[Outlook 2010 crashes with ESET integration enabled]

26 minutes ago, Peter Randziak said:

Hello guys,

can you please provide me with the Outlook crash dump taken with Procdump and ESET Log collector so I can check it?

Regards, P.R.

I've sent you private message with link to data.

[GoogleUpdate.exe 'Application modification detected' : a false positive?]

Yes I can exclude that app. I wonder why do users even get that dialog?

If it is malicious I'd like to know. This event is not logged in ERA?

I have also checked .exe digital signature and it has two signatures. One with sha256 and one with sha1. Could it be because of this sha1 certificate that EES does not see as "correctly" signed app?

 

@Marcos @MichalJ @Peter Randziak

[GoogleUpdate.exe 'Application modification detected' : a false positive?]

I have to reopen this thread, since I don't want to start new one.

I'm having same issue with Skype for Desktop and Skype for Business applications.
We use ERA v5 ans EES v5.

Basically my users started getting dialog "Application modification detected" even though firewall settings are set to: Allow modification of signed (trusted) applications: Yes
Filtering mode is set to Policy-based mode

I have explicit rule for these applications to allow all communication since they use random port numbers.

I wouldn't want users to see this dialog, yet I'd like to see it logged somewhere in ERA:

[Outlook 2010 crashes with ESET integration enabled]

I've had ESET v5 Outlook plugin crash Outlook 2010, 2013, 2016...however I have noticed it does so only when user has large data files. One of my users has .OST that is 20GB and had two .PST that both had around 50GB. After I closed large PST files Outlook was back to normal. All scanning controls are off in policy. I'm hoping they will solve this with full x64 client in v7.

[ESET Outlook Add-in vs. Local Contact Groups]

2 hours ago, Rhys said:

Not yet, as he also has a lot of local contacts that he uses on a daily basis, so he's not too keen on recreating his Mail profile to give that a try and risk having to recreate all of his other business contacts that aren't on the domain. I'll definitely keep that in mind though for the future if it ever becomes a possibility he's willing to consider.

He can always extract them or share them with someone else inside organization.

[Is possible 'learning mode' + additional rulles]

1 minute ago, Marcos said:

Learning mode is ok if you plan to review generated rules.

It will be ok, when you release v7. But I would love to hear more about that model? Will this finally be some sort of firewall logging?

[Is possible 'learning mode' + additional rulles]

You could try logging in v6 - I. Activate logging of blocked connections: https://support.eset.com/kb3186/?locale=en_US 

I mainly use third party tools to get information which port processes use.

I never use learning mode. This could open many unwanted ports

[Allow Port 8770 via ERA on MacOS]

Are you sure it's 8770 on remote?

https://support.apple.com/en-us/HT202944

 

[ESET Outlook Add-in vs. Local Contact Groups]

Have you tried to create new Mail profile?

[Hips - Basic and Advanced]

I use it still in v5 and I use Rules to try and prevent ransomware. This is link for v6: https://support.eset.com/kb6119/

 

[ERA v5 unable to download updates]

So I was able to get another gateway for ERA and everything works fine. It appears that corporate firewall SonicWall is blocking something.

 

 

[ERA v5 unable to download updates]

Hi!

ERAS and ERAC both 5.3.39.0.

This morning I noticed all clients with database version 16087 and no update since.

On ERAS in Server Options under Update status when I try to execute Update Now I get Failed, UPDATE_VER_IS_EMPTY.

I've tried stopping ERAS service and clearing mirrored files folder but same error.

Any thoughts?

 

[Run .bat or .vbs file from RA]

13 minutes ago, MartinK said:

I would recommend to extend your BAT file with tracing (logging) mechanism so that you can check in what phase it fails.

In case your script works when executed manually, there are few common problems or limitations you should be aware of:

• Run command task executes under AGENT's context, which is by default LOCAL_SYSTEM. This may have impact on file access permissions, which may block access for local users. For example shared resources available for domain users won't be available.
• Commands will be executed without access to desktop environment. Commands with UI requirements may fail due to this.

Can this user context be changed in v6 or v7 ?

Not for agent, but for script execution.

 

[ESET remote admin policy doesn't block external device]

12 minutes ago, Marcos said:

Not all devices can be blocked. Please contact your local Customer care and provide them with:

- ELC logs
- a Procmon log from the time of connecting the phone to a computer

For instructions, see the FAQ section at the right-hand side of this forum. Customer care will properly track the case and relay the logs to developers for analysis.

Are there specific device ID that are not recognized as devices?

[Endpoint 6.5 forced Outlook Re-sync Server database increasing in size]

Why would this cause problems? Do you have many infected emails?

[ESET Cloud Administrator?]

20 hours ago, VladimirVladimir said:

Hi Mike

as this product is not yet publicly available, we are not able to share all the details. First and foremost, ESET Cloud Administrator will be a brand new product (not a successor to ERA6) designed for  Small & Medium business customers, requesting simplistic & straight-forward operation without hassles. Despite the fact that it will be based on similar architecture and concepts known from ERA6. However some functionality was re-worked to support cloud hosting, some was omitted as is not valid for Small & Business Customers, and some added, in order to optimize user experience.

Major difference will be a Quick setup - there will be only few simple steps which needed to be done to make the solution up and running. After creating an ESET business account it will take just a few clicks to create a dedicated cloud console. With the help of live-installers  adding a computer will be a simple and streamlined activity.

All the usual stuff, typical for on-premise software such as initial configuration, setup, suitable hardware, and related maintenance will be taken care of automatically in the background by ESET.

Regarding the functionality, there will be a huge overlap with ERA6 functionality with focus on simplicity of use. 

We will share more details when the product will be publicly announced.

regards

vladimir

 

 

Will you make feature comparison available?

[Not happy with ERA 6]

5 minutes ago, Oliver said:

Hello, bbahes. 
What exactly are you missing in the documentation of v6? 

Out of the box I can think one example...I don't see in documentation where you explain why certificate for agent is required. This topology is never presented in diagram like this one for example: hxxp://help.eset.com/era_install/65/en-US/high_availability_enterprise.htm

[Not happy with ERA 6]

7 minutes ago, Marcos said:

Please elaborate more on what you dislike about ERA v6. We've made many improvements based on users' feedback. Our goal is to tailor ERA to your needs and therefore we seriously consider suggestions and ideas that you provide us with and which are valuable source of inspirations for future versions.

All this confusion and problems regarding v6 (and upcoming v7) would be gone if documentation is complete. Trust me.

[Cloud ERA hosted by ESET]

Hi!

When do you plan to release ERA hosted on your servers? Something similar to Bitdefender GravityZone.

[ESET crashes Outlook 2016]

As I walk to my clients that use Outlook 2016 i often see ESET in disabled COM add-ins.
This plugin crashes a lot. We use EES v5 on Windows 7 x64. We are hoping true x64 release announced for v7 will fix these problems.

 

And here is mine Email filter/client settings in ERA:

[Eset Endpoint Antivirus vs Eset Endpoint Security.]

Endpoint Security brings even more security features than Endpoint Antivirus, one of most important to me is Firewall.

We don't have domain so I'm left with securing workstations firewall configuration with ESET Endpoint Security.

Currently we are still on v5 and waiting for v7.

 

[Server Up-to-date?]

Edit a policy and under Tools -> Proxy server, enable "Use direct connection if proxy is not available".

https://forum.eset.com/topic/12158-eset-endpoint-security-6-policy-lock/?do=findComment&comment=60938

 

[Server Up-to-date?]

As far as I know in v6 server is not the one downloading database. It only has apache configured as proxy cache, so clients go through proxy directly to ESET servers. This is something I still can't digest in v6 but I see it very effective for notebooks when client's leave network. There is offline mirror utility (note "utility" because it's not integrated in ERA) but even in case that you use it you don't have any information in ERA.

[Upgrade ERA 6.4 to 6.5 fail]

20 hours ago, hungtt said:

HI MichaIJ,

Thanks alot.My ERA server has been upgraded finished.( over 1 hour).

What are hardware specifications of your ERA server?

[Unc path can bypass the HIPS rules?]

41 minutes ago, MichalJ said:

I have checked with developers, and the statement for now is, that UNC is not officially supported. We will be tracking improvement for adding it to the future versions of our product.

That is very scary to hear. Future version might be 7?