Jump to content

katbert

Members
  • Posts

    78
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by katbert

  1. We use Endpoint Security 5.0.2254 and 5.0.2265. How "flushing a file" in v6 works?
  2. Today we have analyzed one of the failed computers. It have a problem with some drivers installation. Eset drivers installed by ees_nt32_rus.msi - installed normally. But edevmon.sys - want manually confiramtion to install, like non-WHQL-signed driver. Without manual confirirmation driver not installed correctly, but registres as device filter (UpperFilters in many device classes). If computer rebooted remotely without install confirmation- Windows can't load UpperFilter for system drive, and show BSOD 0x0000007B. Rebuilding of corrupted catroot database (C:\Windows\System32\catroot2) solve driver installation issue, and edevmon driver installed successfully: https://support.microsoft.com/en-us/kb/822798 I think, ESET must more carefully verify driver intergation process it next versions.
  3. Thanks, "Configure the verbosity of setupapi.app.log and setupapi.dev.log" is what I need. Now I have detailed log of edevmon integration process. Default Windows event logs don't show any errors.
  4. In the production, after apply policy with integration of device control and some device blocking rules, Windows XP SP3 can't boot. Registry rollback restore them. Used Eset Smart Security 5.0.2254 and 5.0.2265 On one of recovered computers, I reinstall ESS, enable checkbox of device control integration, and monitor with "sc query edevmon" driver installation status. I wait some time - but driver wasn't installed. After reboot eset GUI freeze 2-3 minutes, and after that driver was successfully installed. I think, previosly failed computers have a problem with edevmon driver installation. On test virtual machine with clean Windows XP SP3 I collect Process Monitor log and see, what edevmon installed quickly before required reboot. How can I collect edevmon.sys installation logs?
  5. Same question about MailSecurity Can ERA Server 6.3 manage MailSecurity for Exchange 6.4.10009.0?
  6. This rule can redirect message with virus to qarantine. But redirect with cleaning it. Is it possible to redirect messages to quarantine without cleaning?
  7. On this screen - I see message with virus in Mail Quarantine: hxxp://help.eset.com/emsx/6/en-US/idh_quarantine.htm
  8. Eset save deleted viruses copies to one qurantine (Tools-Quarantine), and filtered by rules messages to second quarantine (Mail quarantine). Is it possible to save messages with viruses to "Mail quarantine"?
  9. I'm using ESET Mail Security for Exchange 6.3.10005.2 I created rules, which send to quarantine messages with some attachments (*.js, *.bat etc). Is it possible to sent to quarantine messages with viruses too? With default settings recipient of message with virus receive message with modified subject [found threat Eicar test file] and strange attachment ATT00001.txt
  10. Is it possible to migrate existing ERA5 Access database to MSSQL? This article say: The database type can be selected during installation of the ESET Remote Administrator Server (ERAS) and cannot be changed after installation hxxp://support.eset.com/kb963/?viewlocale=en_US But ERA Maintenance tool have database transfer option
  11. Is this issue fixed? In ERA 5.3.39 changelog I see: Version 5.3.39.0 Fixed: Remote client update task now supports .msi-installers with updated digital signatures and allows seamless client upgrade to version 5.0.2260.x and later. Fixed: With any other than blank password for the administrator account, the User Manager will refuse to create new users. Added: Updated copyright statement for all product components. https://www.eset.com/int/business/remote-management/remote-administrator/version-5/#download
  12. I see download links to Endpoint Entivirus 6.4.2014.2 https://www.eset.com/int/business/endpoint-security/windows-antivirus/#download But don't see any additiona info - press-release, forum post, Is it possible to use ERA 6.3 with AV 6.4?
  13. I changed Eset web quarantine port to default 443 - and this solved my problem. Now web quarantine works If Eset don't use own web server - then custom ports settings don't needed Thanks!
  14. In IIS - default web site I see only 80 and 443 port bindings Eset don't create any bindings when I enable web qarantine
  15. I use Firefox 47.0.1 and IE10 (part of Windows Server 2012) Firefox show error: Secure Connection Failed
  16. I'm trying to setup web quarantine in Mail Security 6.3.10005.2 Default port 80 and 443 used by IIS, which is required by MS Exchange I'm try to set custom ports for Eset Mail Quarantine: 5080 for http, and 5443 for https But when I use link hxxp://server.domain.local:5080/quarantine/- Eset Mail Quarantine server redirects to 443 port, not custom 5443. I see error 404 from IIS If I use link https://server.domain.local:5443/quarantine/- I see error establish secure connection
  17. Rule already exist and work. Temporarily disable it is only one way to restore some messages from quarantine?
  18. In Eset MailSecrity 6.3.1005.2 I created rule to qarantine messages with *.js attachment (transport protection) But can't resore messages from Mail Quarantine tab: after press Restore button, message drop again to qarantine
  19. I create block rule in Eset Smart Security 6.3.2016.1. I enable logging on this rule, and can see events in local GUI of Smart Security But in ERA Console in Threats tab I can see only "Antivirus" events, and can't see "Firewall" events How to enable sending Firewall events to ERA?
×
×
  • Create New...