Jump to content

user209

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by user209

  1. We recently ran into an issue where an administrator attempted to do an update of ESET Endpoint Antivirus via the ESET PROTECT console, but in the update task they inadvertently deployed a package for "ESET Endpoint Security". Because we do not have valid licenses for ESET Endpoint Security, this caused a large outage of AV protection, and required remediation. We ended up resolving the issue, but the idea came to mind, why is the administrator even allowed to deploy a software package unless valid licenses are present for that software. This creates an opportunity for disruption in an environment, especially considering the long list of software packages with similar names (which may be cut short to "ESET Endpoint..." in the menu due to column size). I hope ESET can take this improvement request and keep administrators from shooting themselves in the foot. Of course they should double check ahead of time, but history has shown if a mess up is possible by a admin/user/human being, it will occur at some point. This could also help reduce load of support staff.
  2. The problem is that the major smartphone vendors have created their devices to be black boxes. We need new hardware and Free Software (different than open source) on mobile devices, which allow auditing of the device. Amnesty International's write up on this strain of the Pegasus Malware (which exposed the recent activity by NSO group) says that a major problem is it is extremely hard to audit both Android and iOs. If you can't audit the expected vs actual behavior of a device, you have no means to detect malware. Amnesty International released their Mobile Verification Toolkit which can help check for IOCs and other indicators from backups or complete filesystem dumps, which you can check out on github here: https://github.com/mvt-project/mvt We need more projects like this that empower end users to inspect the behavior on their device.
  3. When creating a Dynamic group under ESET protect, there is an option to use IP Subnetwork as a category to group hosts. This is the "Network IP addresses . IP subnetwork" expression field. The issue is it appears to be a proprietary subnet format. CIDR notation doesnt work, and standard IP ranges dont work (192.168.0.0/23 or 192.168.0.0 - 192.168.1.255). After looking at some forum posts which suggest trying wildcards or some other formats, those also fail. Please update the software to use a standard IP subnet format that the rest of the industry uses. There is no reason that this dynamic group expression isn't as intuitive as 1 2 3, its an IP subnet, it should accept 192.168.0.0/23 as an input seamlessly. Is there anyone here who can provide the details on the hidden proprietary IP range format? It would help if the software told you the expected format when you select it, so I don't have to go searching google and posting on forums to find out how to type a subnet.
  4. I receive the following errors when attempting to install the newest version of ESET for linux on a fully updated Debian 10 system: chown: invalid user: ‘eset-eea-logd’ chown: invalid user: ‘eset-eea-scand’ chown: invalid user: ‘eset-eea-updated:eset-eea-daemons’ ESET Endpoint Antivirus Error: Cannot connect to Confd: No such device or address
  5. Is there any way I can securely transfer ESET the zip output of ESET log collector, to avoid leaking information on a public forum?
  6. Yes, as stated in the post, we have ran "scan with cleaning" on multiple occasions and the detection is not removed.
  7. We have had a multitude of detections that are listed as "Unresolved" and shown as "retained". Our understanding is that running a "Scan with cleaning" should delete the files or quarantine them. However, after the scan, the files are still present and repeatedly detected. How can we get ESET to delete all detections, instead of "retaining" over 50% of detections (including trickbot malware embedded doc files)? The organization is using ESET security management center as the interface to control endpoints.
×
×
  • Create New...