Jump to content


  • Posts

  • Joined

  • Last visited

About beefydog

  • Rank

Profile Information

  • Location
  1. Word of warning: An extremely nasty Trojan with the signature of W64/Kryptik is infecting systems and, so far, only 3 programs are detecting it: F-Prot, Trend & Kaspersky. ESET lets it right in (now I have a weekend of fixing to do!!!).
  2. Ran a complete scan on another machine using the Rescue CD, ESET was unable to find the W64/Kryptik trojan (nor its spawns). Very disturbing news. So much for promise of zero-day protection.
  3. All my PCs (4 PCs, 2 servers) spontaneously got infected with the W64/Kryptik Trojan, so I desperately found an online scanner to run the cleanup, and 7 infections were found. After about 9 hours of scanning, the program crashed. I noticed that a few hundred other people had the same problem but with an older version (version 2, I believe) than whatever was available yesterday (18-06-27) from the website. Running Windows 8.1 x64 , updates through today: June 25, 2018. Trojan disabled my AV software (FPROT) and my anti spyware (Spybot S&D), Firewall on. Regardless, I'm scanning from the latest rescue disc, so I can't post a dump file (I was not running anything I can think of to cause this, but 9 hours of wasted time was upsetting - now I get to do it all over again) right now. Judging by the posts here, this a very common problem. This does not bode well for the image of ESET as a whole being that the most expensive Anti-Malware program on the market is unstable, who would trust it for their business (my clients run ESET as per my recommendations, I'm thinking I may have made a mistake)?
  4. The default policy for Endpoint for Windows is "Firewall - Block all traffic except ERA connection" - this is why everything was blocked. I'll be making a new policy and reinstalling Endpoint again after many tests. I did discover the " Also evaluate rules from Windows Firewall " firewall rule. Nice.
  5. Installing the Antivirus got me access back to the machines (whew!). My complaint is that the default policy for the Endpoint is, for some reason, not working properly (it appears to be set to allow RDP connections, ICMP, etc, but none of these rules are applied in the stock policy). I hope future versions correct this bug as it could potentially be an IT disaster (Competitor's products actually adapt current firewall rules from Windows firewall - which would make more sense - at the very least, ASK if you would like to import Windows firewall rules at installation - or have a mechanism to change rules on the fly - it would save hours of pain) for remote administrators! It would be nice to have the ability to CHANGE a policy without having to completely reinstall the software.
  6. To matters worse, remote registry, ICMP and pretty much every single port is being blocked! I'm going to attempt to replace endpoint with just the antivirus and spend another couple of days figuring out ERA better.
  7. Ok. I've found in the ERA, under the Admin tab the ESET endpoint for Windows policy, then, clicked firewall Tab and see several options: Inbound Traffic From the Trusted Zone Outbound Traffic To The Trusted Zone Inbound Internet Traffic Outbound Internet Traffic Unfortunately, all these options are unselectable (greyed out) - so I can't add any ports nor applications. Is there no way to turn these on to be able to edit?
  8. I installed ESET Endpoint Security on a bunch of Windows PCs and, after installation, I noticed to my horror, that all Remote Desktop ports have been blocked (and I'm many miles away, but VPNed into the network) for all machines. I don't see anywhere in any instructions (the ERA guide) how to make changes to the firewall ports via Policies (to allow RDP in). HELP! Is there ANY instructions, anywhere that shows EXACTLY how to create policies of this nature - I've looked and only see really rudimentary stuff - nothing on ports?
  9. I did not realize the web protection required the firewall to be on. I'll have to figure this out. The Trusted Zone config was for the LAN subnet, but the firewall still blocks all ports including necessary Windows domain ports for every day networking. I supposed each and every app needs to be configured?
  10. I figured it out. Right click the selected workstation (or workstations), New Task-->Configuration Task, hit Create button, go to Windows desktop v5 --> Personal firewall --> Settings --> Firewall system integration, then select "Personal firewall completely disabled" (mark it first, then hit the Console button), then click the "next" button on the previous dialog. (and wait). Worked like a charm. I'll probably leave the firewalls off - totally unnecessary w/o our UTM firewall. just need endpoint security (USB drives, CD drives, etc)
  11. I setup the remote administration tools to be able to do push installs on Windows 7 (SP1) workstations, and, as a test, I did just a single push install, first the antivirus product, which was successful (then I rebooted and everything was fine). I then installed the Endpoint Security to the same Windows 7 workstation and now cannot ping, telnet, or anything to the machine. I presume the firewall locks all ports on the machine making it completely inaccessible from the outside. Unfortunately, I have to remotely get in via Remote Desktop (it's 200 miles away) and can't see to find any way to disable the firewall from the ESET Remote Administrator Console. I can see the status of the PC, however, so I know it's talking to the Console. How can I disable the firewall?
  • Create New...