katbert
Members-
Posts
78 -
Joined
-
Last visited
-
Days Won
1
katbert last won the day on February 22 2019
katbert had the most liked content!
About katbert
-
Rank
Newbie
Profile Information
-
Location
Russia
Recent Profile Visitors
-
Known threats and EDTD
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
This is a bug or by-design? In EDTD help described upload of EICAR test file (100%-known malware) https://help.eset.com/edtd/en-US/?submit_esmc.html -
Is it possible to send known threats to EDTD? It my test environment I extracted files mimikatz_trunk.zip. Almost all files was deleted by on-access protection. In ESMC console I go to Threats and select "thread resolved" filter. I see detected mimikatz modules. I selected one of modules and opened Threat Details. I see Threat name = Win64/Riskware.Mimikatz.D Action taken = cleaned by deleting Scanner = Real-time file system protection In the bottom of Threat Details page I press Send file to EDTD button, and see message of creating client task. One minute ago I see in Client tasks\Eset security product\send file to edtd, and this task was finished successfully But in Submitted files list in ESMC console I don't see this file. And in local interface of File Security - I don't see this file too. Is it bug in ESMC console, or submitting 100%-known threats is not possible?
-
Peter Randziak reacted to a post in a topic: EDTD - don't show manually submitted files
-
EDTD - don't show manually submitted files
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
Thanks for the explanation! And how about certificate issue from my previous post? -
EDTD - don't show manually submitted files
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
we found solution if Windows Server don't trust certificate of ts.eset.com - send files log is empty and no error logged after import Digicert and thatwe root certs - Eset can send files successfuly, and show all previuosly sent files this is a bug, I think -
EDTD - don't show manually submitted files
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
-
EDTD - don't show manually submitted files
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
This screen for Endpoint Security. How to enable diagnostics logging in File Security? -
EDTD - don't show manually submitted files
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
How to enable diagnostic logging? -
EDTD - don't show manually submitted files
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
Yes, with custom files. -
We have trial 1-month license for EDTD: ESET Dynamic Threat Defense for Endpoint Security + File Security ESET Dynamic Threat Defense for Mail Security We add license to EBA Account, activete some servers. I see EDTD license in ESMC Console (Computer - show details), and see EDTD settings in local GUI of File Security. If I manually submit files - I see message about successfully sended files. But I don't see submitted files in local GUI or ESMC console, as described here: https://help.eset.com/edtd/en-US/?manual_upload.html Local Sent files log is empty. Agent version is 7.0.577 and File Secuirity version is 7.0.12018
-
I updated ESMS server components from 7.0.66.1 to 7.0.72.1 (server, agent, web console) using web-console popup window. And I updated Apache HTTP Proxy using all-in-one installer 7.0.72.1. Last step - update Tomcat. I uninstalled Tomcat 7.0.90 from Windows Control Panel, run all-in-one installer and install web console with tomcat 7.0.92 x64. Web console installed successfully and work. But in Windows Control panel\ Programs and features I don't see uninstaller for Tomcat 7-0-92 Is in bug of all-in-one installer 7.0.72.1? And how to uninstall Tomcat 7-0-92 x64 (it may be required to next update)?
-
Sient upgrade from 7.0.66.1 to 7.0.72.2
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
I found Component upgrade task description here: https://help.eset.com/esmc_install/70/en-US/components_upgrade.html I updated Apache HTTP Proxy using all-in-one installer: backup configs, stop service, run setup.exe. Apache HTTP Proxy updatet successfully. https://help.eset.com/esmc_install/70/en-US/upgrade_apache_http_proxy_windows_instructions_allinone.html But in Windows Control Panel \ Programs and fetures - I see Apache HTTP Proxy with old installetion date and without version Is it normal? -
Sient upgrade from 7.0.66.1 to 7.0.72.2
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
I updated ESMC Server in the test environment. In the server's trace.log file I found events about database upgrade, and final event: -
I run upgrade from popup window in ESMC web console, logoff from web console and close browser. This is recommended way to update ESMC from 7.0.66 to 7.0.72: https://help.eset.com/esmc_install/70/en-US/upgrade_procedures.html In Windows Application eventlog I see events fro MsiInstaller - about successfully update server_x64.msi (with reboot suppressed) and agent_x64.msi. Final event in Application evenltog is era-updater Execution finished with 0x0: (0x0), In Windows Control Panes - I see, only Server and Agent updated to version 7.0.577.0. Tomcat and Apache http proxy have old versions. My questions: How can I see end of upgrade process, launched from web console popup window? How can I see end of database update process (which can work some time in ver 6.x - and admin can't login console) Which ESMC Components I still need to update manually?
-
I want to log all files, scanned by real-time protection. I'm using Eset File Security 6.5.12014.1 I enable "Log all objects" option in settings \ Real-time file system protection \ ThreatSense parameters But I don't see any logs. Where can I find them?
-
I'm in process of upgrade ERA from 6.5.34.0 to v7 Upgrading Webconsole steps from: https://support.eset.com/KB6925/ Stop Tomcat service, backup 3 configs: .keystore, server.xml and EraWebServerConfig.properties uninstall old Tomcat install new Webconsole and Tomcat from all-in-one installer v7 restore 3 configs I compare configs from backup (which used by Webconsole v 6.5) and new-genegatet configs from Webconsole v7 I see, what server.xml - have only one difference - password to keystore. So, restoring of server.xml + keystore - restore ONLY self-signed certificate of Webconsole v6. I'm right?