Jump to content

bbahes

Members
 View Profile  See their activity

  • Posts

    521

  • Joined

  • Last visited

  • Days Won

    5

 Content Type 

Posts posted by bbahes

    Outlook prompts for password every day - Office 365 mail - Eset Endpoint Antivirus version 5

    in ESET Endpoint Products

    Posted

    2 hours ago, Foiler said:

    Our next step would be to temporarily change the Eset antivirus to something else eg AVG free .. but unfortunately the end user is now completely fed up and would prefer to have to enter the O365 password frequently than to make any further changes. This project is hence on hold.

    Just out of curiosity, which protocol you use to communicate with O365 servers?

    DNS requests to ESET servers blocked by PaloAlto

    in ESET PROTECT On-prem (Remote Management)

    Posted

    6 hours ago, itman said:

    FYI - it is no great secret that AV vendors have used DNS tunneling for quite some time:

    https://www.helpnetsecurity.com/2016/09/19/dns-data-transport/

    https://help.zscaler.com/zia/about-dns-tunnel-detection

    It appears to me that the network perimeter security appliance's manufacturers are trying to demonstrate their "new and improved" detection methods at the expense of the AV vendors to counter criticism of their past ineffectiveness against malicious DNS tunnel attacks.

    -EDIT- Also if one wants to look for nefarious tunneling activities, start looking closely at the manufacturer of the OS you are using, Microsoft.  

    Times change, as did ESET Endpoint change over time. For example, v5 did not have anti ransomware module, v6 (guessing) and v7 does.

    As for Microsoft remark, I would welcome any solution from security vendors, like ESET, that would warn about this activity from Microsoft or any other software vendor and possibly block it on user demand.

     

    DNS requests to ESET servers blocked by PaloAlto

    in ESET PROTECT On-prem (Remote Management)

    Posted

    30 minutes ago, MichalJ said:

    Just to update concerning the DNS usage:

    ESET services that are using DNS:

    • Parental / WebControl, for the URL reputation
    • Anti-theft (consumer only) concerning the config change status / updates
    • EDF (licensing) concerning the config change status / updates
    • Antispam (backup communication) for hashes / status
    • AV Cloud (ESET Live Grid) - partial communication.

    It´s described within the following KB article:

    https://support.eset.com/kb332/?locale=en_US&viewlocale=en_US

    Correct me if I'm wrong, but I don't see in KB article, statement that you use DNS for information exchange, only for DNS queries.

    For example, for ESET Live Grid you only say "These IP addresses need to be enabled for HTTP port 80. Also, an access to your local DNS server is required for DNS queries on UDP port 53."
    If port 53 or DNS protocol is used for something other than name resolution, that should be noted in that text.

    I don't see problem in information exchange as long it's transparent and highlighted clearly in documentation. That way we could avoid problems with 3rd party products.

     

    DNS requests to ESET servers blocked by PaloAlto

    in ESET PROTECT On-prem (Remote Management)

    Posted

    2 hours ago, wim said:

    PaloAlto is blocking this because you are using DNS to pass info through the network. I don't see any reason why ESET would use this covert channel to distribute or receive info to/from clients.  We will keep this type of traffic blocked on our network until there is a clear explanation what kind of info is exchanged via DNS and why it is done this way.

    If we have clients on our network that have ESET installed and whose installation will not work anymore, we will send them to ESET support.

    Wim Holemans

    Network/Security Teamleader

    University of Antwerp

    Is this documented?

    Linux File security and how to manage in ERA

    in ESET PROTECT On-prem (Remote Management)

    Posted

    3 minutes ago, MartinK said:

    Please double check all UEAVBE4 dependencies are already installed on the machine. If I recall correctly, i386 version of libc is required (even on x64 system), and also few other libraries, including gtk. Details should be available in product documentation. 

    In case you are preparing deployment on larger amount of similar systems I would recommend to installs manually first to verify everything works.

    This is test environment. I tried to install it manually, but got error:

    image.png.d6e5f5f2ab12208ff3b71e1330d3d81d.png

    Outlook prompts for password every day - Office 365 mail - Eset Endpoint Antivirus version 5

    in ESET Endpoint Products

    Posted

    23 hours ago, Foiler said:

    A business with only two Windows 7 computers on the network both have the same problem ..  Outlook prompts for re-entry of password almost every day.

    Microsoft support are suggesting we have "network problems".  However, this is a very unsophisticated setup, just a simple network and an inexpensive router with default setup.  The mail setup is Office 365. The only "network" filtering possible would be the antivirus perhaps?  Windows Firewall is disabled.

    The antivirus is Eset Endpoint Antivirus version 5. Is it possible there is a setting in that which is blocking port 443 or access to Microsoft Certificates?

    Just wondering if anyone else has had similar problems?

     

    You could check policy settings: Windows desktop v5 > Personal firewall > Settings > SSL > SSL protocol checking

    We had similar situation but it was due UTM settings.

     

    [SOLVED] ESMC logs

    in ESET PROTECT On-prem (Remote Management)

    Posted

    38 minutes ago, Pinni3 said:

    Looks like my problem is solved. Writing this as I want to clear things. Problem was caused by security profiles on UTM. Now everything works nice. Thank You ESET Crew for any help and Your private time You gaved me, I really appreciate it.

    Thanks for sharing info. Out of curiosity, did you investigate UTM logs for this issue or used packet capture tool on server and client?

    Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

    in ESET PROTECT On-prem (Remote Management)

    Posted

    On 9/27/2018 at 8:17 AM, MichalJ said:

    @Campbell IT Concerning your feedback. Issue with "logged in users" is, that there could be more than one user logged in on the machine, so choosing just one, might not be valid. However we are tracking improvement request to have this (adding the information in computer details was the first step). We are working on a redesigned computer table element, that would be more robust from the point of view of displaying the desired information.

    Detection engine (previously VSDB) is not coming back, as it´s just one of many modules in the product, and the information does not really indicate whether the product is updated or not. We are instead working on adding information about "last update attempt" and "last successful update". Out of curiosity, for what purpose you would use the Detection Engine version info for?

    We are also working on "tagging functionality" that would allow specification of tag manually (in the first phase) and later automatically, that would replace the "custom fields" functionality in the old ERA V5.

    We've had situations where ESET had problems with antivirus database (usually many false positives with web filtering) where we had to revert to previous version. However, that was not main focus for us since fix was delivered in few hours, but we had quick overview of what clients had which version in comparison to ESET server or ERA server.

    ESMC all in one installers and Agent

    in ESET Endpoint Products

    Posted

    2 hours ago, Ritesh Sharma said:

    We currently have Eset version 5 ERA (5.3.39.0). I was told to install esmc and install agents and then install client software. I was also told that upgrading of eset 5 is not possible.

     

    I have installed my esmc successfully. According to  documentation it states to create an all in one installer and deploy that in clients

     

    Problem: unable to create all in one installer. I get internal server error. How can I solve this?

     

    I was able to get agent and installer by downloading it from eset website. When I installed using this the agent and installer package I got from internet it had asked for activation so I entered my key. This works but I want all the clients to be updated via my server (esmc). How can I accomplish this?

     

    Can eset client by activated by ESMC? If so how?

     

    We already have eset clients with eset 4,5,6 on the network. Do I need to uninstall these as clients do show up but it doesn’t show that eset is installed when looking from ESMC

     

    We also have servers 2003,2008,2012 on our network. Is there any difference to client deployment to a normal client e.g. windows 10 client as to a server 2012,2003 client. Or is it the same

     

    Is there any possibility of upgrading my current era server to most recent?

     

    If I use Migration  Assistant then what happens to the era console. Does it still work. Do I need to back up? If so  what do I need to backup

     

    Requesting if appropriate links can be given to solve the issues at hand

    In my organization we also use v5 and plan to move to v7. Reading forum and documentation (Migration assistant vs Migration Tool) we plan have virtual appliance of ESMC and move manually one client at the time.

    Basically you have 3 options:

    1. Migration scenario 1 - Migration to ESMC 7.x running on a different computer than ERA 5.x.
    2. Migration scenario 2 - Migration to ESMC 7.x running on the same computer as ERA 5.x.
    3. Migration scenario 3 - Migration to ESMC 7.x where endpoints connect to old ERA 5.x until the ESET Management Agent is deployed by ESMC 7.x.

    https://help.eset.com/esmc_install/70/en-US/migration_from_era5.html?migration_tool.html

     

    Regarding your problem with internal server error, did you use virtual appliance for ESMC deployment or did you use Windows Server?

    As for upgrading your current era server, unfortunately this may be possible for short time. Since the plan is to have it EOL by december this year https://support.eset.com/kb3592/#era

     

    Outlook not synchronising after deploying EES

    in ESET PROTECT On-prem (Remote Management)

    Posted

    9 hours ago, ShaneDT said:

    So is there any way to disable this behaviour upon installing EES?

    Would selecting the following policy make any difference;

    ESET EES Policy / Web and Email / Email Client Protection - Disable checking upon inbox content change

    When deploying EES to new customers, it's not practical to be;

    a) going through everyone's Outlook folders to confirm they don't have thousands of emails in their Inbox, or

    b) explaining to the new customer that Outlook will be unusable for several hours because ESET needs to scan and change attributes that will then need to synchronise with Exchange Online (probably 80% of customers) and there is no way to turn this off, so you'll just have to use webmail while you wait.

    It's not a good first impression for a new product (regardless of the virtue of scanning the Inbox).

    It would be better to be able to schedule a task to scan the entire Outlook data file at a more convenient time after hours.

    This helped us on v5. Please do test this and if possible report back.

×
×
  • Create New...