Jump to content


Former ESET Employees
  • Posts

  • Joined

  • Last visited

About MichaelA

  • Rank

Profile Information

  • Gender
    Not Telling
  • Location

Recent Profile Visitors

503 profile views
  1. Hello, I just wanted to ensure that you hd gone through the configuration of the mail product using the "esets_setup" as it is the initial intigration with your MTA. I also would like to inquire if you have set up the graphical portion, and if so, what settings are set there vs. the cfg file that you have included. Lastly, what was the path that you retrieved the cfg file from? I have found in a few instances that our application uses a cfg file in /opt and in /etc/opt. Please advise so I may troubleshoot further if needed. ~MichaelA
  2. Hello, By default, yes, the installation should install Apachae and utilize the address https://localhost/era/. If this is not the case in your installation, please advise as such in a reply. Also, speaking on IF the installation is NOTusing the https login,it may be due to an existing installation of Apache as most instances of Linux contain some versions of Apache. Again, this is dependant on the distribution used (which I think Ubuntu has an instance pre-installed) A guide that describes the changes needed to make to utilize SSL in case it is already not can be found at this site: hxxp://www.mulesoft.com/tcat/tomcat-ssl MichaelA
  3. Hello, The KB article that describes the process of adding the clients' "Custom Info" to the Client view in your ESET Remote Administrator product can be found using this KB article link: hxxp://kb.eset.com/esetkb/SOLN3438. In the "Reports Template", there is a report that pulls the custom info to report on, however, that field has limited functionality of reporting custom client info. The report can be found in "Report Templates" under the report name "Custom Info Summary. ~MichaelA
  4. Hello, Some things that you will need to validate after the migration are that the era.exe and erahttp.exe have firewall exceptions OR you have set firewall exceptions for ports 2221-2223 as per hxxp://kb.eset.com/esetkb/SOLN2221. Another item to check would be at the client level which is their Remote Administration settings to validate that the task information was pushed and typed correctly. To do such, please open an Endpoint Application > Press F5 > Tools > Remote Administration and verify that the server name and port number are set correctly. Please reply with any information discovered during these two processes. ~MichaelA
  5. Hello, It does not appear to be a virus as other environments and repeated attempts at replication failed to recreate the issue. One thing that may have caused this is if a DNS record was altered and stored in the DNS cache, leaving the link there in that state. To flush your DNS cache, please execute this command found in this Apple Support KB article: hxxp://support.apple.com/en-us/HT202516 . After, you should not see the link with that address. If the issue repeats, please advise.
  6. Hello, Currently with the SHA1 and MD5 hashes of the 2 files that were discovered by Dell Secureworks are not being detected on VirusTotal at all by any AV vendor; however, that is not to say that the Advanced Memory Scanner (Version 6 applications) and Advanced Hieuristic analysis of the items on the Server environment would not be able to detect odd behavior in protected operating system areas. Also, the application makes mention that if 2FA (2 Factor Authentication), like ESET Secure Authentication, is utilized, the Skeleton Key malware would not be able to operate in an effective manner or at all.
  7. Hello Rhodespintus, I would just run an in depth scan with strict cleaning to ensure that your computer is clean. Another option is to run the ESET Online Scanner from Safe Mode with networking as most infections will be inactive (the files are not in transit), making them easier to catch. Also, a "netstat -a | more" will allow you to see all ports that are opened, allowing you to validate any erroneous open ports. As added precaution, I would definitely scan all removable media as some viruses are caused by an infected thumb drive or removable disk. ~MichaelA
  8. Hello, The requirements for the ESET Mail Security for Linux are as follows (as per the manual located at hxxp://download.eset.com/manuals/eset_ems_4_userguide_enu.pdf) The following hardware requirements must be met before the installation process in order to run ESET Mail Security properly: *250MB of hard-disk space *256MB of RAM *glibc 2.3.6 or higher *2.6.x Linux OS kernel versions ESET Mail Security should work on most recent and frequently used open-source Linux distributions if the above criteria are met. The following Linux distributions (x86/x64) are officially supported: *Red Hat Enterprise Linux *SUSE Linux Enterprise *ESET Mail Security will also run on the following operating systems (but only x86, 32-bit): *NetBSD 4 *FreeBSD 6, 7, 8 and 9 *SUN Solaris 10 Some other items that your mail solution must also include are as follows: MTA - Mail Transport Agent A program (e.g., sendmail, postfix, qmail, exim, etc.) that enables the transfer of email messages between local and remote domains. MDA - Mail Delivery Agent A program (e.g., maildrop, procmail, deliver, local.mail, etc.) that enables the delivery of locally addressed email messages into particular mailboxes. MUA - Mail User Agent A program (e.g., Microsoft Outlook, Mozilla Thunderbird, Eudora, etc.) that provides access to and management of email messages, such as reading, composing, printing, etc. MAILBOX A file or file structure on a disk serving as the storage space for email messages. The email server receives data communication using SMTP (Simple Mail Transfer Protocol) communication. The received message is transferred by MTA either to another remote email messaging system or is delivered using local MDA into a particular MAILBOX. In most cases, each local network user owns a MAILBOX located on the server. Note that it is the responsibility of the user’s local MUA to provide the function of downloading and correctly interpreting the message at the user’s computer. When retrieving data from MAILBOX, the MUA typically uses POP3 (Post Office Protocol) or IMAP (Internet Message Access Protocol) to communicate with the MTA. The SMTP protocol is used to send data to the Internet. The ESETS operating principle is based on data communication interception and scanning at the various phases of its transfer. The interception locations are marked in figure 5-1 by symbols S1, S2, S3 and S4. S1 - Bi-directional email message scanning, i.e. content filtering in MTA. S2 - Scanning of inbound email messages, i.e. messages with a target address which is located inside the local domain. S3 - Scanning of outbound email messages, i.e. messages bound to a remote Internet domain. S4 - Scanning of email messages being downloaded from POP3/IMAP server. As long as the Zimbra system contains all of these following requirements, it should integrate and allow antispam protection for your mail clients (Zimbra utilizes sendmail, so that is a plus in this scenario) -Michael A.
  9. Hello _MiCo, I will answer the questions in the order presented: For options that you would like active, the #(comment) will need to be removed. So yes, in your reference to the EAV username, the item will need to be uncommneted. After any changes are made, you will need to reset the esets daemon by performing the following command: /etc/init.d/esets_daemon start. I am including a snippet from the install guide containing basic usage commands: ESETS commands can be launched using the command line – manually (@SBINDIR@/esets_*) or with a batch (".sh") script. ESETS command-line usage: esets_daemon: ESET Security Daemon is the main ESET’S system control and scanning Daemon module. It reads all the ESET’S scanner configuration from the main ESET’S configuration file and provides all the main tasks. Usage: @SBINDIR@/esets_daemon [OPTIONS..] esets_inst: ESET system integrator can be used to display and optionally execute commands that integrate ESET’S with your system. Usage: @SBINDIR@/esets_inst [OPTIONS..] [COMMAND] esets_lic: ESET’S license management utility features management options, which allow you to display information about your licenses, import license files to the license directory or remove expired licenses. Usage: @SBINDIR@/esets_lic [OPTIONS..] [COMMAND] [FILES..] esets_quar: ESET‘S quarantine management utility module allows you to import any file system object into the quarantine storage area. Usage: @SBINDIR@/esets_quar ACTIONS [RULES] [OBJECTS..] esets_scan: ESET Command-line scanner is an on-demand anti-virus scanning module, which provides scanning of the file system objects upon user request using command line interface. Usage: @SBINDIR@/esets_scan [OPTIONS..] FILES.. esets_set: ESETS configuration file SET-up utility allows you to modify the ESET’S configuration file as requested by given command. Usage: @SBINDIR@/esets_set [OPTIONS..] [COMMAND] esets_setup: ESET’S setup utility is an interactive automated install script to help you easily integrate ESET Security with your system. Usage: @SBINDIR@/esets_setup [OPTIONS..] [COMMAND] esets_update: ESET‘S update utility is a system utility for the creation, update and maintenance of the ESET’S modules storage mirrors as well as for update of ESET’S system. Usage: @BINDIR@/esets_update [OPTIONS..] Your last item references the wwwi interface, and the setup appears correct, to where you should be able to access on the local host on port 2299. ~MichaelA
  10. Hello, The commands listed should work, however, you will need to run as "status set disabled" and "status restore" for them to function properly Also, if the Endpoint protection does not have a settings password, you may incur an error that will not let ESET become disabled (security feature) Lastly, I was able to find a user guide for eShell located at hxxp://download.eset.com/manuals/eset_eshell_11_userguide_enu.pdf
  11. Hello, You may be able to utilize SOLN707 located in kb.eset.com. I am curious, however, as the search checked does not represent the IP address (range) that it found. Can you please recreate another new search task to validate that the same IP address will show listed, though on a different network?
  • Create New...