Jump to content

offbyone

Members
  • Content Count

    98
  • Joined

  • Last visited

Kudos

  1. Upvote
    offbyone received kudos from Mirek S. in Management protocol + reverse proxy   
    We have successfully implemented haproxy in front of ESMC in a test environment.
    Our first attempt to run in http mode failed, as we found that ESMC agent does not seem to send back valid HTTP responses which comply to http standards.
    But we further found that this is not a problem with what we want to achieve (checking validity of the client cert on the reverse proxy side), as TLS bridging with haproxy also works in TCP mode.
    Following is the relevant part of the haproxy config:
    frontend esmcAgentFE mode tcp option tcplog bind *:2222 ssl crt /etc/haproxy/ssl/crt/esmcServer.pem verify required ca-file /etc/haproxy/ssl/ca/esmcCA.pem default_backend esmcAgentBE backend esmcAgentBE mode tcp default-server ssl default-server ca-file /etc/haproxy/ssl/ca/esmcCA.pem default-server crt /etc/haproxy/ssl/crt/esmcAgent.pem server default esmc.mydomain.com:2222 Cheers
  2. Upvote
    offbyone gave kudos to itman in Firefox + ESET SSL Filter CA   
    Yes, it is conflicting:
    https://support.mozilla.org/en-US/kb/how-disable-enterprise-roots-preference
    Because prior to ver. 68, Enterprise Roots preference by default was not to refer to it.
  3. Upvote
    offbyone gave kudos to Marcos in Firefox + ESET SSL Filter CA   
    Does this file exist? "C:\Program Files\Mozilla Firefox\defaults\pref\eset_security_config_overlay.js"
  4. Upvote
    offbyone received kudos from Mirek S. in Regex for Dynamic Group not working   
    I think so.
    To get sure I did the last change yesterday evening and had a look at the results today. Group was still empty. Then I changed from "regex" to "has prefix" and 10 minutes later I saw the first computer appearing in the group.
  5. Upvote
    offbyone gave kudos to MartinK in Management protocol + reverse proxy   
    As AGENT->ESMC protocol currently used gRPC on application layer (not guaranteed to the future), there are many small projects and proxies that can be used to routing, but in case of security, most reliable solution might be standard TLS termination and forwarding of requests on TCP layer, i.e. without interpreting data and requests itself. This is supported by most of the commonly used proxies ad mentioned previously. It would just require some basic "magic" with certificates. In this configuration, proxy should be just "repacking" TCP traffic from one TLS channel to another, instead of interpreting it + it is possible to configure proxies to be transparent for AGENTs. This kind of configuration is very often used for load balancing.
    Your case would be probably best matched by something like TLS pass-through with additional client certificate checks, but it is probably not supported by common proxies, I think it not possible to validate client certificate before connection to backend service (ESMC in this case) is opened, so it would somehow reduce security benefits.
  6. Upvote
    offbyone gave kudos to MartinK in Management protocol + reverse proxy   
    ESMC Agent are using mutually authenticated TLS (both endpoints do have to present with it's certificate), which is protecting underlying HTTP2 requests, so technically it is HTTP2 over TLS.
  7. Upvote
    offbyone gave kudos to Marcos in uninstall from commandline if password set   
    It's possible to use the PASSWORD="%password%" parameter (https://help.eset.com/era/53/en-US/idh_ra_remoteinst_commandline.html) from the command-line.
  8. Upvote
    offbyone gave kudos to MichalJ in Trigger on static group   
    I have been able to reproduce the behavior. It seems to me as a bug, so I will report it to our QA / DEV teams. that a confusing description is displayed for the group, as indeed it shows "dynamic group" even when "static group" is set as target. 
    It only shows like that when you try to "edit trigger". 
  9. Upvote
    offbyone gave kudos to Marcos in Future changes to ESET Security Management Center / ESET Remote Administrator   
    This is not true. It makes good sense to have both static and dynamic groups and users use both a lot. Unlike static groups dynamic groups are evaluated by agent on clients. For instance, with static groups only, it would not be possible to change the membership and run specific tasks on clients if they were not reporting to ESMC (e.g.  roaming clients) and an unhandled threat would be detected.
  10. Upvote
    offbyone gave kudos to Tim Jones in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Hi Team,
     
    Description: Example REST API usage with Perl / Python
    Detail: An example document on how to use the API with Perl would be helpful you have one using C however I would just like to create a few script based calls to it using Perl for use with Nagios and other systems I have to integrate further with our other tools.
     
    Description: Failure Details inside Web Interface,
    Detail: Most of the time when a task fails it provides hardly any details why I need to follow the rabbit hole to the trace log,
     
    Description: Slackware Linux Support /+ Native x64 support without 32 bit libs
    Detail: I run 100s of Slackware Servers and have gone away from multilib etc, Also activate product from Remote Administrator rather than having to download an offline license for them
     
    Description: Use Latest option for software install
    Detail: Software install of ESET use latest option would be helpful eg tick a box and policy would always use the latest version available of eg Endpoint Antivirus when running the task
     
    Description: From Dashboard take filters and generate a Dynamic Group / Action
    Detail:  I forever have out of date machine on the dashboard and have to copy the filters down and go an create a dynamic group from them to trigger an upgrade can a button be incorporated ( where you have generate CSV /PDF etc ) to say generate dynamic group please
     
    Thanks
    Tim
     
     
  11. Upvote
    offbyone gave kudos to Marcos in Signature and Module Updates   
    Do you have Endpoint v7.3 installed? Next week we're going to release a hotfix v7.3 which will also have some issues with Scheduler fixed so it might be worth to try it then.
  12. Upvote
    offbyone received kudos from Craig Cram in regular update of Endpoint Antivirus 7.3.2032 does not work   
    Anything new on this one.
    I was hit by the same problem.
  13. Upvote
    offbyone gave kudos to Marcos in Signature and Module Updates   
    Automatic updates are ensured via the regular automatic update task in scheduler. You can control how often the task will run. By default it's 60 min. but it's also possible to shorten it to 10 min. if I remember correctly. The "more frequent updates" settings refers to streamed updates that are downloaded every few minutes.
  14. Upvote
    offbyone gave kudos to Marcos in ESMC Auto Upgrade   
    ESMC is a complex mission-critical product and it's important for administrators that it runs reliably all the time. Upgrade should be performed after backing up the database and at the time when administrators can afford to solve possible issues should something go haywire during upgrade. Likewise administrators do not let server systems upgrade automatically and immediately after the OS maker releases updates not addressing critical vulnerabilities.
  15. Upvote
    offbyone gave kudos to Marcos in Disable EPNS   
    You can block communication with EPNS IP addresses listed at https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall. (https://support-backup.eset.com/storage/IMAGES/en/6328_KB332/EPNS.txt)
  16. Upvote
    offbyone received kudos from santoso in Disable EPNS   
    There is a permanent connection held open to a host outside the corporate network from every client for triggering actions on that client. This is something not being tolerated and I really can understand that point of view. This is even more senseless if your clients are on the same network segment as ESMC server. This should be configurable similar to cloud based feature. It seems that customer will choose a different product for this reason.
    Cheers.
×
×
  • Create New...