bbahes

I wonder, would you consider RHEL as security vendor? If not why not?

Will new application filtering feature announced for future 7.x version of endpoint clients be able to control these situations? We have situations where clients roam outside corporate network and we would want to be able to control things on application level. Thanks!

We did not try to reproduce problem. I will ask user to repeat same process and give you feedback.

What user did in the end is restarted machine. After that alerts went away. We talked to user and he told us that he did not shutdown notebook in Start > Shutdown way but he just closed lid. After he resumed notebook from sleep state this alert started.

Maybe related....but I have one client (Endpoint v7) that has this alert in ESMC:

HI! We got today a event in THREATS: However, I see action as Detected. If we wanted to change action for this types of threats, which specific policy/rule would we need to modify? Thanks!

Description : Add variable for COMPUTER DESCRIPTION Details: We use COMPUTER DESCRIPTION to denote workstation position and/or users and would like to include this field in notification messages.

This is what I see in /var/log/httpd/error_log file: [Mon May 06 09:16:32.930991 2019] [proxy_http:error] [pid 29607] (70007)The timeout specified has expired: [client 192.168.224.8:49679] AH01102: error reading status line from remote server update.eset.com:80 [Mon May 06 09:16:32.931042 2019] [proxy:error] [pid 29607] [client 192.168.224.8:49679] AH00898: Error reading from remote server returned by hxxp://update.eset.com/ep7-dll-rel-lb/mod_049_horusdb_4350/em049_64_l0.dll.nup [Mon May 06 09:29:08.351585 2019] [proxy_http:error] [pid 4953] (70007)The timeout specified has expired: [client 192.168.224.8:50128] AH01102: error reading status line from remote server update.eset.com:80 [Mon May 06 09:29:08.351623 2019] [proxy:error] [pid 4953] [client 192.168.224.8:50128] AH00898: Error reading from remote server returned by hxxp://update.eset.com/ep7-dll-rel-stop1/mod_049_horusdb_4350/em049_64_l0.dll.nup [Tue May 07 09:07:03.708265 2019] [proxy:error] [pid 4185] [client 192.168.224.8:49861] AH00898: DNS lookup failure for: i3.c.eset.com returned by hxxp://i3.c.eset.com:80/ 192.168.224.8 was client that had problem with update on monday. Also I see many (not too many) messages about DNS lookup failure. Is this something I should look on my side, ISP side? cat error_log | grep -o "DNS lookup failure" | wc -l 64

Still...I would be nice to know what really happened. Maybe you could anonymize trace file with https://www.tracewrangler.com/ and share it...

Any comments? https://www.bleepingcomputer.com/news/security/hackers-selling-access-and-source-code-from-antivirus-companies/?fbclid=IwAR3EqbEHNpG3iKSyMA58JsURtKtewSUfqJmRaGwBFaGClDf0Lai5cOdRl64

This was only on one new client. After I logged in as Administrator it downloaded module updates correctly. Proxy policy is same for all clients in company. All others working fine.

I had similar problem minutes ago. Maybe it's similar problem?

I don't know does this matter, but I've logged in as administrator on client PC and started module update manually:

Hi! Deploying EES 7.1 further to new clients. On latest we have problem: Agent is connecting to ESMC:

You are right! Default filter is to filter resolved threats. In this case, JS/AdWare.Agent.AF was resolved on client by connection termination so it did not show up in Threats page. Thanks @MartinK