katbert

This is a bug or by-design? In EDTD help described upload of EICAR test file (100%-known malware) https://help.eset.com/edtd/en-US/?submit_esmc.html

Is it possible to send known threats to EDTD? It my test environment I extracted files mimikatz_trunk.zip. Almost all files was deleted by on-access protection. In ESMC console I go to Threats and select "thread resolved" filter. I see detected mimikatz modules. I selected one of modules and opened Threat Details. I see Threat name = Win64/Riskware.Mimikatz.D Action taken = cleaned by deleting Scanner = Real-time file system protection In the bottom of Threat Details page I press Send file to EDTD button, and see message of creating client task. One minute ago I see in Client tasks\Eset security product\send file to edtd, and this task was finished successfully But in Submitted files list in ESMC console I don't see this file. And in local interface of File Security - I don't see this file too. Is it bug in ESMC console, or submitting 100%-known threats is not possible?

Thanks for the explanation! And how about certificate issue from my previous post?

we found solution if Windows Server don't trust certificate of ts.eset.com - send files log is empty and no error logged after import Digicert and thatwe root certs - Eset can send files successfuly, and show all previuosly sent files this is a bug, I think

File Security 7.0.12018 don't have log verbosity settings

This screen for Endpoint Security. How to enable diagnostics logging in File Security?

How to enable diagnostic logging?

Yes, with custom files.

We have trial 1-month license for EDTD: ESET Dynamic Threat Defense for Endpoint Security + File Security ESET Dynamic Threat Defense for Mail Security We add license to EBA Account, activete some servers. I see EDTD license in ESMC Console (Computer - show details), and see EDTD settings in local GUI of File Security. If I manually submit files - I see message about successfully sended files. But I don't see submitted files in local GUI or ESMC console, as described here: https://help.eset.com/edtd/en-US/?manual_upload.html Local Sent files log is empty. Agent version is 7.0.577 and File Secuirity version is 7.0.12018

I updated ESMS server components from 7.0.66.1 to 7.0.72.1 (server, agent, web console) using web-console popup window. And I updated Apache HTTP Proxy using all-in-one installer 7.0.72.1. Last step - update Tomcat. I uninstalled Tomcat 7.0.90 from Windows Control Panel, run all-in-one installer and install web console with tomcat 7.0.92 x64. Web console installed successfully and work. But in Windows Control panel\ Programs and features I don't see uninstaller for Tomcat 7-0-92 Is in bug of all-in-one installer 7.0.72.1? And how to uninstall Tomcat 7-0-92 x64 (it may be required to next update)?

I found Component upgrade task description here: https://help.eset.com/esmc_install/70/en-US/components_upgrade.html I updated Apache HTTP Proxy using all-in-one installer: backup configs, stop service, run setup.exe. Apache HTTP Proxy updatet successfully. https://help.eset.com/esmc_install/70/en-US/upgrade_apache_http_proxy_windows_instructions_allinone.html But in Windows Control Panel \ Programs and fetures - I see Apache HTTP Proxy with old installetion date and without version Is it normal?

I updated ESMC Server in the test environment. In the server's trace.log file I found events about database upgrade, and final event:

I run upgrade from popup window in ESMC web console, logoff from web console and close browser. This is recommended way to update ESMC from 7.0.66 to 7.0.72: https://help.eset.com/esmc_install/70/en-US/upgrade_procedures.html In Windows Application eventlog I see events fro MsiInstaller - about successfully update server_x64.msi (with reboot suppressed) and agent_x64.msi. Final event in Application evenltog is era-updater Execution finished with 0x0: (0x0), In Windows Control Panes - I see, only Server and Agent updated to version 7.0.577.0. Tomcat and Apache http proxy have old versions. My questions: How can I see end of upgrade process, launched from web console popup window? How can I see end of database update process (which can work some time in ver 6.x - and admin can't login console) Which ESMC Components I still need to update manually?

I want to log all files, scanned by real-time protection. I'm using Eset File Security 6.5.12014.1 I enable "Log all objects" option in settings \ Real-time file system protection \ ThreatSense parameters But I don't see any logs. Where can I find them?

I'm in process of upgrade ERA from 6.5.34.0 to v7 Upgrading Webconsole steps from: https://support.eset.com/KB6925/ Stop Tomcat service, backup 3 configs: .keystore, server.xml and EraWebServerConfig.properties uninstall old Tomcat install new Webconsole and Tomcat from all-in-one installer v7 restore 3 configs I compare configs from backup (which used by Webconsole v 6.5) and new-genegatet configs from Webconsole v7 I see, what server.xml - have only one difference - password to keystore. So, restoring of server.xml + keystore - restore ONLY self-signed certificate of Webconsole v6. I'm right?

Only minumum number of policies. One policy for workstations with EEA and single server. If EEA is not supporter on server OS - I will install EFSW

I try to uninstall Tomcat and install new version of Tomcat using all-in-one installer without reboot. But all-in-one installer require reboot. Why Server_x64.msi don't ask for reboot, if it is needed?

I'm in process of manual update from ERA 6.5.34.0 to v7 using this article: https://support.eset.com/KB6925/ I successfully completed first step - upgrade server using Server_x64.msi. But in Application Windows log I see event 1029 from MsiInstaller: Product: ESET Security Management Center Server. Restart required. The installation or update for the product required a restart for all changes to take effect. The restart was deferred to a later time. Should I restart the Windows Server now or later - after updating Tomcat?

I have ERA 6.5.34 and Windows Server 2008 R2 with ERA Agent 6.5.522 I'm try to install EAV 6.6.2086.1 on this server using ERA software installation task, but task failed with error "Task failed-try to install software manually". I found software-install.log, and see MSI error 5003 - this version is NOT for server operating system. If I run eea_nt64_rus.msi locally - I see a screen with recomendations to use special server antivirus, but I can press next and continue installation. Is it possible to install EAV 6.6 on server using ERA software installation task? Or see actual error in ERA console (without reading local software-install.log on local computers)?

Is it possible to create rules to delete e-mail attachments like *.exe or *.js using Eset Endpoint Antivirus or Eset Endpoint Security?

Unexpectedly quarantined message contains embedded jpg image with .com in the file name, but Outlook don't show this image as attachment. Thanks for answers!

I have Eset Mail Secuirity for MS Exchange, аnd rule to send to quarantine messages with danger extensions (*.js, *.vbs etc). This rule works fine for many days, but one message was quarantined unexpectedly. This message contain only two pdf attachments. But *.pdf don't block by my rule. Maybe Eset analyze pdf files as containers - and name of one of parts was blocked by rule? Some other antivirus check pdf like this: mypdf.pdf/data0001 mypdf.pdf/data0002 mypdf.pdf/data0003 mypdf.pdf/data0004 How Eset "see" parts of PDF container?

I'm testing LiveGrid in Eset Endpoint Antivirus 6.5.2094. I use this article: hxxp://support.eset.com/kb5552/?viewlocale=en_US Eset Antivirus successfully block download cloudcar.exe Next, I download this file with disabled http scanning. And Eset don't block running of this file. Which actions Eset can do using reputation data from LiveGrid - only block download attapts or block attempts to run files?

Now I'm testing agent 6.5.522 push install from ERA 6.5.31 on workstation without inet access - and see successfull installation from c:\windows\temp\agent_x86.msi Agent was installed using Apache HTTP proxy on ERA server?

Is lastest build of Eset Endpoint Antivirus - 5.0.2265 - compatible with Windows 10 Creators update (1703)?