provide a detailed description? We use ESMC 7.0.577.0, ESET NOD32 Antivirus 4.0.93.0, ESET Endpoint Security 7.1.2045.5 ESET NOD32 Antivirus 4.0.93.0 Best regards Frytz
×
×
  • Create New...