Jump to content

karsayor

Members
  • Posts

    115
  • Joined

  • Last visited

  • Days Won

    3

karsayor last won the day on July 27 2023

karsayor had the most liked content!

About karsayor

  • Rank
    Newbie
    Newbie

Profile Information

  • Gender
    Not Telling
  • Location
    Switzerland

Recent Profile Visitors

1,498 profile views
  1. Hello I'm trying to setup LDAPS AD Sync task, it doesn't work.. Without LDAPS it works fine. I did setup the appliance with these two articles : https://help.eset.com/protect_deploy_va/11.0/en-US/?configure_ldaps_connection_to_a_domain.html https://help.eset.com/protect_admin/11.0/en-US/?sg_server_tasks_ad.html But, when I try to do a sync task : On the appliance itself, I can do a ldapsearch with ldaps just fine with the same user and server On the Domain Controller I can see that it's trying to do a LDAP Bind but it's failing Anyone already had this ? Made the same setup on appliance for other customers / domains and it works fine..
  2. Hello So I could enable logging of allowed traffic as well. But it only worked on the client, allowed logs were not uploaded to ESET Protect Appliance, I don't know why. The issue is that somehow, the built-in default rules were messed up and the rule "Block incoming NETBIOS requests" was no longer there, replaced by a duplicate of rule 31 ! Left is the built-in rules when creating a new Policy, right was the built-in rules in the policy that caused issues. So I backed up custom rules, disabled the "Rules" setting in the policy, saved, and reconfigured. Then it worked correctly. I don't know what messed up the rules, since you cannot modify them manually.
  3. But how do I do this, sorry I tried to check but unable to find out !
  4. I have an issue with the endpoint firewall that is allowing a connection that should not be allowed. My two Domain Controllers are able to browse computers on port 445 (SMB), all others computers and servers are not able to browse the computers. It must be related to one of the default rule, but I do not know which one since I'm not able to turn on logging of allowed connections, I do not have any idea of what's happening and which rule is allowing this trafic. How can I enable a full logging of the firewall to be able to see which rule is used to allow a connection ? Thanks !
  5. We are trying to achieve a "zero trust" firewall configuration on clients. Even when connect to the domain, nothing except what defined by custom rule should be open. Until recent changes in ESET Policies / Firewall, we used to only remove everything from trusted networks list and set the option "Consider every network as public" so that we were sure that Endpoint were never reachable through SMB, RDP, ... Now with new policies this is much more complicated. The default network connection profiles which cannot be removed nor edited are related to the Windows Firewall which detects the Domain and set the firewall to automatically trust the whole subnet it's connected to. First I think it's not a very good security practice to automatically open ports between endpoints, even though I understand it was made not to impact many customers that used the default trusted network configuration before. But this should be removable, I do not want my computers to trust and allow the whole network by default ! == How should I proceed to change this behaviour ? Add a new Profile with Greater Priority, remove the Trusted Connection option and set Any as activator ? Is this a good way or not recommended ?
  6. I understand this, I was meaning having access to the source (Read) to those lists of blocked IP addresses to add them to our perimetric firewall to be blocked before the get to the server
  7. I agree with you, unfortunately the perimetric defenses we have seem to have some other blacklists than ESET is using. Can we get the list of ESETIPBlacklists somewhere so we can add them to our firewall dynamically ?
  8. Ok thanks, it's sad because almost all our customers have their own ESET Protect Appliance on-prem
  9. I did not create an exclusion to allow this trafic, only for it not to create a log because it fills everything. Block is yes, notify and log is no. I'm not sure I understand, EsetIpBlacklist.A is when blocked before trafic sent, EsetIpBlacklist.B is when blocked after trafic sent ? So I only need to exclude log for EsetIpBlacklist.A and EsetIpBlacklist.B, since there are no other EsetIpBlacklist.C nor the old EsetIpBlacklist ?
  10. ESET employees maybe you can help us about this if already known ?
  11. Hello I had to set some exclusions for IDS to prevent the logs to overfill, I disable the logging of these events : Until a few month I had the Threat Name on EsetIpBlacklist now it seems there is an EsetIpBlacklis.B, EsetIpBlacklis.A, ...? Is there any list of all possible threat EsetIpBlacklist* names ? Can we use a wildcard in threat name to catch them all ? Thank you !
  12. OK. That was not clear to me because : Changelog doesn't contains any info about security concerns being fixed (CVE, ..) Changelog contains info about stability issues which we do not encounter, so to us it's not critical Either way I think there are some missing info in the changelog if it's that important.
  13. It's a Server Security product, version is 10.0.12010.0 and update prepared to 10.0.12012.0
×
×
  • Create New...