katycomputersystems
Members-
Posts
100 -
Joined
Everything posted by katycomputersystems
-
Protect server crash
katycomputersystems replied to katycomputersystems's topic in ESET PROTECT On-prem (Remote Management)
I see, so if we revoke, will it hurt anything? Will they be removed from /era/webconsole/#id=CERTIFICATES ? -
Protect server crash
katycomputersystems replied to katycomputersystems's topic in ESET PROTECT On-prem (Remote Management)
-
Protect server crash
katycomputersystems replied to katycomputersystems's topic in ESET PROTECT On-prem (Remote Management)
@Marcos, can the certificate export be done via command line to facilitate an automated batch process? The "different IP address" is confusing me, we use a fqdn to connect to the Protect server, if the IP address changes, but the fqdn stays the same, does that count as an IP address change? -
Protect server crash
katycomputersystems replied to katycomputersystems's topic in ESET PROTECT On-prem (Remote Management)
Thanks - what folders should be backed-up? Is there a knowledgebase article documenting the backup & restore procedures? -
We backup our database daily. If the Protect server crashes is a database restore all that is needed to get our endpoints back on-line. Our old server is a Server 2012 running SQL server 2014, would a restore onto a Server 2022 running SQL 2022 work, or would we need to go back in time?
-
Tuesday afternoon, several of our end-users are reporting issues with Outlook attachment handling when ESET Endpoint Security v 10.0.2045.0 is installed. Outlook locks up when attempting to save, preview or view attachments. We have tested PDF & XLSX attachments, both file types have the same issue. We have tried many things, the only certain resolution is uninstalling ESET Endpoint Security. The affected computers are running these versions of office. Microsoft 365 / Outlook v2301 16.0.16026.20238 Microsoft 365 / Outlook v2303 16.0.16227.20280 Microsoft 365 Apps for business / Outlook v2304 16.0.16327.20214 Some users are on W10 others are on W11 What settings can we change to make this a better situation for our end-users.
-
Chrome is my default browser, if I create a bookmark to https://company.screenconnect.com/Host#Access/All Machines by Company/<computername> and define company.screenconnect.com as a secure site, the protected browser opens to https://company.screenconnect.com is there a way to persuade the protected browser to open the originally specified url?
-
We use EES v9.0.2032.6 to protect our Windows systems. On-premise Protect v9.0.1144.0 manages our policies. We block executable file downloads using URL Address Management: Edit Policy | Settings | Web and Email | Web access Protection | URL Address Management | Address list | Edit | Add to List of blocked addresses: *?.exe From time to time, we add addresses to the allow list, for example: *.lscsoft.com/* Today, an accountant needed access to Glance a remote desktop application. I don't want all users to have this added to their allow list. So I setup a new policy and applied it to my computer for testing. Edit Policy | Settings | Web and Email | Web access Protection | URL Address Management | Address list | Edit | Add to List of allowed addresses: *.glancecdn.net/screenshare/* No joy, I am still blocked. If I add glance to the main policy everything works. How do I have multiple allow lists? One for the general population, then others for those with special needs?
-
When we go to banking sites, our fleet of computers are supposed to be redirected to ESET Secure Browser. This will work for a month or so, then quit working. The last time it quit working, support corrected the problem by toggling the policy settings off, waiting a bit, then toggling back on. Previously, the problem affected all browsers, now it seems to only be Chrome. Anyone have a reliable method of making this behavior reliable? Product versions: ESET Management Agent 9.0.1141.0 ESET Endpoint Security 9.0.2032.2 Detection Engine 24433 (20211210) We are using these policy settings in Protect:
-
When going to https://christyco.com we are getting a "Website Certificate Revoked" notice. SSL Checker says all is well. https://www.sslshopper.com/ssl-checker.html#hostname=https://christyco.com/ Anyone know what's going on?
-
ERR_BAD_SSL_CLIENT_AUTH_CERT
katycomputersystems replied to katycomputersystems's topic in ESET Endpoint Products
Support helped me with this. We added "s3.amazonaws.com" to the list of known certificates to be ignored via Advanced Setup | Web and Email | SSL/TLS | List of Known Certificates We then exported my local workstation's configuration, imported it as a policy in Protect and applied the policy to our client workstations. -
On workstations with Endpoint Protection, I am getting: ERR_BAD_SSL_CLIENT_AUTH_CERT when trying to access these urls: https://white_label.s3.us-east-1.amazonaws.com/UFW/logo-ufw-white.png https://white_label.s3.us-east-1.amazonaws.com/UFW/Favicon-UFW-blue.png?v=2 Without endpoint protection, Chrome tells me the corticates are fine. Any idea what's going on and how to clear the issue?
-
Website Blocked Notifications
katycomputersystems replied to katycomputersystems's topic in ESET Endpoint Products
Thank Marcos, what is the best way to make the email notification a successful feature request? Our block list looks like this: # {"product":"endpoint","version":"8.1.0","path":"plugins.01000200.settings.stProtocolFiltering.stUrlLists.2.strAddresses"} *?.exe *.*.exe *.docm *.xlsm *.pptm *.vbs *.bat *.wsf *.rar *.winzip.com -
I want an email when a client attempts to download an executable. We are using URL Address Management in Web & Email via /era/webconsole/#id=POLICIES to block executable downloads. I have tried configuring notifications via /era/webconsole/#id=NOTIFICATIONS, but haven't stumbled on the correct solution. We block the download, the client sees: Website blocked The web page is on the list of blocked websites specified by the user. Access to it has been blocked. Please help
-
Is using the secure browser for all browsing - shopping / social media / search etc a bad idea? My initial reaction was "Yes, it's a bad idea, you will end up with a polluted sandbox", but now I am not so sure.
-
I like the proxy idea, in particular, if we are able to use CloudFlare to proxy the traffic, we would pick up quite a few benefits. For example CloudFlare will block known bad actors, significantly reduce the likelihood of DoS attacks and allow us to easily restrict access to known networks based on ASN &/or geography. The ASN issue is quite helpful, we see some adversaries come in via local Internet providers, however the vast majority attack from overseas or via data centers such as Azure, DIgital Ocean etc. Is there a step by step recipe for this use case?
-
We self-host ESET Security Management Center, forwarding only port 2222 to the ESMC box, all other activities are restricted to the local LAN. Anyone care to describe how safe we are from the evil-doers of the world? We are considering putting ESMC on a VPN, but would like some assurance that this isn't necessary. Looking at /era/webconsole/#id=DETECTIONS, it is clear evil-doers are trying to penetrate our beloved security system.
-
I never know if the ESET Secure Browser (ESB) will be spawned. For example this morning it was spawned when I went to pnc.com, but not citi.com. Other times citi.com will trigger ESB, but not usbank.com. Still other times usbank.com, but not chase.com. How can we make sure ESB is triggered 100% of the time? It doesn't inspire confidence in the ESET stack. ESET Endpoint Security 8.1.2031.0 managed via ESET Management Agent 7.2.1266.0, Chrome Version 91.0.4472.164 (Official Build) (64-bit), Microsoft Windows [Version 10.0.19043.1110]