katbert
Members-
Posts
78 -
Joined
-
Last visited
-
Days Won
1
Everything posted by katbert
-
We use Endpoint Security 5.0.2254 and 5.0.2265. How "flushing a file" in v6 works?
-
Today we have analyzed one of the failed computers. It have a problem with some drivers installation. Eset drivers installed by ees_nt32_rus.msi - installed normally. But edevmon.sys - want manually confiramtion to install, like non-WHQL-signed driver. Without manual confirirmation driver not installed correctly, but registres as device filter (UpperFilters in many device classes). If computer rebooted remotely without install confirmation- Windows can't load UpperFilter for system drive, and show BSOD 0x0000007B. Rebuilding of corrupted catroot database (C:\Windows\System32\catroot2) solve driver installation issue, and edevmon driver installed successfully: https://support.microsoft.com/en-us/kb/822798 I think, ESET must more carefully verify driver intergation process it next versions.
-
Thanks, "Configure the verbosity of setupapi.app.log and setupapi.dev.log" is what I need. Now I have detailed log of edevmon integration process. Default Windows event logs don't show any errors.
-
In the production, after apply policy with integration of device control and some device blocking rules, Windows XP SP3 can't boot. Registry rollback restore them. Used Eset Smart Security 5.0.2254 and 5.0.2265 On one of recovered computers, I reinstall ESS, enable checkbox of device control integration, and monitor with "sc query edevmon" driver installation status. I wait some time - but driver wasn't installed. After reboot eset GUI freeze 2-3 minutes, and after that driver was successfully installed. I think, previosly failed computers have a problem with edevmon driver installation. On test virtual machine with clean Windows XP SP3 I collect Process Monitor log and see, what edevmon installed quickly before required reboot. How can I collect edevmon.sys installation logs?
-
Same question about MailSecurity Can ERA Server 6.3 manage MailSecurity for Exchange 6.4.10009.0?
-
Quarantine for viruses in Mail Security
katbert replied to katbert's topic in ESET Products for Windows Servers
Thanks! -
Quarantine for viruses in Mail Security
katbert replied to katbert's topic in ESET Products for Windows Servers
This rule can redirect message with virus to qarantine. But redirect with cleaning it. Is it possible to redirect messages to quarantine without cleaning? -
Quarantine for viruses in Mail Security
katbert replied to katbert's topic in ESET Products for Windows Servers
On this screen - I see message with virus in Mail Quarantine: hxxp://help.eset.com/emsx/6/en-US/idh_quarantine.htm -
Quarantine for viruses in Mail Security
katbert replied to katbert's topic in ESET Products for Windows Servers
Eset save deleted viruses copies to one qurantine (Tools-Quarantine), and filtered by rules messages to second quarantine (Mail quarantine). Is it possible to save messages with viruses to "Mail quarantine"? -
I'm using ESET Mail Security for Exchange 6.3.10005.2 I created rules, which send to quarantine messages with some attachments (*.js, *.bat etc). Is it possible to sent to quarantine messages with viruses too? With default settings recipient of message with virus receive message with modified subject [found threat Eicar test file] and strange attachment ATT00001.txt
-
Is it possible to migrate existing ERA5 Access database to MSSQL? This article say: The database type can be selected during installation of the ESET Remote Administrator Server (ERAS) and cannot be changed after installation hxxp://support.eset.com/kb963/?viewlocale=en_US But ERA Maintenance tool have database transfer option
-
Is this issue fixed? In ERA 5.3.39 changelog I see: Version 5.3.39.0 Fixed: Remote client update task now supports .msi-installers with updated digital signatures and allows seamless client upgrade to version 5.0.2260.x and later. Fixed: With any other than blank password for the administrator account, the User Manager will refuse to create new users. Added: Updated copyright statement for all product components. https://www.eset.com/int/business/remote-management/remote-administrator/version-5/#download
-
I see download links to Endpoint Entivirus 6.4.2014.2 https://www.eset.com/int/business/endpoint-security/windows-antivirus/#download But don't see any additiona info - press-release, forum post, Is it possible to use ERA 6.3 with AV 6.4?
-
Quarantine bug in MailSecurity
katbert replied to katbert's topic in ESET Products for Windows Servers
Great idea! Thanks! -
I'm trying to setup web quarantine in Mail Security 6.3.10005.2 Default port 80 and 443 used by IIS, which is required by MS Exchange I'm try to set custom ports for Eset Mail Quarantine: 5080 for http, and 5443 for https But when I use link hxxp://server.domain.local:5080/quarantine/- Eset Mail Quarantine server redirects to 443 port, not custom 5443. I see error 404 from IIS If I use link https://server.domain.local:5443/quarantine/- I see error establish secure connection
-
Quarantine bug in MailSecurity
katbert replied to katbert's topic in ESET Products for Windows Servers
Rule already exist and work. Temporarily disable it is only one way to restore some messages from quarantine? -
Quarantine bug in MailSecurity
katbert replied to katbert's topic in ESET Products for Windows Servers
Which rule? -
In Eset MailSecrity 6.3.1005.2 I created rule to qarantine messages with *.js attachment (transport protection) But can't resore messages from Mail Quarantine tab: after press Restore button, message drop again to qarantine
-
Firewall events in ERA Console
katbert replied to katbert's topic in ESET PROTECT On-prem (Remote Management)
How about future versions of ERA? -
I create block rule in Eset Smart Security 6.3.2016.1. I enable logging on this rule, and can see events in local GUI of Smart Security But in ERA Console in Threats tab I can see only "Antivirus" events, and can't see "Firewall" events How to enable sending Firewall events to ERA?