Jump to content

MichaelA

Former ESET Employees
  • Content Count

    12
  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling
  • Location
    USA

Recent Profile Visitors

438 profile views
  1. Hello, I just wanted to ensure that you hd gone through the configuration of the mail product using the "esets_setup" as it is the initial intigration with your MTA. I also would like to inquire if you have set up the graphical portion, and if so, what settings are set there vs. the cfg file that you have included. Lastly, what was the path that you retrieved the cfg file from? I have found in a few instances that our application uses a cfg file in /opt and in /etc/opt. Please advise so I may troubleshoot further if needed. ~MichaelA
  2. Hello, By default, yes, the installation should install Apachae and utilize the address https://localhost/era/. If this is not the case in your installation, please advise as such in a reply. Also, speaking on IF the installation is NOTusing the https login,it may be due to an existing installation of Apache as most instances of Linux contain some versions of Apache. Again, this is dependant on the distribution used (which I think Ubuntu has an instance pre-installed) A guide that describes the changes needed to make to utilize SSL in case it is already not can be f
  3. Hello, The KB article that describes the process of adding the clients' "Custom Info" to the Client view in your ESET Remote Administrator product can be found using this KB article link: hxxp://kb.eset.com/esetkb/SOLN3438. In the "Reports Template", there is a report that pulls the custom info to report on, however, that field has limited functionality of reporting custom client info. The report can be found in "Report Templates" under the report name "Custom Info Summary. ~MichaelA
  4. Hello, Some things that you will need to validate after the migration are that the era.exe and erahttp.exe have firewall exceptions OR you have set firewall exceptions for ports 2221-2223 as per hxxp://kb.eset.com/esetkb/SOLN2221. Another item to check would be at the client level which is their Remote Administration settings to validate that the task information was pushed and typed correctly. To do such, please open an Endpoint Application > Press F5 > Tools > Remote Administration and verify that the server name and port number are set correctly. Please reply wi
  5. Hello, It does not appear to be a virus as other environments and repeated attempts at replication failed to recreate the issue. One thing that may have caused this is if a DNS record was altered and stored in the DNS cache, leaving the link there in that state. To flush your DNS cache, please execute this command found in this Apple Support KB article: hxxp://support.apple.com/en-us/HT202516 . After, you should not see the link with that 0.0.0.2/q=SayyedMohammedHusseinFadlallah address. If the issue repeats, please advise.
  6. Hello, Currently with the SHA1 and MD5 hashes of the 2 files that were discovered by Dell Secureworks are not being detected on VirusTotal at all by any AV vendor; however, that is not to say that the Advanced Memory Scanner (Version 6 applications) and Advanced Hieuristic analysis of the items on the Server environment would not be able to detect odd behavior in protected operating system areas. Also, the application makes mention that if 2FA (2 Factor Authentication), like ESET Secure Authentication, is utilized, the Skeleton Key malware would not be able to operate in an effe
  7. Hello Rhodespintus, I would just run an in depth scan with strict cleaning to ensure that your computer is clean. Another option is to run the ESET Online Scanner from Safe Mode with networking as most infections will be inactive (the files are not in transit), making them easier to catch. Also, a "netstat -a | more" will allow you to see all ports that are opened, allowing you to validate any erroneous open ports. As added precaution, I would definitely scan all removable media as some viruses are caused by an infected thumb drive or removable disk. ~MichaelA
  8. Hello, The requirements for the ESET Mail Security for Linux are as follows (as per the manual located at hxxp://download.eset.com/manuals/eset_ems_4_userguide_enu.pdf) The following hardware requirements must be met before the installation process in order to run ESET Mail Security properly: *250MB of hard-disk space *256MB of RAM *glibc 2.3.6 or higher *2.6.x Linux OS kernel versions ESET Mail Security should work on most recent and frequently used open-source Linux distributions if the above criteria are met. The following Linux distributions (x86/x64) are officially suppor
  9. Hello _MiCo, I will answer the questions in the order presented: For options that you would like active, the #(comment) will need to be removed. So yes, in your reference to the EAV username, the item will need to be uncommneted. After any changes are made, you will need to reset the esets daemon by performing the following command: /etc/init.d/esets_daemon start. I am including a snippet from the install guide containing basic usage commands: ESETS commands can be launched using the command line – manually (@SBINDIR@/esets_*) or with a batch (".sh") script. ESETS command-line
  10. Hello, The commands listed should work, however, you will need to run as "status set disabled" and "status restore" for them to function properly Also, if the Endpoint protection does not have a settings password, you may incur an error that will not let ESET become disabled (security feature) Lastly, I was able to find a user guide for eShell located at hxxp://download.eset.com/manuals/eset_eshell_11_userguide_enu.pdf
  11. Hello, You may be able to utilize SOLN707 located in kb.eset.com. I am curious, however, as the search checked does not represent the IP address (range) that it found. Can you please recreate another new search task to validate that the same IP address will show listed, though on a different network?
×
×
  • Create New...