Jump to content

vanroy

Members
  • Posts

    116
  • Joined

About vanroy

  • Rank
    Newbie
    Newbie

Profile Information

  • Gender
    Not Telling
  • Location
    Costa Rica

Recent Profile Visitors

2,105 profile views
  1. Hi, 1.How does inspect generate the hash of an executable? 2. Why in some case the executable have is an unknown hash? best.
  2. ok thanks, This is limitation of EIC should release and improve the Relationship graph
  3. Hello, It is possible to see the URL or IP from site not listed as malicious and the endpoint downloaded malware from this site. ESET Inspect only see the executions. With other XDR this is possible. thank you.
  4. Hi, James thanks for your time.\ Best
  5. @JamesR can you help me please?
  6. Hello, what is bad? <definition> <parentprocess> <operator type="AND"> <operator type="OR"> <condition component="FileItem" property="FileName" condition="is" value="php-cgi.exe" /> <condition component="FileItem" property="FileName" condition="is" value="php.exe" /> </operator> <condition component="FileItem" property="Path" condition="starts" value="c:\php\" /> </operator> </parentprocess> <process> <operator type="AND"> <condition component="Module" property="SignatureType" condition="greaterOrEqual" value="90" /> <operator type="OR"> <condition component="FileItem" property="FileName" condition="is" value="cmd.exe" /> <condition component="FileItem" property="FileName" condition="is" value="conhost.exe" /> </operator> <operator type="OR"> <condition component="FileItem" property="Path" condition="starts" value="%SYSTEM%" /> <condition component="FileItem" property="Path" condition="starts" value="%WINDIR%\syswow64\" /> </operator> <condition component="Module" property="SignerName" condition="is" value="Microsoft Windows" /> </operator> </process> <operations> <operation type="CreateProcess"> <operator type="and"> <condition component="FileItem" property="FullPath" condition="is" value="c:\php\php.exe" /> <condition component="FileItem" property="FullPath" condition="is" value="c:\php\php-cgi.exe" /> </operator> </operation> </operations> </definition>
  7. Hi, Slow loading pages, user's module, This causes the browser example message (see attach) when work assigning a policy to users. Firefox, Chrome same in mode incognito regards.
  8. Hello, Why ECOS load slow on tenant with 100k of users? Datacenter on USA, some else present this issues?
  9. Hello @Lockbits@JamesR Thanks, Some other tips for optimization or make exclusion and rules. it's very appreciated. Best
  10. Hello, How have you resolved this? "Detected by ESET Endpoint Security product" alerts best.
  11. Hello, Have issue w/ ESET Enterprise Inspector to login result "Login failed: UserInfoProvider: ESET Protect Server not available" it was working fine and the user password is correct. after 1 day the issue persist! All services ESET protect and ESET Enterprise Inspector working! ESET protect and ESET Enterprise Inspector Installation is on the same server! On the log EEI see! 2022-03-31 14:29:33 02e0c Info: 2022-03-31 09:49:27 - audit(00000000-0000-0000-0000-000000000000 Login attempt Forbidden [User=Administrator]) 2022-03-31 14:29:33 02e0c Info: 2022-03-31 10:24:04 - audit(00000000-0000-0000-0000-000000000000 Login attempt Forbidden [User=Administrator]) 2022-03-31 14:29:33 02e0c Info: 2022-03-31 10:24:27 - audit(00000000-0000-0000-0000-000000000000 Login attempt Forbidden [User=Administrator]) 2022-03-31 14:29:33 02e0c Info: 2022-03-31 10:25:08 - audit(00000000-0000-0000-0000-000000000000 Login attempt Forbidden [User=Administrator]) 2022-03-31 14:29:33 02e0c Info: 2022-03-31 10:25:36 - audit(00000000-0000-0000-0000-000000000000 Login attempt Forbidden [User=Administrator]) 2022-03-31 14:29:33 02e0c Info: 2022-03-31 14:21:23 - audit(00000000-0000-0000-0000-000000000000 Login attempt Forbidden [User=Administrator]) 2022-03-31 14:29:33 03654 Info: ESET Protect: there was a problem while connecting to ESET Protect Server. User was blocked. Please try again later. 2022-03-31 14:29:33 0352c Info: ESMCMachinesMetadataSyncTask: Failed requesting static groups/machines metadata/alerts. User was blocked. Please try again later. 2022-03-31 14:29:33 03654 Info: ESET Protect: there was a problem while connecting to ESET Protect Server. User was blocked. Please try again later. 2022-03-31 14:29:33 02e0c Error: ESMCAuditExportTask: Error occurred while exporting audit to ESMC. User was blocked. Please try again later. 2022-03-31 14:29:33 00410 Error: ESMC: failure to authenticate during alarm export. User was blocked. Please try again later. 2022-03-31 14:29:33 03654 Error: ERADetectionEventsSyncTask: Failed to export alarms. User was blocked. Please try again later. On the ESET protect trace log see 2022-03-31 19:01:33 Error: ConsoleApiModule [Thread 36bc]: 1383 Error while sending AuthenticateUser request [UserName=Administrator] CUserAccessLimiter::CheckAccess(): User Administrator from ipserver was blocked. 2022-03-31 19:01:40 Error: CServerSecurityModule [Thread b4]: CUserAccessLimiter::CheckAccess(): User Administrator from ipserver was blocked. 2022-03-31 19:01:40 Error: ConsoleApiModule [Thread 36bc]: 1383 Error while sending AuthenticateUser request [UserName=Administrator] CUserAccessLimiter::CheckAccess(): User Administrator from ipserver was blocked. 2022-03-31 19:01:40 Error: CServerSecurityModule [Thread b4]: CUserAccessLimiter::CheckAccess(): User Administrator from ipserver was blocked. 2022-03-31 19:01:40 Error: ConsoleApiModule [Thread 36bc]: 1384 Error while sending AuthenticateUser request [UserName=Administrator] CUserAccessLimiter::CheckAccess(): User Administrator from ipserver was blocked. Any ideas for check?
  12. Hello, @Marcos @tomo100brt@itman Any idea for resolver this issues with winbind service cannot start on EP V9 Appliance. I see the error "could not fetch our sid - did we join winbind" Thanks
×
×
  • Create New...