Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by TheESETer

  1. Our first instances of ESET Server Security have begun to roll out. The majority of our machines currently run ESET File Security v7.3.12006.0. We have 5 machines that are now running ESET Server Security v8.0.12003.0. All 5 continuously show, "ESET Security Product has been installed successfully. Restart your computer for all changes to take effect." After a restart, the message clears, then comes back again after a few minutes. I've tried reinstalls and repairs, with no change. These machines are all running Windows Server 2016. Any thoughts?
  2. I'm seeing the same on the 7-Zip installers. 7z1900.exe SHA1: 2F23A6389470DB5D0DD2095D64939657D8D3EA9D 7z1900-x64.exe SHA1: 9FA11A63B43F83980E0B48DC9BA2CB59D545A4E8 Module info: Detection Engine: 23636 (20210716) Rapid Response module: 18607 (20210716) Update module: 1023 (20200701) Antivirus and antispyware scanner module: 1576 (20210616) Advanced heuristics module: 1207.1 (20210421) Archive support module: 1320 (20210629) Cleaner module: 1220.1 (20210702) Anti-Stealth support module: 1174.1 (20210712) Firewall module: 1424.1 (20210630) ESET SysInspector module: 1281.1 (20210407) Translation support module: 1867 (20210625) HIPS support module: 1417.4 (20210624) Internet protection module: 1425 (20210416) Database module: 1113 (20210624) Configuration module (39): 1958.3 (20210525) LiveGrid communication module: 1111 (20210527) Specialized cleaner module: 1014 (20200129) Rootkit detection and cleaning module: 1031.1 (20210401) Network protection module: 1689.1 (20210517) Script scanner module: 1098 (20210601) Connected Home Network module: 1042 (20210608) Cryptographic protocol support module: 1061 (20210510) Deep behavioral inspection support module: 1115 (20210618) Advanced Machine Learning module: 1107 (20210601)
  3. It does support the ? symbol in the URL mask; it represents any one single character. I'm just looking for a way to represent the actual question mark symbol in a URL. It definitely won't be a surefire solution, no matter what. The "download.php?file=123232" example, though, requires the server to be delivering downloads links in that way. The ".exe?test" method, meanwhile, can be applied to any download as an override. So, being able to effectively block the user of querystrings would be great.
  4. Hi, I'm attempting to block the download of executables via ESET. One can find directions here: https://help.eset.com/ees/7/en-US/how_block_file_dwnl.html So, say you want to block .exe files, you setup the URL mask as "*/*.exe". You need that extra "*/" in order to workaround some special domain handling behavior. This blocks any URL that ends in ".exe". The problem I'm running in to is that the file blocking can be bypassed by simply appending a ? to the end of the link, essentially tacking on a dummy querystring. For example, "blah.com/file.exe" would be blocked. "blah.com/file.exe?test" would NOT. One fix is to block "*/*.exe*". That works; it will block both examples above. But... it would also block "blah.com/about.exe.html". Information on the URL mask wildcards can be found here: https://help.eset.com/ees/8/en-US/idh_dialog_epfw_url_address_list.html?idh_dialog_epfw_add_url_addr_mask.html What I need to be able to do is escape the ? symbol, that way I could have two block rules: "*/*.exe" and "*/*.exe?*". The second rule would block any .exe file that is followed by a ?, then any other text. "blah.com/file.exe?test" would be blocked, "blah.com/file.execute.htm" would NOT. Anyone know if this is possible? I already tried using a backslash to escape the ?, like so: "*/*.exe\?*". Didn't work.
  • Create New...