Jump to content

user209

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by user209

  1. In the ESET PROTECT Sysinspector log viewer, it is impossible to copy text from any of the fields without viewing the source code, or using the "Inspect Element" browser tools to copy and paste the data. Please note this is when used in the ESET PROTECT Sysinspector log viewer. It should be seamless to copy a path, registry key, etc from the log viewer without needing to export and add 30 seconds of more time. To reproduce, open ESET protect, request the sysinspector log from a host, then open up the log viewer in the browser. Try to copy and paste any of the filesystem paths shown.
  2. I commonly find myself having to repeat searches twice in ESET PROTECT, due to whitespaces accidentally copied/pasted from other sources of hostnames/IP addresses. Note that I am on the newest version of ESET Protect. If a search for a computer is performed in ESET protect, if a whitespace is at the beginning or end, it may show No Results for an existing computer, without an immediately clear indication as to why for non-advanced users. Further investigation revealed copy/pasting hostnames commonly brings along unwanted whitespaces. Because valid "computer names" will rarely contain whitespaces at the beginning or end of the string (at least in my environment), it makes sense to automatically delete any trailing or leading whitespaces from strings entered into the search box at the top of ESET PROTECT, specifically for computer names & IP address searches. Implementing this will reduce time spent working and investigating, as searches wont need to be repeated and modified as often. It will also make the product appear to run better.
  3. In the ESET PROTECT Sysinspector log viewer, it is impossible to copy text from any of the fields without viewing the source code, or using the "Inspect Element" browser tools to copy and paste the data. Please note this is when used in the ESET PROTECT Sysinspector log viewer. It should be seamless to copy a path, registry key, etc from the log viewer without needing to export and add 30 seconds of more time. To reproduce, open ESET protect, request the sysinspector log from a host, then open up the log viewer in the browser. Try to copy and paste any of the filesystem paths shown.
  4. I am trying to do some troubleshooting myself to see why my ESET antivirus broke for Linux with a kernel update. However, I can't effectively read the log files due to them being in an unknown format. Does anyone know any tool that will work for reading these .DAT files in /var/log/eset/eea ? Thanks.
  5. What can I use to analyze the log files to be able to read them in a plain text format?
  6. Im running Debian Unstable and had ESET antivirus working seamlessly (using the .deb package meant for Ubuntu). I know it isn't officially supported but I wanted to report the issue anyway to give ESET the chance see what went wrong anyways. I had eea-8.1.3.0 working properly as well as the management agent for ESET Protect. All was well but I got some updates which caused EEA to be uninstalled (changing of linux-headers to a newer version I think). At the time I noticed 8.1.4 had come out, so I went to install it. It installs fine and all the processes start up properly and are running, and the product shows up in ESET, but when I try to activate the product either manually, offline, or via an ESET protect task, it tries to complete and just throws. licensed[4470]: ESET Endpoint Antivirus Error: Activation was not successful: An internal error occurred during the activation process. I ran the log collector and want to submit them, but I don't know to to securely upload them since the .tar.gz appears to have copies of my /var/log/messages and /var/log/syslog. How can I securely upload the logs if ESET is willing to take a look. Or does anyone know a solution to this issue, or which log I can analyze myself to try to find the error. Please note I do have SELinux enabled but this occurs even when SELinux is shut off for the entire duration of the install / activation process. Thanks
  7. We recently ran into an issue where an administrator attempted to do an update of ESET Endpoint Antivirus via the ESET PROTECT console, but in the update task they inadvertently deployed a package for "ESET Endpoint Security". Because we do not have valid licenses for ESET Endpoint Security, this caused a large outage of AV protection, and required remediation. We ended up resolving the issue, but the idea came to mind, why is the administrator even allowed to deploy a software package unless valid licenses are present for that software. This creates an opportunity for disruption in an environment, especially considering the long list of software packages with similar names (which may be cut short to "ESET Endpoint..." in the menu due to column size). I hope ESET can take this improvement request and keep administrators from shooting themselves in the foot. Of course they should double check ahead of time, but history has shown if a mess up is possible by a admin/user/human being, it will occur at some point. This could also help reduce load of support staff.
  8. The problem is that the major smartphone vendors have created their devices to be black boxes. We need new hardware and Free Software (different than open source) on mobile devices, which allow auditing of the device. Amnesty International's write up on this strain of the Pegasus Malware (which exposed the recent activity by NSO group) says that a major problem is it is extremely hard to audit both Android and iOs. If you can't audit the expected vs actual behavior of a device, you have no means to detect malware. Amnesty International released their Mobile Verification Toolkit which can help check for IOCs and other indicators from backups or complete filesystem dumps, which you can check out on github here: https://github.com/mvt-project/mvt We need more projects like this that empower end users to inspect the behavior on their device.
  9. When creating a Dynamic group under ESET protect, there is an option to use IP Subnetwork as a category to group hosts. This is the "Network IP addresses . IP subnetwork" expression field. The issue is it appears to be a proprietary subnet format. CIDR notation doesnt work, and standard IP ranges dont work (192.168.0.0/23 or 192.168.0.0 - 192.168.1.255). After looking at some forum posts which suggest trying wildcards or some other formats, those also fail. Please update the software to use a standard IP subnet format that the rest of the industry uses. There is no reason that this dynamic group expression isn't as intuitive as 1 2 3, its an IP subnet, it should accept 192.168.0.0/23 as an input seamlessly. Is there anyone here who can provide the details on the hidden proprietary IP range format? It would help if the software told you the expected format when you select it, so I don't have to go searching google and posting on forums to find out how to type a subnet.
  10. I receive the following errors when attempting to install the newest version of ESET for linux on a fully updated Debian 10 system: chown: invalid user: ‘eset-eea-logd’ chown: invalid user: ‘eset-eea-scand’ chown: invalid user: ‘eset-eea-updated:eset-eea-daemons’ ESET Endpoint Antivirus Error: Cannot connect to Confd: No such device or address
  11. Is there any way I can securely transfer ESET the zip output of ESET log collector, to avoid leaking information on a public forum?
  12. Yes, as stated in the post, we have ran "scan with cleaning" on multiple occasions and the detection is not removed.
  13. We have had a multitude of detections that are listed as "Unresolved" and shown as "retained". Our understanding is that running a "Scan with cleaning" should delete the files or quarantine them. However, after the scan, the files are still present and repeatedly detected. How can we get ESET to delete all detections, instead of "retaining" over 50% of detections (including trickbot malware embedded doc files)? The organization is using ESET security management center as the interface to control endpoints.
×
×
  • Create New...