Jump to content

karsayor

Members
  • Content Count

    49
  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling
  • Location
    Switzerland

Recent Profile Visitors

676 profile views
  1. That's what we did, it's an IIS server that has to be online on internet (443) but it sometimes detect those attacks which it's not vulnerable to. Its good that ESET blocks those attacks but if the server is not vulnerable to it, I don't need them to appear.
  2. Ok thanks, was looking at wrong place. What's the difference between Notify and Log in the Action section ? I want to remove alerts of CVE-2015-1635 from ESMC because the server is not vulnerable and they are blocked so I don't need them to appear but still have them blocked.
  3. Yes we are 😀 Do you know how / when it can be fixed ? Will you update this topic ?
  4. do you see anything wrong with my proxy conf ? thanks whats ports are used for the services ? Because our appliances can only do HTTP / HTTPS to any address on the internet.
  5. Is there anything we can do to exlude the detection of these ? As soon as I have confirmed the server is not vulnerable to CVE-2015-1635, it should be possible to exlude detection of this event but the "Create Exlclusion" is greyed out for these detections
  6. Yes we use the Apache HTTP Proxy of ESMC appliance and it works fine for the base product and agents. Our proxy.conf is as follows, maybe there is an issue with it ? # # Enable HTTP Cache # CacheEnable disk hxxp:// CacheDirLevels 4 CacheDirLength 2 CacheDefaultExpire 3600 CacheMaxFileSize 200000000 CacheMaxExpire 604800 CacheQuickHandler Off CacheRoot /var/cache/httpd/proxy AllowCONNECT 443 2222 ProxyRequests On ProxyVia On SetEnv proxy-initial-not-pooled 1 ErrorLog "|/usr/sbin/rotatelogs -n 10 /var/log/httpd/error_log 1M" <VirtualHost *:3128> ProxyRequests On </VirtualHost
  7. Ok so endpoints should connect directly to these address ? They cannot use the http proxy on esmc ? that was not clear to me
  8. I successfully activated a Dynamic Threat Defense on a device, activate it through policy, now I get this : ESET Dynamic Threat Defense is not working. Connection to authentication servers failed. I wonder because we have a HTTP Proxy setup for Agents / Products, it seems that EDTD does not use the HTTP Proxy ? Or what could be missing ?
  9. OK indeed you are correct that's about an exception I did not make... Thanks !
  10. Hello I noticed that some servers reports that CVE has been blocked, some others allowed. What does it exactly mean and why does it block on some servers and not on others ? If someone could tell me how this works ? Would be nice. Thanks
×
×
  • Create New...