Jump to content

Sander de Cocq

Members
  • Posts

    16
  • Joined

  • Last visited

About Sander de Cocq

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Netherlands

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello, I got the server operational again, and cleanup jobs that were indeed failing are now working again and I have 58% free space in the database. The tblf_firewallagregated_event table was definitely the culprit. I'm going to keep an eye on the specifics you mention to see if we still have an issue.
  2. This is indeed the answer I was looking for, it works great, thank you! I agree with, and appreciate the other responses as well, those indicate more of an architectural issue however and will be addressed separately. My question was purely from an operational POV for the short term to keep our ESMC server operational.
  3. Hello, I certainly don't want to disable Network Protection! I just don't want our database to explode with logging of the blocked attempts. Is there perhaps a way to clean up the logging in the database through ESMC or SQL queries?
  4. Thank you for your response. Yes it is mainly botnet RDP attacks. This causes an endless stream of detections, 10's per minute, since we are talking about 250+ internet facing servers with RDP enabled. This is by design and all have loooong complex passwords. The blocked detection logging really has no benefit for us, it actually turns into a liability when the growth of the era_db is limited and can take down the ESMC services.
  5. Hello, ESET Security Management Center (Server), Version 7.1 (7.1.717.0)ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0) Yesterday our ESMC crashed because the SQL database had grown beyond 10GB (SQL Express limit). We are protecting a lot of Windows Web Servers with File Security, which are obviously constantly under attack from many bot nets, therefore millions of (firewall) detections are logged that are actually blocked and that we are not particularly interested in. Is it possible to lower the logging level so only firewall detections that are not blocked are logged? Or any other suggestions to keep the database size under control? I was also looking at the log retention settings, but these are already all set to 1 month or less.
  6. Thank you very much. I'll follow the correct channel next time.
  7. Hello, We are provisioning a new web server, but it seems we inherited the blacklisting from the previous owner of the IP address: 66.85.74.178 The new server is running ESET File Security and our client PC's cannot reach it because they use ESET Endpoint Security. Can you please remove 66.85.74.178 from the blacklist? Regards, Sander
  8. Thanks for the great response. Yes, I found the computer under Questions and resolved the apparently changed hardware (it is a cloud VPS, so I guess the provider changed something in the VM configuration. We were not aware of any such change.)
  9. Hello, We have an agent that has not been reporting for a long time. I've reinstalled the agent, and it installed without errors, but it's still not replicating with our SMC. In ela.eset,com, it is reporting. The server in question can connect to era.ourdomain.com:2222 Collected log files attached. efsw_logs.zip
  10. Deleting the service from registry in safe mode did the trick, case closed. Thank you for your assistance.
  11. Yeah, the service is not deleted, we can't do it with the command line or directly in the registry (HKLM/system/currentcontrolset/services). We're going to try booting in Safe Mode and deleting from registry next, unless you have other suggestions.
  12. Thank you. After the reboot, the scanner is running, however the firewall, anti-phishing and email scanning modules are not running and cannot be enabled in the GUI. Attached are new log files. ees_logs-2.zip
  13. Hello, I had a W10 client that I could not upgrade through the SMC from 6.3 to 7 Endpoint Security. Manual installation of the package failed because the processes could not be stopped. I disabled the services, and the installation proceeded, and the client reported correct version in SMC. However, all modules are disabled, and cannot be enabled from the gui on the client (not blocked by policy, it enabling/disabling is possible on all other clients). Can you help me sort this out? ESET Management Agent 7.0.577.0 Up-to-date version ESET Endpoint Security 7.1.2053.0 Up-to-date version Regards, Sander
  14. Thank you for your prompt reply, this looks like a good solution. I will try it out.
×
×
  • Create New...