Jump to content

Bill_Pacific

Members
  • Posts

    16
  • Joined

  • Last visited

About Bill_Pacific

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA
  1. Hello All, I am posting this here as I am not able to post in the false positive area. My SEO team contacted me today and had this removed from their systems by ESET Endpoint Antivirus 8.1 with the latest VSDB. I am wanting to exclude this from detection as I believe this is a false positive, I also know that the nature of this software is a bit odd so I can see why it was detected. Need to know if this is a false positive or not. I have 10 SEOs who are not able to do some work due to this. Detection Log below Dir: C:\Users\user.name\AppData\Local\ESET\ESET Security\Quarantine\ 0CA732EA2C31D33CDC96B4E39E814EA7249136F7.NDF "C:\Program Files (x86)\SeoTools for Excel\SeoToolsMaster64_packed.xll" "@NAME=MSIL/TrojanDropper.Agent.FGU@TYPE=Trojan@SUSP=mod" 27.08.2021 792576 bytes Also detecting in WebAccess Hash B34B273B4F3BD8E6EEF03FB51FF69EF978C149AB Name MSIL/TrojanDropper.Agent.FGU Detection Type Trojan Object type file Uniform Resource Identifier (URI) https://releases.seotoolsforexcel.com/SeoTools_v9.7.0.1_20210727.zip Process name C:\Program Files\Google\Chrome\Application\chrome.exe Scan Scanner HTTP filter Detection engine version 23865 (20210827) Current engine version 23865 (20210827)
  2. Hello All, Windows server 2016 upgrade from 8.0 to 8.1 ESET Protect This is more of an alert with a fix. I did the upgrade to ESET Protect yesterday and have spent a bit of time trying to figure out why I was getting a 404 error trying to access the webconsole after the upgrade. I tried running a repair install and that did not work either. After digging around I found this C:\Program Files\Apache Software Foundation\apache-tomcat-9.0.35\webapps\era.new I changed the name of the folder from 'era.new' to 'era' and it all worked. I did a lot of digging on the internet and did not find anything there either so I am hoping this will help other Admins.
  3. After installing office and logging everything in the errors returned. I will start a ticket with local support. Thank you @Marcos for the quick reply.
  4. Ok I did some web surfing and ran a full indepth scan and it is still just the single error now, so as I said the suggestion from Marcos above, it did help.
  5. That seemed to help. I only get one error after reboot now. 12/4/20, 10:00:00 AM Protoscan Proxy Agent Cannot read from socket: Software caused connection abort root I am running an indepth scan as I did yesterday to double check.
  6. I am testing the latest version of ESET for Mac as well as the new BigSur update. Current specs are ESET Security Management Center (Server), Version 7.2 (7.2.1278.0)ESET Security Management Center (Web Console), Version 7.2 (7.2.230.0) ESET Endpoint antivirus for Mac 6.10.460.1 ESET Management Agent 7.2.3261.0 MacOS BigSur 11.0.1 MacBook Pro 2016 I am seeing in the Webconsole that the OS is not supported yet but I wanted to be sure that these errors are not something else. See errors below. The network is working fine on this machine. Also is there any release date for a compatible version of ESET with BigSur?
  7. So just removing the pointer to a "Initial static group" and the install goes through. Thanks again for all of your help. Issue has been resolved. Is this something the developers are looking at? Pointing to a specific static group is helpful for some functions.
  8. Thanks Marcos I was ESET staff about 5 years ago. lol. A few things have changed.
  9. So I found that if leave the default server to connect to as the fqdn it works. If I add an Ip address so systems outside of the network can connect it fails. So for now I have them connecting to the FQDN and a policy will change to the IP address for external connections
  10. Hello Martin and Marcos I have tested on a different system (same OS) and came up with the same errors. Not sure if I am setting something up wrong like the Mac or the script?
  11. Hello Martin Thanks again for your quick responses. I am going through the script and I am not seeing anything. I do see that a majority of the script seems to be encrypted though. I was hoping maybe you take a look at the script and tell me if you see anything. The password does not have any special characters. I am installing by right clicking and "run with" > terminal. I add the password after the download completes. I have been installing the same way for all of my Macs and this is the first time I hit an issue. I am wiping another Mac now and will test on that one once it is done. I am doing this incase there is a problem with the Mac Minor update that recently went through. Was hoping that would give me an answer to that. ESMCAgentInstaller.rar
  12. Hi Martin, Thank you both for your quick responses. I will dig through the script and let you know.
  13. Hello Marcos this is the only place I see base64 if test -n "$eraa_peer_cert_pwd" then echo " <key>PeerCertPassword</key><string>$eraa_peer_cert_pwd</string>" >> "$local_params_file" echo " <key>PeerCertPasswordIsBase64</key><string>yes</string>" >> "$local_params_file" fi I found b64 in a few places as well but not in the section following "eraa_policy_data=".
×
×
  • Create New...