Jump to content

Zurd

Members
  • Posts

    33
  • Joined

  • Last visited

About Zurd

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Canada

Recent Profile Visitors

590 profile views
  1. No worry, those are all wired computers in an office :)
  2. Thanks for the info, it definitely makes sense to add the network in the trusted zones, especially if it's a Windows domain so that everything that is remote from the server can work as expected.
  3. Anyone has any thoughts about adding the whole network like 192.168.0.0/255.255.255.0 in the Trusted zone? It allows ping to the computer but at the same time, I wonder why you would want to put the whole network as trusted. What if a computer is infected and start attacking other computers on your network? Shouldn't the Trusted zone always be empty? https://help.eset.com/ees/7/en-US/trusted_zone.html
  4. Indeed, an alert message coming from ESET's software is not ESET problem. The developer's of ESET never put that message there, they have nothing to do about it, this is basic computer knowledge :)
  5. You should have posted this before or just answered my questions better and we wouldn't have wasted so much time. You should add this information about IDS exceptions of duplicate IP in your knowledge base, that will save time for others: https://support.eset.com/kb3430/?viewlocale=en_US
  6. After some research, I just found out there is an option already in ESET in IDS to disable the duplicate IP addresses messages. You do not need to whitelist any IP which would be a bad security decision and which shouldn't be suggested by ESET's administrators. To disable those warning, go into Settings / Network Protection / Network Attack Protection / IDS Exceptions, click Edit then Add. Choose Duplicate IP addresses and set to No all of them which are Block, Notify and especially Log so you will not see those alerts in ESET RAC. If you have ESET RAC, you can create a custom policy with this and assign it to all of the computers easily.
  7. Yes, there is a duplicate IP detected. I don't have to do this test, I believe you that there is one. That is not the issue. Like I said before, what about having an option in ESET to not warn about duplicate IP? But just those warnings without having to whitelist anything.
  8. Yes, if I whitelist the IP range in ESET's IDS (Intrusion Detection System), I won't be notified about duplicate IP addresses. However, I also won't be notified when a real intrusion or attack occurs. We might as well uninstall ESET's firewall? Wouldn't that achieve the same goal? I don't understand why you say it has nothing to do with ESET. The warning message of duplicate IP comes from the software ESET. It has everything to do with this software. Wouldn't it be a good idea to add, in the future, an option to not warn about duplicate IP?
  9. If we set an IDS exclusion for an IP range, doesn't that defeat the purpose of having ESET's firewall? Isn't there any other solution like an option to disable the duplicate IP message? Whitelisting IP's just for a false positive is extreme. It's actually more than just a false positive, it's just a duplicate IP, it is in no way an attack on the network.
  10. Products used: ESET Endpoint Security 7.0.2091.0 with ESET Management Agent 7.0.577.0 and Detection Engine 19287 (20190501) Operating System: Windows Server 2016 Standard and Windows 7 or 10 computers ESET RAC: ESET Security Management Center (Server), Version 7.0 (7.0.577.0) and ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) Problem: Both ESET RAC and each computer running ESET Endpoint Security will display an alert message saying "Duplicate IP addresses on network" but there shouldn't be any message. Cause of the problem: It can be easily reproduced by logging with a VPN then with RDP. Details: Let's say you have a Windows Server with a DHCP service and also a VPN service. The DHCP range is 192.168.0.50 to 192.168.0.100. On your own network, log in with a VPN to this Windows Server. This will make the server give you an IP address, for example 192.168.0.60, you can see it by running ipconfig on your own computer, there will be a PPP adapter section. Then, log in with RDP to a computer on the network of the Windows Server, for example 192.168.0.55. At this point, the Windows Server will have in its DHCP table, the IP 192.168.0.55 as a type DHCP for the computer on it's network and also the IP 192.168.0.60 as a type RAS (Remote Access Service) which comes from the VPN and more specifically in Routing and Remote Access Service in Server Manager of the Windows Server. To sum it up, there's is no duplicate IP but ESET thinks that there is and it will report the VPN IP 192.168.0.60 as a duplicate IP. ESET's knowledge base doesn't have a solution: https://support.eset.com/kb3430/?viewlocale=en_US One solution would be to whitelist all the IP of the DHCP server but this is a dirty solution as you want to be alerted if something is not a false positive on your network. More information on whitelist here: https://support.eset.com/kb2939/ A better solution, would be to restrict the IP given out of the Windows Server of the VPN to something like 192.168.0.200 to 192.168.0.220 and then whitelist only those IP's but I would prefer not to whitelist anything.
  11. I had the problem below while trying to push an installation on a computer. I tried to install the .MSI file manually and it worked on the computer. Eveything else was fine since I already pushed quite a few other installations. Turns out the only thing needed to make this work was to reboot the server running ESET Remote Administrator. Not sure why, maybe a Windows Update but it's all good now. I didn't see anything like this on the forum so I thought I'd share the solution. So in case it's not working, just reboot! Operating System: Windows 7 Professional x64 Edition Operating System Version: 6.1 Installation result: Setting IPC$ Connection: Result Code: 0 (The operation completed successfully.) Remote Registry Connecting (OS Info): Result Code: 0 (The operation completed successfully.) Remote Registry Opening (OS Info): Result Code: 0 (The operation completed successfully.) Remote Registry Reading (OS Info): Result Code: 0 (The operation completed successfully.) Remote Registry Connecting (ESET Security Product Info): Result Code: 0 (The operation completed successfully.) Remote Registry Opening (ESET Security Product Info): Result Code: 2 (The system cannot find the file specified.) Setting ADMIN$ Connection: Result Code: 0 (The operation completed successfully.) Copying ESET Installer: Result Code: 0 (The operation completed successfully.) Setting IPC$ Connection: Result Code: 0 (The operation completed successfully.) Registering ESET Installer as a Service: Result Code: 1460 (This operation returned because the timeout period expired.) Diagnostics conclusion: Result Code: 1603 (Fatal error during installation.)
  12. Where would that option be? I can't find it. Will that use more bandwitdh to communicate with every clients?
  13. After much testing everything's working! Here's some tricks that can help to troubleshoot this. In ESET RAC, in the Clients tab, there's a column for "Requested Policy Name" and "Actual Policy Name". This page helps in setting up ESET RAC: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3453&locale=en_US In the client, this option is available in: Options > Antivirus & antispyware > Real-time file system protection > Setup... > Extensions and not in: Options > Antivirus & antispyware > Exclusions by path It takes forever for the client to receive the new configuration. Here's a list of things that seems to make a difference in pushing the new policy: - Wait 15 minutes for every changes you make, check the column Last Connected to know if the new policy has been pushed or not, seems like it's being reset every 15 minutes - Multiple reboots of the client computer - Setting the policy "Default system policy" then to the custom policy and back for the client in ESET RAC - Opening ESET on the client and going to Tools (it takes forever to show this page so maybe it's getting the new configuration) - Wearing a hat and singing seems to help too
  14. I tested the policy with another settings just for testing, the "Scan removable media", is now at No, I rebooted the client computer but this option is still checked. We only have one custom policy, we're modifying "Windows desktop v5" but I also tested with v3 and v4 but it's still not working. The client computer is using ESET Endpoint Security 5.0.2229.1
  15. I saw in the documentation that [policy] "Rules are applied immediately after the client connects to the server" So I rebooted the computer but I still cannot see this new policy.
×
×
  • Create New...