Jump to content

MichalJ

ESET Staff
  • Posts

    2,229
  • Joined

  • Days Won

    65

Kudos

  1. Upvote
    MichalJ gave kudos to Marcos in Detections Actions Error   
    The issue is caused by an older version of the Translation support module. On Monday we should start with upgrade, however, it will require a restart of the ESET PROTECT Cloud instance.
  2. Upvote
    MichalJ gave kudos to dmaasland in How to detect which process changes background desktop   
    Try something like this:
     
    <?xml version="1.0" encoding="utf-8"?> <rule> <definition> <operations> <operation type="WriteFile"> <operator type="or"> <condition component="FileItem" property="Path" condition="starts" value="%APPDATA%\microsoft\windows\themes\cachedfiles\" /> <condition component="FileItem" property="FullPath" condition="is" value="%APPDATA%\microsoft\windows\themes\transcodedwallpaper" /> </operator> </operation> <operation type="RegSetValue"> <condition component="RegistryItem" property="Key" condition="starts" value="HKCU\software\microsoft\windows\currentversion\explorer\wallpapers\backgroundhistorypath" /> </operation> <operation type="RegDeleteValue"> <condition component="RegistryItem" property="Key" condition="starts" value="HKCU\software\microsoft\windows\currentversion\explorer\wallpapers\backgroundhistorypath" /> </operation> </operations> </definition> <description> <name>Wallpaper was altered</name> <explanation> The wallpaper was altered </explanation> <category> Default </category> </description> </rule>  
  3. Upvote
    MichalJ gave kudos to Marcos in Documentation on PROGRAM COMPONENT UPDATE - Auto Update   
    On August 25 we are starting to roll out the very first uPCU update to v8.0.2039 version for those with older Endpoint v8.0 versions. The rollout will be staggered and we expect it will take about 2 weeks to get downloaded by all users with an older version of Endpoint v8.0.
  4. Upvote
    MichalJ gave kudos to BrianMorris in Options in "Computer Preview"   
    That's cool that we can customize this -- I didn't realize that. I see that more options have been added:

  5. Upvote
    MichalJ gave kudos to MartinK in Last used tasks - greyed out   
    Just a note that this issue should be resolved with version deployed recently.
  6. Upvote
    MichalJ gave kudos to BrianMorris in Check which workstations need updates   
    Thanks for the response! Ok, I re-read what you posted above and you gave me some hints. I found that I can click on the outdated Agent version and click "Update installed ESET products..." and then just tell it to upgrade all of those agents. This is a huge help.

  7. Upvote
    MichalJ gave kudos to Marcos in ESET Cloud Office Security (ECOS) 96.3 released   
    Release Date: August 18, 2021
    ESET Cloud Office Security 96.3 has been released.
    Changelog
    Version 96.3:
    Added: Teams and SharePoint Sites reports
    Added: Bulk download of quarantined items
    Added: Date and time uses the same format as in ESET Business Account
    Added: User details contain information about the license that the user is protected with
      Support Resources
    For more information, visit the ESET Cloud Office Security help page or contact your local reseller, distributor or ESET office.
  8. Upvote
    MichalJ gave kudos to Marcos in ServerApi - Get Task progress   
    I assume there are not many users well versed in API here. However, I'd like to contact the French distributor regarding your tickets since the answer you quoted above is not acceptable and the support personnel should have contacted ESET HQ to get an answer and then relay it to you. Please provide the support ticket ID that would help us identify the ticket and possibly also your public license ID in the form of XXX-XXX-XXX.
  9. Upvote
    MichalJ gave kudos to tmuster2k in Cant select server to upgrade from 6.x to 7.0   
    @Nikos Antonopoulos 
    This is what I would recommend when upgrading from 6.4. 
    1. download the 6.5 server msi >>https://download.eset.com/com/eset/apps/business/era/server/windows/v6/latest/server_x64.msi
    2. Run the MSI to do upgrade over the top by using the defaults. If you get some kind of access denied then you will need to enter database user name. usually era_user and password is located in >> C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration
    3. If you are running SQL Server express 2008 then you will need to upgrade that to 2014 at minimum. The all in one may do it. upgrades of SQL usually require reboot. 
    4. After reboot download the EP 8.x installer >> https://download.eset.com/com/eset/apps/business/era/allinone/latest/x64.zip
    5. run the setup.exe and try the upgrade all components option now. 
    If any of them fail just uninstall and then do install from all in one. Tomcat may need full re-install. 
    Also if you are running Java 32 bit you will need to uninstall and install Java 64 bit >> 
     
    https://support.eset.com/en/kb7088-install-esmc-web-console-using-jdk
     
  10. Upvote
    MichalJ received kudos from Romain Dheilly in New updated machines lost their product activation   
    Hello @Romain Dheilly, even if you have just used the software install task, the application should work in a way, that it will keep the license (even if no license was selected in the software install task). I will check with the teams here, whether they have witnessed similar behavior from the other customers.
    One of the things that I know tends to happen is, when customer accidentally installs EES and his license is for EEA, that will result in products being not activated, as the license and product do not match. When you have attempted the manual reactivation (vie the software install task), what was written in the task details / executions history? What was the reason for it to fail? 
  11. Upvote
    MichalJ gave kudos to MartinK in Update Agent Version   
    This seems to be an common misunderstanding and we should probably improve communication to users so that it is clear.

    In case of components upgrade task, you are actually selecting version of ESET PROTECT Server component, that you can actually upgrade to. In other words, in case your infrastructure is based on ESET PROTECT Server for Windows, you will be offered only the same or later version for the same platform. This version is later used for selection of compatible AGENT installers. So for example, as you have selected version 8.1.1223.0 as compatibility version, when this task is executed on macOS device, ESET repository is searched for latest AGENT version for macOS, that is compatible with ESET PROTECT 8.1.1223.0. which is currently version 8.1.3215.0. So the most confusing part is that you are actually not selecting version of AGENT to be installed, but just reference version used for compatibility.
     
  12. Upvote
    MichalJ received kudos from j-gray in Adding Enterprise Inspector   
    Hello @j-gray, I will try to help.
    Our EDR works in a way, that it requires a separate server with a separate console, however the "EDR console" is inteded only for incident investigation. Management / deployment / activation still happens in ESET PROTECT.
    So given the fact that you have already deployed ESET PROTECT environment, those are the steps needed: 
    Install ESET Enterprise Inspector on a dedicated machine. You will have to connect it to your ESET PROTECT, as it uses single sign on between those two, and ESET PROTECT is the one that is also managing user access rights. On this machine, also install ESET PROTECT Agent (you will need it, for future updates).  EEI server needs to be installed manually, you can´t do it from EP Server (not the first time).  Once your EEI Server is installed and running, you can proceed with installation of a component called "EEI Agent". Even though it is named "agent" it is a very small binary, that just sends the detection metadata gathered by our Endpoints (Endpoint is the "AGENT" per se) to the EEI Server, where the detection logic resides.  You will have to specify the EEI server connection details into the policy for EEI agent, that you can assign to group all (they will connect). Also, you will have to activate EEI Agent (If you have the latest version of ESET PROTECT, there is a context menu option called "deploy EEI Agent", that will do the trick for you).  Once you have your environment setup, EEI detections will appear also in ESET PROTECT. From there, you can easily navigate to details of each detection. You can also access the EEI UI directly, if you are interested in just the EDR functionality. 
    Hope that this helps.
    Michal 
     
  13. Upvote
    MichalJ gave kudos to DonaldDucko in Future changes to ESET Security Management Center / ESET Remote Administrator   
    In the reports data section, could we please get remaining free space for individual storage drives? In percent of total drive space would be best, and it would need to be per drive, instead of combined.
    Thank you in advance!
     
  14. Upvote
    MichalJ gave kudos to dmaasland in Block ransomware behavior automatically   
    You can add an action to a rule. If you want to edit a built-in rule, duplicate it first. Then, add the desired action to it:
     
     
    The action you're looking for would be "BlockProcessExecutable" or "CleanAndBlockProcessExecutable". Check out page 6 in the EEI rule guide: https://help.eset.com/tools/eei/eei_rules_guide_1.6.pdf
     
    Don't forget to also specify the "TriggerDetection". This is the default action if no action is specified, but gets overwritten as soon as you specify your custom action. This causes the rule to not create a detection but only block the executable if you don't add that action as well.
  15. Upvote
    MichalJ gave kudos to Marcos in ESA+CISCO ISE   
    ESA RADIUS supports PAP and MS-CHAPv2 (both can be found mentioned in following article: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_net_acc_flows.html#wp1134831)

    It should work if the product supports authentication using external RADIUS server using PAP or MS-CHAPv2. In the past we had customers who used Cisco products including Cisco ISE.
    We have RADIUS integration manuals for some Cisco products :
    https://support.eset.com/en/kb3473
    https://support.eset.com/en/kb3481
     
  16. Upvote
    MichalJ gave kudos to Marcos in Eset Full Disk Encryption   
    Are you referring to the errors in the log or is there an error reported in gui? The resolution of the screen shot of gui is too small to be able to read the text.
    The errors in the log mean that ESET's EDF servers were inaccessible. Please read https://support.eset.com/en/kb332 for a list of IP addresses and ports that must be allowed for specific functionalities to work.
     
  17. Upvote
    MichalJ received kudos from igi008 in Security product configuration - Select Multiples   
    Hello @endpointandcats
    You do not have to select the configuration during the installer creation. You can simply assign all of the relevant "policy templates" (or custom made policies) to group all (or any group or even an individual computer), which means that the resulting configuration would be created as a merge of those policies. 
    Alternatively, you can create your own custom template, where you configure the product as you want, and then you choose this template during the installer creation process. 
    Please note, that there is a difference between a configuration and policy. Configuration sets the values to the desired state, but does not lock them on the client (if the local user has admin rights, he can change the settings). Policy on the other hand, if setting has "apply/force" flags set, would lock the setting, and prevent it from being edited. 
    Hope that this helps.
    Michal
  18. Upvote
    MichalJ gave kudos to Marcos in ESET Enterprise Inspector version 1.6.1716 has been released   
    Release date: June 1, 2021
    ESET Enterprise Inspector 1.6.1716 has been released.
    The installer is now available for download from the download page.
    Changelog:
    Added: Granular User Access rights (permission sets in ESET PROTECT)
    Added: Incidents view
    Added: Remote Connection method
    Added: Reduction of “Detection overload”:
    Learning mode
    Protection against noisy Rules
    Default Exclusions suggestions
    Profile based configuration in installer to setup the product for various user types
    Choice of 3 preset Profiles
    Choice of Rules to enable based on four Severity levels
    Choice of Data collection options
    Choice of Data retention periods
    Change of default views
    Improved: Database improvements:
    Event Filters created automatically for noisy Computers
    DB Purge process improvement
    Display estimated DB required space on Dashboard
    Warning for sub-optimal DB configuration
    Warning in case of insufficient space
    Improved: User Interface improvements
    Notifications view
    Improved Details view
    Filtering in Raw Events view
    Categorization for Rules
    Display PEDrop module hash in UI
    Improved: Detection capabilities improvements
    Ability to detect login brute-force
    Ability to detect misuse of trusted DLLs
    Ability to monitor discovery techniques using WMI GetObject method
    Re-evaluation of Rules severity values (based on latest telemetry statistics)
    Change of Ruleset to reflect compromised flag
    Improved: REST API improvements
    Ability to disable/enable Rules
    Ability to create/manage Exclusions
    Ability to trigger Network Isolation
    Added Trigger Event for Detections
    Ability to upload a list of hashes to be blocked
    Ability to update Computer state
    Other improvements:
    Ease of deployment – All-in-one installer with EI Agent (ESET PROTECT 8.1 required)
    Performance and scaling improvements
     
    Known Issues:
    As of version 1.6, we are introducing a new feature, "Optional Rules". There is a separate group of rules that are not enabled by default, yet they are installed by the installer but in a disabled state. Users can decide for these rules if they suit their environment and enable them manually.
    Having this feature, we have decided to move some of the existing rules to the "Optional" category. It means some of the existing rules enabled in your environment may, after the installation, become disabled because they are updated with the new version of the rule, which is optional now. Please check disabled rules after the upgrade from previous versions if some of the rules you want to have enabled were not disabled by this mechanism.
    Support Resources:
    Online Help (user guide): ESET Enterprise Inspector
  19. Upvote
    MichalJ received kudos from Gintaras P in WEB filtering for Android devices enrolled via MDM   
    Hello @Gintaras P Per my knowledge, web filtering for our ESET Endpoint Security for Android is currently considered feature, for addition later this year. I will check it with our product management, and come back to you once confirmed. 
  20. Upvote
    MichalJ gave kudos to Marcos in This feature is not monitred by Windows Security (firewall)   
    You must go one step back to select the product:

  21. Upvote
    MichalJ gave kudos to M.K. in Policy not whitelisting spam   
    Hi,
    the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately.
    Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update.
    Regards, Matej
  22. Upvote
    MichalJ gave kudos to MartinK in Installing Agent through CMD QUITET doesn't work for ESET PROTECT CLOUD   
    Could you please provide standard trace.log from AGENT or possibly search it for more detailed connection errors? I do not see any obvious problem with deployment method you are using - in case no mistake was made during parameters processing, it should work. From provided status.html it is not clear why connection is failing, it might be network related, but also certificate related. As it seems that certificate of ESET PROTECT Cloud service has been accepted, it might be problem with AGENTs certificate -> in steps you mentions "same old file" next to certificates, but if it means that you are attempting to use the same certificates an you used with on-premise solution, that won't work -> devices managed by cloud service are assigned certificate generated by service itself, and that is only certificate that will enable your devices to connect.

    Also note, that there is even simpler deployment method:
    Download AGENT MSI file and install_config.ini (so called GPO installer) into the same folder Initiate silent installation of AGENT via msiexec command, but without product specific parameters (those P_***) Observe that installer properties are automatically loaded from install_config.ini, i.e. there is no need to copy them to command line
  23. Upvote
    MichalJ received kudos from Peter Randziak in MITRE RESULTS   
    Hello, thank you.  And yes, we do have plans to add Linux coverage, in the reasonable future. 
  24. Upvote
    MichalJ gave kudos to j-gray in Help generating a software report with user login info   
    I need to find all OS X workstations that are missing a specific app and need to know the assigned user so that they can be contacted. Also need to include the OS version, so that we can work with the specific user to update/replace the device as needed.
  25. Upvote
    MichalJ gave kudos to pronto in Configure period for warning: Last connected   
    Okay, thanks for the effort. The setting is not a matter of life or death but as a nice to have it would be great...
    Thx & Bye Tom
×
×
  • Create New...