PuterCare
Members-
Posts
107 -
Joined
-
Last visited
-
PuterCare reacted to a post in a topic: HIPS allow rules, possible to allow a particular script to be ran?
-
I have the HIPS rules enabled, but they are blocking some scripts from running. I have a script that auto-updates some applications: C:\Windows\system32\wscript.exe "C:\ProgramData\Winget-AutoUpdate\Invisible.vbs" "powershell.exe -NoProfile -ExecutionPolicy Bypass -File """C:\ProgramData\Winget-AutoUpdate\user-run.ps1"" When it is ran, it is blocked: 01/12/2023 11:01:36;C:\Windows\explorer.exe;Start new application;C:\Windows\system32\wscript.exe;Blocked;Deny script processes started by explorer; I'd rather not turn this rule off as in most instances, we do not want to let explorer start wscript etc. I have tried adding a rule but they seem to be so broad that I can allow one process to launch another, but I can't seem to be any more specific than that. Is there any way around this other than turning the rule off? Thanks
-
Strange one here, Eset Internet Security 16.2.15.0, Microsoft Edge (latest version) with Adobe PDF integration enabled. Reports from multiple separate customers, all with EIS in common, no such reports from EES customers. PDF opens in Edge and is presented correctly. When the user tries to save the open PDF, the normal save dialogue opens, when they type the filename, random characters are printed instead of what they are actually typing. These random characters are sequential in relation to the keyboard i.e. they could type "testing" and "qwertyu" will be printed, sometimes text will start from a different part of the keyboard. It is as if it is obfuscating what is typed to prevent a keylogger from being able to work. Text I type using my Teamviewer remote connection appears fine, it is only the local keyboard that is affected. Whilst the save box is open, text typed anywhere on the computer is incorrect, as soon as the save box is closed it works ok. I have found it hard to find info on this, I lost the reference but found that years ago similar behaviour was attributed to ESET so I removed ESET and it started working ok. I reinstalled and it continued to work ok. Does anyone know if this could be ESET related and a quicker fix? Thanks
-
Interestingly enough, I just did a clean install of EES 10.1.2058 onto a VM using the standalone downloader on the eset site so I could edit the regkey and export for deployment, and the service is already in quotes - "C:\Program Files\ESET\ESET Security\efwd.exe" I will check what version my endpoints are using and see if this version has fixed it. I had deployed EES to two of these systems this week from ESET Protect using the agent. EDIT: The endpoints are on 10.1.2050, I am pushing an update now.
-
I think I know why the task disappeared, in the endpoint details, task executions section, I deleted the execution not realising this deletes the task from the library rather than just the execution. Last issue remaining is why one endpoint will not deploy but now I can focus all my efforts into fixing that.
-
Thanks, that client was on my public WiFi, I moved it to my private LAN and now the agent has connected so I guess some of my filtering on the public network interfered with the agent connection. Do you know why my software install task disappears? All my existing tasks are present, but I add a new task, it appears but later disappears.
-
I am having some trouble with a couple of new client devices when trying to connect them to an existing OU in Protect. I created a new agent script, using a valid ESET PROTECT certificate, install it on the endpoint but it will not connect. Screenshot below. I have another new endpoint on the same OU that has an agent that connects, but any task to push EES install fails. I tried to manually install EES as admin and that fails too "MSI.1923". Software install log attached. Does anyone have any ideas why this is happening? I rebooted the VM but it did not help. I can ping my hostname externally and see that 2222 is open, existing endpoints all seem to be connecting ok. I just downloaded another agent and installed on a VM and it the agent is connecting ok, all these devices are currently on the same LAN. One other thing I noticed which was strange, I set up a new software install task, but today that task is missing from the Protect server. software-install.log