bbahes
-
Posts
521 -
Joined
-
Last visited
-
Days Won
5
Posts posted by bbahes
-
-
30 minutes ago, Marcos said:
We've already decrypted files for several users
decrypted as protected or decrypted per customer request ?
-
52 minutes ago, Marcos said:
Those rules will never be included with Endpoint since they block legitimate tools and the user must know how to adjust them in case they cause issues.
Would you advise to use them or not given the new engine in 6.6 should recognize known ransomware?
-
Do these solutions still apply for 6.6 products? Are they built-in latest products or do I have to create them manually?
-
On 1/31/2018 at 5:24 PM, Marcos said:
This is not possible since the order of rules determines their priority. There's a Search function (a magnifier glass icon) where you can filter what you want, e.g. enter "Allow" to filter permissive rules. Or enter an application name to filter rules for that particular application, etc. The rule editor is subject to improvement in future versions.
Why not then add column "Order of rule application" when sorting when clicking on header?
-
That is pretty much how I feel about v6 (still waiting to see what's going to happen with v7) and that is why we are still on v5. We will shift to v7 since more and more threats are out there and v5 engine is not being developed anymore.
They had to shift to this new "web, IoT, bla bla bla" thing because everyone else are. And that is fine. I don't want to have more servers on premise to update, restart, backup....
But they are nice. They do ask about your opinion https://forum.eset.com/topic/14271-future-changes-to-eset-remote-administrator/
-
2 hours ago, MichalJ said:
@Pinni3 Similar functionality, to block files by hash will be added in ESET Enterprise Inspector. We have a backlog item, to have a "per hash" blacklist in our products, however as of now, it is not yet implemented. It might happen, that our Endpoints will support it in future (7.1+) versions., as it is not in scope of the 7.0.
Do you have in plan to put ESET Enterprise Inspector on Linux VM?
-
Description: Schedule database backup to network/email
Detail: Most UTM appliances offer feature of scheduling configuration backup to certain email or network path. I have not found this option yet in ERA VA 6.5?Description: Schedule policy apply time
Detail: Give possibility to schedule policy. I want my employees who use notebooks to have one policy while working hours and one policy during lunch or during non working hours.Description: Generate report for configured policy
Detail: My managers sometimes want report on how policy is configure for certain departments, employees.Description: Policy in XML format
Detail: editing policy via XML can be done via custom built tool if you provide schema. I don't have to spend too much time in web interface. Policy can be designed by security consultant in tool and then he can send me XML for me to import to ERA.Description: Application/Process usage report
Detail: Dashboard that would report apps/processes running on users PC and show additional data like network connections, CPU, RAM usage...something like "light" Sysinspector.Description: Apache HTTP Proxy vs Mirror
Detail: Please give some tabular feedback/log in ERA interface what clients have downloaded and when what updates. Searching apache log in virtual machine is time consuming.Description: ESET Authentication server
Detail: I'm using EAS in v5 to authenticate with zone. I've asked before for this feature to be ported to virtual appliance but no response was given. I have need for client firewall to know is it really on my network or somewhere else. Having trusted source that confirms to client firewall "yes you are on corporate network" is big thing for us.
Maybe you have solved this in other way that I'm not aware yet?Description: FQDN rules in firewall
Detail: We are using many CDN content from online services, like O365, Google Drive etc. Basically, we have clients that leave network and we want them to be able to access only certain services when they are off corporate network. Some services provide IP address for firewall, some FQDN. Do you have any plan to implement FQDN rules? -
43 minutes ago, avielc said:
Hi All,
I'm looking for different kinds of answers to this question (I'll be asking it at the end of my explanation).
Here are a few kinds of answers I'd like to hear:
- Anyone who found a solution for the security concern of the matter (aka deployment of a firewall\filtering system for accepting information from external toward the server)
- Any direction to the security level ESET is following by to understand risks or no risks in exposing ports from an internal server to the world to allow agents to connect.
- Any other idea on the matter really.
The Question: Put it simply, I have a few employees who aren't accessing the office network on regular basis, I'd like to make sure their ESET Agents will still report in when possible, and exposing ports to the WAN side of the organization is somewhat a concern, so I'd like some peace of mind on the matter. if anyone can help, that would be really really helpful.Thanks all!
If you meant "server firewall" by "firewall\filtering system for accepting information from external toward the server" I've been waiting for this for a long time from ESET. Maybe someone from ESET will shed a light on this topic...
Opening ports is always security risk. It depends how big your company (or customer) are. You should not rely on single solution. As far as I know ESET v6 philosophy, agents have certificates to communicate to server. It's not security feature but it helps. I think story will be more interesting when they publish v7 in cloud.
We still use v5 and have problems with clients moving outside organization. Until they relese v7 we use VPN to connect to network and then client sends report back to ERA. It's not ideal but this is what we have for the moment. We are pinning hopes to v7 where we hope to move away from dual profiles.
-
On 12/21/2017 at 10:31 PM, Marcos said:
What firewall allows creating rules based on the hostname instead of an IP address?
The only one I remember was Forefront TMG from Microsoft.
Don't you think this is something to consider, given the IPv6 notation format? Also, many things now come from CDN leaving only fqdn as firewall option.
-
On 12/2/2017 at 7:27 PM, Marcos said:
If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks.
Yesterday we had example, where we needed to allow users access to Google Docs and nothing else. Google does have list of FQDN servers we need to allow through firewall, but this is impossible to make use of in ESET firewall.
Are there any consideration regarding this request? Can it be sent via official channel as feature request and track status?
-
-
28 minutes ago, Marcos said:
If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks.
As I sad, with current firewall you are right. You should make it modern inspect application layer. In the end DNS helps us. Who likes to type entire IP addresses, ranges, subnets..
-
52 minutes ago, Marcos said:
It's not possible since information about the hostname is not a part of a frame or packet. A frame contains information about the source and destination MAC addresses and an IP packet contains information about the source and destination IP address.
With current firewall you are right. But this needs to change soon. If not for IPv4 hosts then for IPv6.
We have problems with allowing clients only access to Microsoft O365. Luckily Microsoft provided both FQDN and IPv4/IPv6.
-
I don't know about v6, but in v5 it was not possible to include FQDN in firewall rules and that is painful
-
4 hours ago, Norm@Home said:
So what? That means no one is even going to make an attempt to try and help me figure out why this doesn't seem to be working?
I uninstalled and reinstalled, also I believe that I found at least part of the problem which was a different program which I uninstalled. Netstat -an now shows that port 2221 is listening but not on the IPV4 address of the server; what it shows is "TCP [::]:2221 [::]:0 LISTENING", anyone have an idea why 2221 doesn't seem to be associated with the IP address of the server?
No, they are not interested in v5. It is considered old and will reach End of Life on Dec 2020. It now has Limited Support and will later have only Basic Support.
Have you tried accessing from localhost?
-
2 minutes ago, Marcos said:
Unassigning a policy will not change the respective settings to their previous values on clients. The clients must receive a new policy that will re-enable automatic start of real-time protection.
Also I wonder what is your use case for disabling this setting. Automatic start of real-time protection should be enabled.
Why is this true? I wonder, because I had many problems with clients changing policies. Later settings would mix in strange way.
-
Have you tried this article: https://support.eset.com/kb3504/?locale=en_US and sub article https://support.eset.com/kb3281/ ?
-
We have different situation. We want to block smartphone but still be able to access device storage.
Users use smartphone as a way to access internet on our internal network, avoiding corporate firewall.
-
It has to be Windows Firewall. Try scanning your 2016 server for open ports.
-
-
16 hours ago, JaapHoetmer said:
Having read through the many comments I see a lot of frustration and concerns that mimic our own. We have deployed ERA6 at several of our customers, but have become more and more frustrated by the complicated setup, lack of documentation, and weird user interface logic.
It is customary that version upgrades introduce new features and a new vision, so we accepted a learning curve, but after several months of struggling we've not come any closer to a reliable use of the various installations, and security risks are mounting as a result.
V6 is simply too much for small and medium businesses, where time is limited and more costly than with larger organisations. My clients won't foot the bill for hours of tweaking and trying to get it right.
Therefore we have decided to revert back to v5, and when the time comes that v5 will no longer be supported, we will review the situation and our options, and decide which AV solution to adopt. One of our customers is currently using GData with 100 endpoints, and their management server looks promising. Pushing endpoints is a breeze.
Having just completed our own ERA v5 installation, and pushing the first end point, within the space of one hour, I am very happy to have gone back to the trusted v5 environment, it simply works well.
ERA V6 is at present just too much for what it is supposed to do.
By the way, latest V6.5 version is much much better than previous V6.x releases.
-
7 minutes ago, MichalJ said:
@JaapHoetmer Will you be interested in sharing your experiences with ESET directly? We will be interested to hear the pain-points, as it´s our best interest to resolve them for our customers and partners. However, as you have correctly stated, V5 EOL date is approaching, and it´s not possible for us, to maintain it for the future. If you will be interested in a more direct talk, please send me a PM.
I have already tried contacting you but you have not responded to my request for direct or Skype meeting. However, since we don't use v6 it was not so critical to arrange this meeting. What I would love to hear from you is v7 status, maybe late access to documentation. Has anything been done to improve documentation?
Regards!
-
On 11/2/2017 at 2:53 PM, Marcos said:
With ESET Endpoint Security 6.6, you can set severity for particular rules. Records with warning severity are transferred to ERAS and can be used in reports. You should be cautious about what is sent to ERAS as reporting many records from a lot of machines can have adverse effect on ERAS performance.
Isn't this like in ERA v5 ?
-
On 5/7/2016 at 3:57 PM, Marcos said:On 5/6/2016 at 1:44 PM, bbahes said:
I don't have time to do this now, but I will try. Better question for developers would be, do they plan to make Authentication server for virtual appliance or linux?
There are no such plans but we are considering a better solution that would not require an ESET Authentication server for this.
Any news @Marcos
Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)
in ESET PROTECT On-prem (Remote Management)
Posted
I don't understand this bolded part. Check here https://downloads.mariadb.org/mariadb/10.3.7/